generic33.bzcs Résolu/Fermé

Question

depuis ce soir , j'ai un message d'AVG qui me dit que j'ai une menace détectée

Cheval de Troie : generic33.bzcs 

et aussi 

IDP.Program.D1B0A5C0 

voici une image 

[url=https://www.casimages.com/i/130927021229244936.jpg.html][img]http://nsa34.casimages.com/img/2013/09/27/mini_130927021229244936.jpg[/img][/url]

( j"espère que ça fonctionne ) 

j'ai essayer de supprimé avec AdwCleaner v3.005

Mais ca ne fonctionne pas 

Voici le rapport 

# AdwCleaner v3.005 - Report created 26/09/2013 at 19:51:36
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : eauli - EAULI-PC
# Running from : C:\Users\eauli\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\ Internet Explorer v10.0.9200.16686


-\ Mozilla Firefox v23.0.1 (fr)

[ File : C:\Users\eauli\AppData\Roaming\Mozilla\Firefox\Profiles\ap076wk1.default\prefs.js ]

Line Deleted : user_pref("CT2851639.1000234.TWC_TMP_city", "MONTREAL");
Line Deleted : user_pref("CT2851639.1000234.TWC_TMP_country", "CA");
Line Deleted : user_pref("CT2851639.1000234.TWC_locId", "USMO0602");
Line Deleted : user_pref("CT2851639.1000234.TWC_location", "Montreal, MO");
Line Deleted : user_pref("CT2851639.1000234.TWC_region", "OT");
Line Deleted : user_pref("CT2851639.1000234.TWC_temp_dis", "c");
Line Deleted : user_pref("CT2851639.1000234.TWC_wind_dis", "kmh");
Line Deleted : user_pref("CT2851639.1000234.weatherData", "{\"icon\":\"29.png\",\"temperature\":\"0°C\",\"temperatureClear\":\"0°C\",\"highTemperature\":\"0°C\",\"lowTemperature\":\"-4°C\",\"feelsLike\":\"-6°C\",\"c[...]
Line Deleted : user_pref("CT2851639.CBOpenMAMSettings.enc", "MA==");
Line Deleted : user_pref("CT2851639.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2851639.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2851639.FirstTime", "true");
Line Deleted : user_pref("CT2851639.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2851639.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT2851639.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT2851639.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&q=");
Line Deleted : user_pref("CT2851639.UserID", "UN15826666114610466");
Line Deleted : user_pref("CT2851639.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2851639.autoDisableScopes", -1);
Line Deleted : user_pref("CT2851639.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT2851639.cbcountry_001.enc", "Q0E=");
Line Deleted : user_pref("CT2851639.cbfirsttime.enc", "U3VuIE5vdiAyNSAyMDEyIDE0OjM4OjI0IEdNVC0wNTAwIChFc3Qp");
Line Deleted : user_pref("CT2851639.countryCode", "CA");
Line Deleted : user_pref("CT2851639.defaultSearch", "true");
Line Deleted : user_pref("CT2851639.enableAlerts", "always");
Line Deleted : user_pref("CT2851639.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT2851639.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT2851639.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT2851639.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT2851639.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT2851639.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2851639.fixUrls", true);
Line Deleted : user_pref("CT2851639.fullUserID", "UN15826666114610466.UP.20130711220038");
Line Deleted : user_pref("CT2851639.installType", "xpe");
Line Deleted : user_pref("CT2851639.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT2851639.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2851639.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT2851639.isNewTabEnabled", true);
Line Deleted : user_pref("CT2851639.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT2851639.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2851639.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2851639.keyword", true);
Line Deleted : user_pref("CT2851639.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT2851639&octid=CT2851639&SearchSource=15&CUI=UN15826666114610466&SSPV=&Lay=1&UM=UM_ID\"}[...]
Line Deleted : user_pref("CT2851639.lastVersion", "10.20.0.513");
Line Deleted : user_pref("CT2851639.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT2851639.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.bleepingcomputer.com%2Fdownload%2Fadwcleaner%2Fdl%2F125%2F\",\"EB_MAIN_FRAME_TITLE\":\"D[...]
Line Deleted : user_pref("CT2851639.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2851639.openThankYouPage", "true");
Line Deleted : user_pref("CT2851639.openUninstallPage", "false");
Line Deleted : user_pref("CT2851639.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&CUI=UN15826666114610466&UM=UM_ID&q=");
Line Deleted : user_pref("CT2851639.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT2851639.scriptSource.enc", "aHR0cDovLzEyNy4wLjAuMToxMDAwMC9ndWkv");
Line Deleted : user_pref("CT2851639.search.searchAppId", "129351529700743801");
Line Deleted : user_pref("CT2851639.search.searchCount", "0");
Line Deleted : user_pref("CT2851639.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT2851639.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2851639.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT2851639.searchUserMode", "UM_ID");
Line Deleted : user_pref("CT2851639.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2851639.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2851639.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2851639\"}");
Line Deleted : user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentBarFR.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT2851639.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentBar_FR \"}");
Line Deleted : user_pref("CT2851639.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2851639.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT2851639.serviceLayer_services_Configuration_lastUpdate", "1380189418125");
Line Deleted : user_pref("CT2851639.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1353872303147");
Line Deleted : user_pref("CT2851639.serviceLayer_services_appTracking_lastUpdate", "1355113141206");
Line Deleted : user_pref("CT2851639.serviceLayer_services_appsMetadata_lastUpdate", "1353872303071");
Line Deleted : user_pref("CT2851639.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353872303573");
Line Deleted : user_pref("CT2851639.serviceLayer_services_location_lastUpdate", "1373572079501");
Line Deleted : user_pref("CT2851639.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358380218905");
Line Deleted : user_pref("CT2851639.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364204265315");
Line Deleted : user_pref("CT2851639.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359774934154");
Line Deleted : user_pref("CT2851639.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360986770981");
Line Deleted : user_pref("CT2851639.serviceLayer_services_login_10.14.65.43_lastUpdate", "1369305572453");
Line Deleted : user_pref("CT2851639.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369002717133");
Line Deleted : user_pref("CT2851639.serviceLayer_services_login_10.16.2.509_lastUpdate", "1373589624495");
Line Deleted : user_pref("CT2851639.serviceLayer_services_login_10.16.4.519_lastUpdate", "1375033807381");
Line Deleted : user_pref("CT2851639.serviceLayer_services_login_10.16.70.505_lastUpdate", "1379260736915");
Line Deleted : user_pref("CT2851639.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380231487793");
Line Deleted : user_pref("CT2851639.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353872303612");
Line Deleted : user_pref("CT2851639.serviceLayer_services_searchAPI_lastUpdate", "1380189418098");
Line Deleted : user_pref("CT2851639.serviceLayer_services_serviceMap_lastUpdate", "1380189417941");
Line Deleted : user_pref("CT2851639.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353872303502");
Line Deleted : user_pref("CT2851639.serviceLayer_services_toolbarSettings_lastUpdate", "1380238687985");
Line Deleted : user_pref("CT2851639.serviceLayer_services_translation_lastUpdate", "1380189417935");
Line Deleted : user_pref("CT2851639.settingsINI", true);
Line Deleted : user_pref("CT2851639.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT2851639.showToolbarPermission", "false");
Line Deleted : user_pref("CT2851639.smartbar.CTID", "CT2851639");
Line Deleted : user_pref("CT2851639.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2851639.smartbar.homepage", true);
Line Deleted : user_pref("CT2851639.smartbar.isHidden", true);
Line Deleted : user_pref("CT2851639.smartbar.toolbarName", "uTorrentBar_FR ");
Line Deleted : user_pref("CT2851639.startPage", "userChanged");
Line Deleted : user_pref("CT2851639.toolbarBornServerTime", "25-11-2012");
Line Deleted : user_pref("CT2851639.toolbarCurrentServerTime", "27-9-2013");
Line Deleted : user_pref("CT2851639.toolbarLoginClientTime", "Wed Mar 13 2013 19:30:03 GMT-0400");
Line Deleted : user_pref("CT2851639_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1380238212353,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "uTorrentBar_FR Customized Web Search");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2851639");
Line Deleted : user_pref("browser.search.defaultenginename", "uTorrentBar_FR Customized Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "uTorrentBar_FR Customized Web Search");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&CUI=UN15826666114610466&UM=UM_ID&q=");
Line Deleted : user_pref("smartBar.searchInNewTabOwner", "CT2851639");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT2851639");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2851639&SearchSource=13&CUI=SB_CUI");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851639&SearchSource=2&CU[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT2851639");
Line Deleted : user_pref("smartbar.machineId", "YHQDX4NAMUWVLQCOOVHPITESEENEIJPFVWAFR7XSYED9DJSIMVXNFW+TR5FFBQYKPUHYFI6ZD/XRXM6RMLN+AG");
Line Deleted : user_pref("smartbar.originalHomepage", "www.google.ca");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Line Deleted : user_pref("smartbar.originalSearchEngine", false);

-\ Google Chrome v29.0.1547.76

[ File : C:\Users\eauli\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [16869 octets] - [26/09/2013 19:36:48]
AdwCleaner[R1].txt - [11892 octets] - [26/09/2013 19:50:45]
AdwCleaner[S0].txt - [16824 octets] - [26/09/2013 19:37:33]
AdwCleaner[S1].txt - [12046 octets] - [26/09/2013 19:51:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [12107 octets] ##########




Comment je fais pour faire disparaitre ça Maintenant ??? 

Merci d'avance pour vos réponses

g3n-h@ckm@n · Answer

salut execute ceci :

http://www.security-helpzone.com/gen-hackman/pre_scan-2/canned-speech/

Eauli · Answer

j'ai essayer le lien que tu m'as laisser sur Comment ca marche , et lorsque je lance le programme ca dit 291324386 ( ne répond pas )

et il ne se passe plus rien ....

tu as d'autre idées ??

g3n-h@ckm@n · Answer

tu as laissé tourner combien de temps ?

Eauli · Answer

une dizaine de minutes , j'ai du redémarré en tenant le piton enfoncé car plus rien ne répondait

g3n-h@ckm@n · Answer

relance-le en mode sans echec , option scan|kill

Eauli · Answer

J, AVAIS OUBLIER DE FLUSHE AVG ..... DÉSOLÉ

CA FONCTIONNE ..DU  MOINS CA SCAN DEPUIS 15 MINUTES 

MERCI DE TA PATIENCE 

JE TE REVIENS AVEC LES RÉSULTATS ET OÙ D'AUTRE TROUBLES

g3n-h@ckm@n · Answer

parfait on aura pas fini quoi qu'il en soit

Eauli · Answer

Ca prend combien de temps en moyenne le scan kill ?

g3n-h@ckm@n · Answer

ca depend des machines, des infections , c'est assez aléatoire

Eauli · Answer

tout semble fonctionné a la normal 

Merci !!!

g3n-h@ckm@n · Answer

heu....et mon rapport ?

Utilisateur anonyme · Answer

lol :D

Eauli · Answer

c'est quoi ca ?

g3n-h@ckm@n · Answer

ben il etait écrit ca sur mon lien :

Postez Pre_Scan_la_date_et_l'heure.txt qui apparaitra à la racine du disque système ( généralement C:\ )

NE LE POSTEZ PAS SUR LE FORUM !!! (il est trop long)

Hebergez le rapport sur https://www.cjoint.com/ puis donnez le lien obtenu en échange sur le forum où vous vous faites aider

Aide pour cjoint.com : https://www.security-helpzone.com/2013/04/27/cjoint-heberger-un-document/ 
 
--
¤¤¤¤¤¤¤¤¤¤_Pre_Scan_Concept_¤¤¤¤¤¤¤¤¤¤
Attention ne télécharger les programmes uniquement que sur le site de l'éditeur

Eauli · Answer

...

j'ai fais une recherche ds mon Ordi et il n'y a rien qui porte ce nom ?? ?

Eauli · Answer

juste une question comme ca ,

 il y a quoi ds ce rapport 

qui peut te servir vu que mon problème semble être réglé

g3n-h@ckm@n · Answer

rien qui puisse te porte prejudice ne t'inquiete pas

déja pour voir ce que l outil a supprimé afin que je puisse le faire évoluer , puis pour comprendre quelle était ton infection , et de toutes manières ensuite on va faire un diagnostique , parcee que ce n'est pas parce que tu ne vois plus de soucis que ton pc est sain , et comme je suis certain qu'il en est loin.... 
 
¤¤¤¤¤¤¤¤¤¤_Pre_Scan_Concept_¤¤¤¤¤¤¤¤¤¤
Attention ne télécharger les programmes uniquement que sur le site de l'éditeur

Eauli · Answer

j'ai trouvé ... 

et fait ce que tu demande 


j'imagine que c'est ca .... 

( sur ton site )

g3n-h@ckm@n · Answer

ok

https://www.cjoint.com/?3ICsrgX9b9N

relance l'outil , clique sur diag , puis heberge c:\pre_Diag_xx_xx_xx.txt puis donne le lien ici et non la-bàs

Eauli · Answer

heuu......... je n'ai plus l'outil car j'ai un Ami qui m'a conseiller de tout flushé ce qui avait été installé suite a ton Programme 

Pensant que c"était claire 


...............

Eauli · Answer

et il faut que je désactive AVG ?

g3n-h@ckm@n · Answer

pour le diagnostique c'est pas utile

Eauli · Answer

voila 


https://www.cjoint.com/?3ICtufRJmVV

Eauli · Answer

la suite c'est quoi ?

g3n-h@ckm@n · Answer

passe malwarebytes comme indiqué ici : https://www.security-helpzone.com/2013/04/17/malwarebytes-anti-malware-mbam-detecteur-generaliste-de-menaces/

Eauli · Answer

y a cette merde qui est apparue en exécutant malwarebytes


http://nsa34.casimages.com/img/2013/09/29/130929035054180223.jpg

je fais quoi avec ??

g3n-h@ckm@n · Answer

en quarantaine et desactive avg le temps du scan

Eauli · Answer

après ce scan , il va y en Avoir d'autre ? ou se sera terminée ?

g3n-h@ckm@n · Answer

nan tu pourras faire le menage bonne soirée :

http://www.security-helpzone.com/gen-hackman/nettoyage-en-fin-de-desinfection/

Eauli · Answer

Merci de ta Patience !! 

je connais rien en informatique et encore moins dans les merdes sur internet 

tu a été généreux de te personne a m'aider 

Merci 

je vais posté demain le rapport car la ça fait 47 minutes que ça vire et il n'a que 170 000 objets analyser sur 1 500 000 a peu prés

g3n-h@ckm@n · Answer

pas de soucis je lirai ca demain

Eauli · Answer

ca été moins long que je le croyais ...

voici le rapport 

https://www.cjoint.com/?3IDeCpwZ9rg

g3n-h@ckm@n · Answer

ok ben tu pourras finir par le ménage cité au dessus :)

Eauli · Answer

voici pour un autre Rapport de delfix 

https://www.cjoint.com/?3IDnUM7NkEO

Eauli · Answer

question 

Le ccleaner ne fait que supprimé tout ce qui n'est pas convenable ds ce que l'ont Coche ??

ou il supprime  completement ce qui est coché ??

g3n-h@ckm@n · Answer

heu je comprends pas le sens de ta question...:s

Eauli · Answer

oubli ca .. j'ai fais tout ( enfin je crois ) ce que tu m'a demander .. 

j'ai fait le cleaner et l'ordi a redémarré 

j'imagine que c'est tout .... 


Merci Encore de ta patience

g3n-h@ckm@n · Answer

ben oué tu peux mettre en résolu en haut...

Eauli · Answer

Merci encore et au plaisir !!!

g3n-h@ckm@n · Answer

bonne route :)

Generic33.bzcs

40 réponses