Virus "police nationale"

le 6 mars 2012

Bonjour Adras,

Tu prends des médicaments sans savoir ce tu as comme maladie toi ???

Avant de passer à la désinfection une analyse complète s'impose non ???

le 6 mars 2012

ok il n'accepte pas mon fichier

Ce type de fichier : eremdu56ZHPDiag n'est pas autorisé pour le fichier j.eremdu56ZHPDiag

ok il n'accepte pas mon fichier

Ce type de fichier : eremdu56ZHPDiag n'est pas autorisé pour le fichier j.eremdu56ZHPDiag

http://sd-5.archive-host.com/membres/up/71171236452810436/RAPPORTS_ZHP/ZHPDiag_31.Txt

j'ai reussi a en mettre un mais sans mon pseudo il ne marchait pas avec

le 6 mars 2012

Bonjour,

Normal qu'il n’accepte pas ton fichier, en le renommant tu as oublié l'extension eremdu56ZHPDiag.txt

Ton PC est encore bien infecté mais il n'y a pas besoin de passer RogueKiller, par contre avant de passer à la suite j'aimerai bien avoir les rapports de ADWcleaner qui doit se trouver Dans Ordinateur===> C: =====> ADWcleaner.txt

Ainsi que celui de Malwarebites qui se trouve dans MBAM ===> Rapport/Log...

Tes infections:

O42 - Logiciel: Babylon - (.Babylon.) [HKLM] -- Babylon => Infection BT (Toolbar.Babylon)[HKCU\Software\DataMngr_Toolbar] => Infection PUP (PUP.BearShare)O43 - CFD: 08/01/2012 - 13:11:04 - [0,396] ----D- C:\Program Files\Babylon => Infection BT (Toolbar.Babylon)O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Search the web (Babylon)) - http://search.babylon.com => Infection BT (Toolbar.Babylon)[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] => Infection BT (Adware.MyWebSearch)[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] => Infection BT (Spyware.BHO)[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] => Infection BT (Spyware.BHO)[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}] => Infection BT (Toolbar.Babylon)C:\Program Files\Babylon => Infection BT (Toolbar.Babylon)C:\Users\hamid\AppData\Local\Temp\Babylon => Infection BT (Toolbar.Babylon)C:\Users\hamid\AppData\Local\Temp\BabylonToolbar => Infection BT (Toolbar.Babylon)

Tes barres d'outils Mais surtout celle de ASK qui fout la M**** dans ton PC:

R3 - URLSearchHook: UrlSearchHook Class [64Bits] - {00000000-6E41-4FD3-8538-502F5495E5FC} . (.Ask - Ask Toolbar.) (5.14.1.20007) -- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: Avanquest FR Toolbar [64Bits] - {6ec85fcf-87ad-41d7-ae1f-f116f8ad4848} . (.Conduit Ltd. - Conduit Toolbar.) (6.4.0.0) -- C:\Program Files (x86)\Avanquest_FR\prxtbAvan.dll

O2 - BHO: Avanquest FR [64Bits] - {6ec85fcf-87ad-41d7-ae1f-f116f8ad4848} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\Avanquest_FR\prxtbAvan.dll

O2 - BHO: Ask Toolbar BHO [64Bits] - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O8 - Extra context menu item: Rechercher sur le Web - (.not file.) - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html => SweetIM Toolbar

[MD5.2A474C9DBB9FBAC669D86149F7CE5FF3] [APT] [scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe

O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} => Toolbar.Ask

O42 - Logiciel: Ask Toolbar Updater - (.Ask.com.) [HKCU] -- {79A765E1-C399-405B-85AF-466F52E918B0} => Toolbar.Ask

O42 - Logiciel: Avanquest FR Toolbar - (.Avanquest FR.) [HKLM] -- Avanquest_FR Toolbar => Avanquest FR Toolbar

O42 - Logiciel: SweetPacks Toolbar for Internet Explorer 4.4 - (.SweetIM Technologies Ltd..) [HKLM] -- {2F603A45-D956-496B-81B5-50D782424976} => Toolbar.SweetIM

[HKCU\Software\APN] => Toolbar.eBay

[HKCU\Software\AppDataLow\Software\AskToolbar] => Toolbar.Ask

[HKCU\Software\AppDataLow\Software\Avanquest_FR] => Avanquest_FR Toolbar

[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] => Toolbar.Conduit

[HKCU\Software\Ask.com] => Toolbar.Ask

[HKLM\Software\APN] => Toolbar.eBay

[HKLM\Software\AskToolbar] => Toolbar.Ask

[HKLM\Software\Avanquest_FR] => Avanquest_FR Toolbar

O43 - CFD: 05/03/2012 - 22:51:42 - [4,045] ----D- C:\ProgramData\Ask => Toolbar.Ask

O43 - CFD: 06/03/2012 - 12:54:56 - [3,255] ----D- C:\Program Files (x86)\Ask.com => Toolbar.Ask

O43 - CFD: 05/03/2012 - 21:18:50 - [4,795] ----D- C:\Program Files (x86)\Avanquest_FR => Avanquest_FR Toolbar

[MD5.7C6791A8088C60C32CE216B46E4F6B16] [sPRF][19/02/2012] (.Ask.com - AskStub Application.) -- C:\Users\hamid\AppData\Local\Temp\ApnStub.exe [357032]

[HKLM\Software\WOW6432Node\Classes\AppID\GenericAskToolbar.DLL] => Toolbar.Ask

[HKLM\Software\WOW6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] => Toolbar.Ask

[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] => Toolbar.Ask

[HKLM\Software\WOW6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] => Toolbar.Ask

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}] => Avanquest FR Toolbar

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}] => Avanquest FR Toolbar

[HKLM\Software\WOW6432Node\Classes\CLSID\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}] => Avanquest FR Toolbar

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}] => Avanquest FR Toolbar

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] => Toolbar.Ask

[HKLM\Software\WOW6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] => Toolbar.Ask

[HKLM\Software\WOW6432Node\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] => Toolbar.Ask

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] => Toolbar.Ask

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] => Toolbar.Ask

[HKLM\Software\WOW6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] => Toolbar.Ask

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] => Toolbar.Ask

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] => Toolbar.Ask

[HKLM\Software\WOW6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] => Toolbar.Ask

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] => Toolbar.Ask

[HKCU\Software\APN] => Toolbar.eBay

[HKLM\Software\WOW6432Node\APN] => Toolbar.eBay

[HKCU\Software\Ask.com] => Toolbar.Ask

[HKCU\Software\AppDataLow\Software\AskToolbar] => Toolbar.Ask

[HKLM\Software\WOW6432Node\AskToolbar] => Toolbar.Ask

[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] => Toolbar.Conduit

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}] => Toolbar.Ask

[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} => Toolbar.Ask

C:\Users\hamid\AppData\LocalLow\AskToolbar => Toolbar.Ask

C:\Users\hamid\AppData\LocalLow\SweetIM => SweetIM Toolbar

C:\Program Files (x86)\Ask.com => Toolbar.Ask

C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar => Toolbar.Ask

le 6 mars 2012

voila pour adwclaener :

http://sd-5.archive-host.com/membres/up/71171236452810436/RAPPORTS_ZHP/AdwCleanerS1.txt

et voila pour MBAM :

http://sd-5.archive-host.com/membres/up/71171236452810436/RAPPORTS_ZHP/mbam-log-2012-03-06_21-44-42.txt

le 7 mars 2012

Lance ZHPFix depuis le raccourci du bureau (si tu es sous Windows Vista ou Windows 7, lance le par un clic-droit dessus --> exécuter en temps qu'administrateur).

Ou télécharge le sur ton Bureau A cette adresse

• Sélectionne et Clique droit et Copie les lignes suivantes En gras : (Il est très important de sélectionner toutes ces lignes en partant de la 1ère lettre jusqu'à la dernière lettre.)

---------------------------------------------------

O42 - Logiciel: Babylon - (.Babylon.) [HKLM] -- Babylon => Infection BT (Toolbar.Babylon)

[HKCU\Software\DataMngr_Toolbar] => Infection PUP (PUP.BearShare)

O43 - CFD: 08/01/2012 - 13:11:04 - [0,396] ----D- C:\Program Files\Babylon => Infection BT (Toolbar.Babylon)

O69 - SBI: SearchScopes [HKCU] {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} [DefaultScope] - (Search the web (Babylon)) - http://search.babylon.com => Infection BT (Toolbar.Babylon)

[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ecdf796-c2dc-4d79-a620-cce0c0a66cc9}] => Infection BT (Adware.MyWebSearch)

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] => Infection BT (Spyware.BHO)

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4}] => Infection BT (Spyware.BHO)

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49dd-99D7-DC866BE87DBC}] => Infection BT (Toolbar.Babylon)

C:\Program Files\Babylon => Infection BT (Toolbar.Babylon)

C:\Users\hamid\AppData\Local\Temp\Babylon => Infection BT (Toolbar.Babylon)

C:\Users\hamid\AppData\Local\Temp\BabylonToolbar => Infection BT (Toolbar.Babylon)

O4 - HKLM\..\Wow6432Node\Run: [Wireless Console 3] . (.Pas de propriétaire - Wireless Console 3.) -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

O87 - FAEL: "{6F8DF9C8-52D0-4F83-B122-4744E516932F}" | In - Public - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe

O87 - FAEL: "{F00B7826-A91C-4759-8A40-5494AD368020}" | In - Public - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files\Bonjour\mDNSResponder.exe

O87 - FAEL: "{A03F5748-B6C2-4318-B02C-379A316571AF}" | In - Public - P6 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O87 - FAEL: "{E2093EC3-793E-40F3-A256-B3F955E260F1}" | In - Public - P17 - TRUE | .(.Apple Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O4 - HKLM\..\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd (.not file.) => Fichier absent

O4 - HKLM\..\Wow6432Node\Run: [sweetpacks Communicator] C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) => Fichier absent

O4 - Global Startup: C:\Users\hamid\Desktop\Age of Empires 3 The WarChiefs.lnk - Clé orpheline => Orphean Key not necessary

O4 - Global Startup: C:\Users\hamid\Desktop\Age of Empires III The Asian Dynasties.lnk - Clé orpheline => Orphean Key not necessary

O4 - Global Startup: C:\Users\hamid\Desktop\Age of Empires III.lnk - Clé orpheline => Orphean Key not necessary

O4 - Global Startup: C:\Users\hamid\Desktop\Aller sur MSN.fr.lnk - Clé orpheline => Orphean Key not necessary

O4 - Global Startup: C:\Users\hamid\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.fr.lnk . (.PokerStars.) -- C:\Program Files (x86)\PokerStars.FR\PokerStarsUpdate.exe

O42 - Logiciel: BarrierePoker.fr - (.SOCIETE DE PRESTATIONS INTERNET SAS.) [HKLM] -- fr.barrierepoker.air.D043989C8F5E91300BF71855036B28F854BB8613.1 => Online Game Casino

O42 - Logiciel: BarrierePoker.fr - (.SOCIETE DE PRESTATIONS INTERNET SAS.) [HKLM] -- {3EA7D180-E1FF-E23C-470E-A6DE3D63FD71} => Poker Game

O42 - Logiciel: Complitly - (.Complitly.) [HKLM] -- {4FFBB818-B13C-11E0-931D-B2664824019B}_is1

O42 - Logiciel: PokerStars.fr - (.PokerStars.fr.) [HKLM] -- PokerStars.fr => PartyGaming PokerStars

O43 - CFD: 09/05/2011 - 13:34:46 - [0,001] ----D- C:\ProgramData\Partner => Game

O43 - CFD: 18/01/2012 - 14:54:52 - [0,921] ----D- C:\Users\hamid\AppData\Local\PokerStars.FR => PartyGaming PokerStars

O43 - CFD: 15/02/2012 - 10:15:40 - [0] ----D- C:\Users\hamid\AppData\Local\{03F4653F-0BDB-49D0-A5B3-D04D3F8A4481} => Empty Folder not necessary

O43 - CFD: 21/02/2012 - 22:34:50 - [0] ----D- C:\Users\hamid\AppData\Local\{05286857-BC12-4E4F-8120-13DE889ED16F} => Empty Folder not necessary

O43 - CFD: 13/02/2012 - 11:24:02 - [0] ----D- C:\Users\hamid\AppData\Local\{0BED285E-C592-40AC-B45F-E6718DA77371} => Empty Folder not necessary

O43 - CFD: 22/02/2012 - 10:51:58 - [0] ----D- C:\Users\hamid\AppData\Local\{127D99AC-9501-47DB-8BB5-1D3201B34F3E} => Empty Folder not necessary

O43 - CFD: 15/02/2012 - 13:06:20 - [0] ----D- C:\Users\hamid\AppData\Local\{136F4767-8179-4A8C-862F-81CB3FEA42F9} => Empty Folder not necessary

O43 - CFD: 14/02/2012 - 10:58:26 - [0] ----D- C:\Users\hamid\AppData\Local\{138D220E-1B5F-4746-9910-4E8DC9784858} => Empty Folder not necessary

O43 - CFD: 19/01/2012 - 18:36:38 - [0] ----D- C:\Users\hamid\AppData\Local\{14AFFB92-E3BB-4685-AE24-F2C50A419688} => Empty Folder not necessary

O43 - CFD: 23/02/2012 - 17:37:00 - [0] ----D- C:\Users\hamid\AppData\Local\{16900CAE-B01B-4970-B149-36134A3D0409} => Empty Folder not necessary

O43 - CFD: 27/02/2012 - 06:58:10 - [0] ----D- C:\Users\hamid\AppData\Local\{19CD4ABE-FAEB-4E54-8E2A-1B36301E80B8} => Empty Folder not necessary

O43 - CFD: 03/02/2012 - 18:32:28 - [0] ----D- C:\Users\hamid\AppData\Local\{1B60FC75-8320-4906-A579-75AA256AD594} => Empty Folder not necessary

O43 - CFD: 28/01/2012 - 09:34:32 - [0] ----D- C:\Users\hamid\AppData\Local\{1D09DCAC-AC26-4D15-BDA5-1AA651FBACA9} => Empty Folder not necessary

O43 - CFD: 22/01/2012 - 20:22:42 - [0] ----D- C:\Users\hamid\AppData\Local\{1D3D47A3-5CF8-4E9C-9D38-C06456C621CC} => Empty Folder not necessary

O43 - CFD: 24/02/2012 - 14:39:24 - [0] ----D- C:\Users\hamid\AppData\Local\{215CB3F5-C720-4A1D-981E-BD8DFBF57991} => Empty Folder not necessary

O43 - CFD: 17/02/2012 - 09:43:10 - [0] ----D- C:\Users\hamid\AppData\Local\{27DBFDE1-C64A-4914-A8E3-7B1EB2102DC4} => Empty Folder not necessary

O43 - CFD: 05/03/2012 - 12:53:42 - [0] ----D- C:\Users\hamid\AppData\Local\{289D7DAE-8497-4C94-BDAB-4276AF2F33C3} => Empty Folder not necessary

O43 - CFD: 14/02/2012 - 14:03:02 - [0] ----D- C:\Users\hamid\AppData\Local\{29D67237-02DE-4193-8CBB-AAE14C822CBA} => Empty Folder not necessary

O43 - CFD: 22/01/2012 - 10:35:58 - [0] ----D- C:\Users\hamid\AppData\Local\{2D48AE7E-D94C-4250-84B7-05A36C820317} => Empty Folder not necessary

O43 - CFD: 08/02/2012 - 19:17:22 - [0] ----D- C:\Users\hamid\AppData\Local\{3022341E-4A9C-4562-BC54-75046974B467} => Empty Folder not necessary

O43 - CFD: 23/01/2012 - 19:17:38 - [0] ----D- C:\Users\hamid\AppData\Local\{304DB085-5EBF-497F-A7E1-403BEEA84DFB} => Empty Folder not necessary

O43 - CFD: 03/03/2012 - 19:07:40 - [0] ----D- C:\Users\hamid\AppData\Local\{35238BD7-DD30-4F19-BBA9-CAA8E089B971} => Empty Folder not necessary

O43 - CFD: 02/02/2012 - 17:54:10 - [0] ----D- C:\Users\hamid\AppData\Local\{3C93D5C8-7D48-4482-9479-1F8AA10DB2F9} => Empty Folder not necessary

O43 - CFD: 24/02/2012 - 09:40:30 - [0] ----D- C:\Users\hamid\AppData\Local\{3DF468E7-BEB8-45EF-B048-942E13CB3195} => Empty Folder not necessary

O43 - CFD: 11/02/2012 - 21:16:10 - [0] ----D- C:\Users\hamid\AppData\Local\{3E9BDAD7-7552-4492-ADCD-C8692FFD87CD} => Empty Folder not necessary

O43 - CFD: 18/02/2012 - 11:44:28 - [0] ----D- C:\Users\hamid\AppData\Local\{3FDCC17A-ECFD-41A0-9349-C28F49537E73} => Empty Folder not necessary

O43 - CFD: 17/02/2012 - 23:19:10 - [0] ----D- C:\Users\hamid\AppData\Local\{416AB2CE-A394-413F-887B-C0CB19A3BE5A} => Empty Folder not necessary

O43 - CFD: 20/01/2012 - 21:38:10 - [0] ----D- C:\Users\hamid\AppData\Local\{419723BB-A0AA-48AD-986A-C2AD0A9920A5} => Empty Folder not necessary

O43 - CFD: 05/02/2012 - 20:29:52 - [0] ----D- C:\Users\hamid\AppData\Local\{43864A02-99F5-4419-A265-B0A5609AB309} => Empty Folder not necessary

O43 - CFD: 04/02/2012 - 09:29:38 - [0] ----D- C:\Users\hamid\AppData\Local\{472D5006-3066-457D-B0F9-299B18D1A12C} => Empty Folder not necessary

O43 - CFD: 20/02/2012 - 18:29:54 - [0] ----D- C:\Users\hamid\AppData\Local\{49E356B0-9AB4-4979-A62E-16BBFFC382F2} => Empty Folder not necessary

O43 - CFD: 03/03/2012 - 19:03:02 - [0] ----D- C:\Users\hamid\AppData\Local\{4B292216-1D5E-4815-A1BD-A8A095D43606} => Empty Folder not necessary

O43 - CFD: 03/03/2012 - 22:52:12 - [0] ----D- C:\Users\hamid\AppData\Local\{4B667355-3A02-4EAA-8EAB-CD5FD04A633D} => Empty Folder not necessary

O43 - CFD: 30/01/2012 - 18:47:46 - [0] ----D- C:\Users\hamid\AppData\Local\{4EB48CB9-CAAA-4FC9-8B6D-B3AD4AB1D29B} => Empty Folder not necessary

O43 - CFD: 23/02/2012 - 23:03:00 - [0] ----D- C:\Users\hamid\AppData\Local\{53B14F2D-D25B-4FE0-9827-4DD7EC68C4AC} => Empty Folder not necessary

O43 - CFD: 17/02/2012 - 00:32:28 - [0] ----D- C:\Users\hamid\AppData\Local\{59058C33-547C-4726-88A4-FE12E7652445} => Empty Folder not necessary

O43 - CFD: 08/02/2012 - 13:00:52 - [0] ----D- C:\Users\hamid\AppData\Local\{5B74C3CE-C768-4D1A-9B94-45146C397CCC} => Empty Folder not necessary

O43 - CFD: 26/01/2012 - 18:42:50 - [0] ----D- C:\Users\hamid\AppData\Local\{5E489AA0-E4FF-4BD5-BC95-41B1BCD2B2A2} => Empty Folder not necessary

O43 - CFD: 04/03/2012 - 12:36:16 - [0] ----D- C:\Users\hamid\AppData\Local\{5F3A969B-6C31-4725-B571-D4716BC90C0D} => Empty Folder not necessary

O43 - CFD: 19/02/2012 - 20:57:38 - [0] ----D- C:\Users\hamid\AppData\Local\{60218FB3-95AA-477D-A8A8-5E4BC79A4E19} => Empty Folder not necessary

O43 - CFD: 26/02/2012 - 11:12:56 - [0] ----D- C:\Users\hamid\AppData\Local\{610827B3-305D-4C17-B5F4-A57828A70BFC} => Empty Folder not necessary

O43 - CFD: 03/03/2012 - 11:29:00 - [0] ----D- C:\Users\hamid\AppData\Local\{622AD3B1-EC27-4F40-9AEB-18259CE40C31} => Empty Folder not necessary

O43 - CFD: 16/02/2012 - 17:58:22 - [0] ----D- C:\Users\hamid\AppData\Local\{62D586F3-5AFD-44B2-B333-A01E70F247EF} => Empty Folder not necessary

O43 - CFD: 25/01/2012 - 17:39:30 - [0] ----D- C:\Users\hamid\AppData\Local\{672FF5AF-3D43-46A9-BB27-4C28460880B8} => Empty Folder not necessary

O43 - CFD: 17/02/2012 - 21:01:16 - [0] ----D- C:\Users\hamid\AppData\Local\{68E20F9F-2283-45C5-B3D6-4F0FC8EF74C1} => Empty Folder not necessary

O43 - CFD: 06/02/2012 - 19:00:12 - [0] ----D- C:\Users\hamid\AppData\Local\{6BFAD7AE-B88F-4C6F-BA66-4A141FD7C9EC} => Empty Folder not necessary

O43 - CFD: 08/02/2012 - 13:46:52 - [0] ----D- C:\Users\hamid\AppData\Local\{6CFC482A-DD7F-452F-B1A9-5BB5AB801E4E} => Empty Folder not necessary

O43 - CFD: 27/01/2012 - 18:10:54 - [0] ----D- C:\Users\hamid\AppData\Local\{71C9084B-0ED0-4246-A6BF-162588C29653} => Empty Folder not necessary

O43 - CFD: 14/02/2012 - 19:50:34 - [0] ----D- C:\Users\hamid\AppData\Local\{73567930-85EE-4EB7-A216-F3618CDE2389} => Empty Folder not necessary

O43 - CFD: 04/03/2012 - 23:30:26 - [0] ----D- C:\Users\hamid\AppData\Local\{79F4D841-9429-4AB5-B9BA-D8FA1EADDCB0} => Empty Folder not necessary

O43 - CFD: 18/02/2012 - 21:20:16 - [0] ----D- C:\Users\hamid\AppData\Local\{81AD4363-E1B8-42B5-9D3B-2B09ACA328CB} => Empty Folder not necessary

O43 - CFD: 25/01/2012 - 20:18:12 - [0] ----D- C:\Users\hamid\AppData\Local\{86B1653F-3839-4AA1-866B-E25B1D28B986} => Empty Folder not necessary

O43 - CFD: 19/02/2012 - 10:46:16 - [0] ----D- C:\Users\hamid\AppData\Local\{8A2879C3-A33C-4929-926E-FFD7CFCDB1E7} => Empty Folder not necessary

O43 - CFD: 28/01/2012 - 21:39:34 - [0] ----D- C:\Users\hamid\AppData\Local\{8B317D20-4134-439E-9DFD-50CE672B1833} => Empty Folder not necessary

O43 - CFD: 16/02/2012 - 13:13:20 - [0] ----D- C:\Users\hamid\AppData\Local\{9667D1C7-2127-4EC7-A00C-0B3B6C65EDD5} => Empty Folder not necessary

O43 - CFD: 05/02/2012 - 10:52:32 - [0] ----D- C:\Users\hamid\AppData\Local\{A4434930-5AE0-4249-B64B-EC20191157DF} => Empty Folder not necessary

O43 - CFD: 01/03/2012 - 21:49:56 - [0] ----D- C:\Users\hamid\AppData\Local\{AA097EFD-7C2B-4EAA-9958-C47835D3181C} => Empty Folder not necessary

O43 - CFD: 05/03/2012 - 18:10:00 - [0] ----D- C:\Users\hamid\AppData\Local\{B04BAC94-B730-4F4A-83A0-9B8FE9C82401} => Empty Folder not necessary

O43 - CFD: 04/03/2012 - 12:45:06 - [0] ----D- C:\Users\hamid\AppData\Local\{B1432DC7-E3F9-405C-AFBD-77EC985FDC1E} => Empty Folder not necessary

O43 - CFD: 10/02/2012 - 21:01:08 - [0] ----D- C:\Users\hamid\AppData\Local\{B17D17DA-68BC-4588-84CF-551EDFB6CE61} => Empty Folder not necessary

O43 - CFD: 04/02/2012 - 19:17:16 - [0] ----D- C:\Users\hamid\AppData\Local\{B761F4DA-ED7A-4FC0-BD3F-0130724D4338} => Empty Folder not necessary

O43 - CFD: 25/01/2012 - 13:29:56 - [0] ----D- C:\Users\hamid\AppData\Local\{BC6CE097-90FE-4B9B-A08F-11B9F7616220} => Empty Folder not necessary

O43 - CFD: 29/01/2012 - 18:33:56 - [0] ----D- C:\Users\hamid\AppData\Local\{BDF57B5C-A3E8-4BAC-8A96-2A5752E901FF} => Empty Folder not necessary

O43 - CFD: 21/02/2012 - 16:46:36 - [0] ----D- C:\Users\hamid\AppData\Local\{BE5A02F0-60B2-419A-99C7-434F5F6D8562} => Empty Folder not necessary

O43 - CFD: 12/02/2012 - 10:49:36 - [0] ----D- C:\Users\hamid\AppData\Local\{C3CA6B85-4163-462C-962A-046F2FB5D1DB} => Empty Folder not necessary

O43 - CFD: 26/02/2012 - 19:07:40 - [0] ----D- C:\Users\hamid\AppData\Local\{C788FB45-E036-437F-9F37-9C4CC55E728F} => Empty Folder not necessary

O43 - CFD: 03/03/2012 - 22:45:30 - [0] ----D- C:\Users\hamid\AppData\Local\{C89D6B68-E49D-49DB-B6B0-35A497A1DEE5} => Empty Folder not necessary

O43 - CFD: 21/02/2012 - 12:59:20 - [0] ----D- C:\Users\hamid\AppData\Local\{CACCCE3F-2273-4E1C-B2C1-D261ED48E585} => Empty Folder not necessary

O43 - CFD: 05/03/2012 - 21:34:08 - [0] ----D- C:\Users\hamid\AppData\Local\{D17DBB05-A6A9-42E4-83F3-2AD028544B0B} => Empty Folder not necessary

O43 - CFD: 25/02/2012 - 13:42:26 - [0] ----D- C:\Users\hamid\AppData\Local\{D1E53AF5-4926-4648-A1A3-1CF6269DB11C} => Empty Folder not necessary

O43 - CFD: 09/02/2012 - 18:49:26 - [0] ----D- C:\Users\hamid\AppData\Local\{D2256F58-B0EB-4866-A9D7-114B859ED541} => Empty Folder not necessary

O43 - CFD: 29/01/2012 - 10:31:54 - [0] ----D- C:\Users\hamid\AppData\Local\{D3D1F5CA-FB08-41A8-95CD-4B829EF3A8F7} => Empty Folder not necessary

O43 - CFD: 29/02/2012 - 18:54:06 - [0] ----D- C:\Users\hamid\AppData\Local\{D46E3424-2665-4A2B-8E88-F5A3FF91AD80} => Empty Folder not necessary

O43 - CFD: 25/02/2012 - 19:51:50 - [0] ----D- C:\Users\hamid\AppData\Local\{D4832DF5-65CC-433C-B4DF-BC4A6192AD3D} => Empty Folder not necessary

O43 - CFD: 27/02/2012 - 18:37:28 - [0] ----D- C:\Users\hamid\AppData\Local\{D4B7798B-ED92-4383-B32A-7F36505CB49E} => Empty Folder not necessary

O43 - CFD: 28/02/2012 - 17:13:50 - [0] ----D- C:\Users\hamid\AppData\Local\{D91D1B54-03F9-450F-AEF3-D3A48A04E09A} => Empty Folder not necessary

O43 - CFD: 11/02/2012 - 19:25:50 - [0] ----D- C:\Users\hamid\AppData\Local\{DCB3C86B-E2AB-4FA8-8693-CE949149F3BC} => Empty Folder not necessary

O43 - CFD: 14/02/2012 - 21:04:12 - [0] ----D- C:\Users\hamid\AppData\Local\{E2CD34CB-CD36-4870-BB7F-7E8BE97CF2F2} => Empty Folder not necessary

O43 - CFD: 21/02/2012 - 20:04:24 - [0] ----D- C:\Users\hamid\AppData\Local\{E79D82C5-0EB5-4F2B-AB45-6C0F51C8104D} => Empty Folder not necessary

O43 - CFD: 15/02/2012 - 18:19:58 - [0] ----D- C:\Users\hamid\AppData\Local\{EDA425D6-9BEF-4890-BF7C-6F05E95338C8} => Empty Folder not necessary

O43 - CFD: 03/03/2012 - 18:38:36 - [0] ----D- C:\Users\hamid\AppData\Local\{EF939B23-4D9F-4288-BC9E-A16F15EC1969} => Empty Folder not necessary

O43 - CFD: 05/03/2012 - 13:12:42 - [0] ----D- C:\Users\hamid\AppData\Local\{F162F83B-756D-4F11-9BA8-C1E8A7605613} => Empty Folder not necessary

O43 - CFD: 17/02/2012 - 19:53:10 - [0] ----D- C:\Users\hamid\AppData\Local\{F18514D7-E82F-4B34-A6D0-BE43CDB334C0} => Empty Folder not necessary

O43 - CFD: 24/01/2012 - 21:16:20 - [0] ----D- C:\Users\hamid\AppData\Local\{F4D430CE-1106-428E-A6D9-A670B1B7B294} => Empty Folder not necessary

O43 - CFD: 01/02/2012 - 20:52:04 - [0] ----D- C:\Users\hamid\AppData\Local\{F9D41004-B95C-426D-8F93-B76738811AF5} => Empty Folder not necessary

O43 - CFD: 27/01/2012 - 18:59:48 - [0] ----D- C:\Users\hamid\AppData\Local\{FB7F3196-84D9-41F7-AB7B-BCDA87E35C55} => Empty Folder not necessary

O43 - CFD: 03/03/2012 - 22:49:40 - [0] ----D- C:\Users\hamid\AppData\Local\{FF158A81-B339-4DC3-9DD0-DAE15EAEE515} => Empty Folder not necessary

O43 - CFD: 01/01/2012 - 20:40:04 - [15,440] ----D- C:\Program Files (x86)\BarrierePoker.fr => Poker Game

O43 - CFD: 18/01/2012 - 14:19:40 - [89,071] ----D- C:\Program Files (x86)\PokerStars.FR => PartyGaming PokerStars

O43 - CFD: 18/02/2012 - 22:28:38 - [22,294] ----D- C:\Program Files (x86)\SupremePlay => SupremePlay Casino

[MD5.02384485439EC93C4385C990E7D06A26] [sPRF][05/03/2012] (.SweetIM Technologies Ltd. - SweetIM Installer by SweetPacks.) -- C:\Users\hamid\AppData\Local\Temp\Shortcut_SweetImSetup[1].exe [375600]

[MD5.1A3D1A7349253561EF89D017F6EDD5FC] [sPRF][05/03/2012] (.SweetIM Technologies Lt - This installer.) -- C:\Users\hamid\AppData\Local\Temp\SIMEEIInstaller.exe [2626512]

[MD5.719AF0A81B65A4AEB4BA7BD6644BB1A7] [sPRF][02/11/2011] (...) -- C:\Users\hamid\AppData\Local\Temp\WLM2011Installer.exe [1289216]

O87 - FAEL: "{5BFB3721-877F-4D5D-A98A-BB9B50CA06F7}" |In - Public - P6 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) => Fichier absent

O87 - FAEL: "{E8AE3B4B-8D19-4DF7-B237-335E3C5205EC}" |In - Public - P17 - TRUE | .(...) -- C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (.not file.) => Fichier absent

R3 - URLSearchHook: UrlSearchHook Class [64Bits] - {00000000-6E41-4FD3-8538-502F5495E5FC} . (.Ask - Ask Toolbar.) (5.14.1.20007) -- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

R3 - URLSearchHook: Avanquest FR Toolbar [64Bits] - {6ec85fcf-87ad-41d7-ae1f-f116f8ad4848} . (.Conduit Ltd. - Conduit Toolbar.) (6.4.0.0) -- C:\Program Files (x86)\Avanquest_FR\prxtbAvan.dll

O2 - BHO: Avanquest FR [64Bits] - {6ec85fcf-87ad-41d7-ae1f-f116f8ad4848} . (.Conduit Ltd. - Conduit Toolbar.) -- C:\Program Files (x86)\Avanquest_FR\prxtbAvan.dll

O2 - BHO: Ask Toolbar BHO [64Bits] - {D4027C7F-154A-4066-A1AD-4243D8127440} . (.Ask - Ask Toolbar.) -- C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

O8 - Extra context menu item: Rechercher sur le Web - (.not file.) - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\menuext.html => SweetIM Toolbar

[MD5.2A474C9DBB9FBAC669D86149F7CE5FF3] [APT] [scheduled Update for Ask Toolbar] (...) -- C:\Program Files (x86)\Ask.com\UpdateTask.exe

O42 - Logiciel: Ask Toolbar - (.Ask.com.) [HKLM] -- {86D4B82A-ABED-442A-BE86-96357B70F4FE} => Toolbar.Ask

O42 - Logiciel: Ask Toolbar Updater - (.Ask.com.) [HKCU] -- {79A765E1-C399-405B-85AF-466F52E918B0} => Toolbar.Ask

O42 - Logiciel: Avanquest FR Toolbar - (.Avanquest FR.) [HKLM] -- Avanquest_FR Toolbar => Avanquest FR Toolbar

O42 - Logiciel: SweetPacks Toolbar for Internet Explorer 4.4 - (.SweetIM Technologies Ltd..) [HKLM] -- {2F603A45-D956-496B-81B5-50D782424976} => Toolbar.SweetIM

[HKCU\Software\APN] => Toolbar.eBay

[HKCU\Software\AppDataLow\Software\AskToolbar] => Toolbar.Ask

[HKCU\Software\AppDataLow\Software\Avanquest_FR] => Avanquest_FR Toolbar

[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] => Toolbar.Conduit

[HKCU\Software\Ask.com] => Toolbar.Ask

[HKLM\Software\APN] => Toolbar.eBay

[HKLM\Software\AskToolbar] => Toolbar.Ask

[HKLM\Software\Avanquest_FR] => Avanquest_FR Toolbar

O43 - CFD: 05/03/2012 - 22:51:42 - [4,045] ----D- C:\ProgramData\Ask => Toolbar.Ask

O43 - CFD: 06/03/2012 - 12:54:56 - [3,255] ----D- C:\Program Files (x86)\Ask.com => Toolbar.Ask

O43 - CFD: 05/03/2012 - 21:18:50 - [4,795] ----D- C:\Program Files (x86)\Avanquest_FR => Avanquest_FR Toolbar

[MD5.7C6791A8088C60C32CE216B46E4F6B16] [sPRF][19/02/2012] (.Ask.com - AskStub Application.) -- C:\Users\hamid\AppData\Local\Temp\ApnStub.exe [357032]

[HKLM\Software\WOW6432Node\Classes\AppID\GenericAskToolbar.DLL] => Toolbar.Ask

[HKLM\Software\WOW6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}] => Toolbar.Ask

[HKLM\Software\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] => Toolbar.Ask

[HKLM\Software\WOW6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}] => Toolbar.Ask

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}] => Avanquest FR Toolbar

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}] => Avanquest FR Toolbar

[HKLM\Software\WOW6432Node\Classes\CLSID\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}] => Avanquest FR Toolbar

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ec85fcf-87ad-41d7-ae1f-f116f8ad4848}] => Avanquest FR Toolbar

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}] => Toolbar.Ask

[HKLM\Software\WOW6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}] => Toolbar.Ask

[HKLM\Software\WOW6432Node\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}] => Toolbar.Ask

[HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] => Toolbar.Ask

[HKLM\Software\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}] => Toolbar.Ask

[HKLM\Software\WOW6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}] => Toolbar.Ask

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}] => Toolbar.Ask

[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}] => Toolbar.Ask

[HKLM\Software\WOW6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}] => Toolbar.Ask

[HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] => Toolbar.Ask

[HKCU\Software\APN] => Toolbar.eBay

[HKLM\Software\WOW6432Node\APN] => Toolbar.eBay

[HKCU\Software\Ask.com] => Toolbar.Ask

[HKCU\Software\AppDataLow\Software\AskToolbar] => Toolbar.Ask

[HKLM\Software\WOW6432Node\AskToolbar] => Toolbar.Ask

[HKCU\Software\AppDataLow\Software\ConduitSearchScopes] => Toolbar.Conduit

[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}] => Toolbar.Ask

[HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks]:{00000000-6E41-4FD3-8538-502F5495E5FC} => Toolbar.Ask

C:\Users\hamid\AppData\LocalLow\AskToolbar => Toolbar.Ask

C:\Users\hamid\AppData\LocalLow\SweetIM => SweetIM Toolbar

C:\Program Files (x86)\Ask.com => Toolbar.Ask

C:\Windows\system32\Tasks\Scheduled Update for Ask Toolbar => Toolbar.Ask

---------------------------------------------------

• Clique sur l'icone représentant la lettre H (« coller les lignes Helper »)

• Les lignes se collent automatiquement dans ZHPFix.

• Clique sur « GO »

Envoie moi le rapport de ZHPFIX STP

le 7 mars 2012

le 7 mars 2012

http://sd-5.archive-host.com/membres/up/71171236452810436/RAPPORTS_ZHP/ZHPFixR1.txt

le 7 mars 2012

Bonjour,

Comment se comporte ton PC maintenant ???

le 7 mars 2012

ba ya plein de truc en moins jai plus de pub qui apparaisse toute les 2 min et ma barre de tache a largement diminuer, donc pas de bug sa a l'air bien merci :D

le 7 mars 2012

Ben... Perso j'ai eu la version Allemande de se p'tit virus.

Hop : google : tape le nom qui est écrit en gros dans l'entête : hop roguekiller (toujours efficace)

Et en moins de temps qu'il ne faut pour l'écrire, tout redevient comme avant...

Alors je rigole bien devant le millier de manip' cités plus haut :D

le 7 mars 2012

Hop : google : tape le nom qui est écrit en gros dans l'entête : hop roguekiller (toujours efficace)

non mais si tu as suivie le topic il l'avais passé roguekiller , regarde le raport c'est bourré de tolbar.ask et babylon , ces truc non rien a voir avec le virus de la police , c'est que jerendu56 doit pas faire bien attention quand il télécharge des truque . :D

le 7 mars 2012

Ah d'accord.. :smile2:

Merci pour la MAJ :dort: :smile2:

le 8 mars 2012

Bonjour,

Ben... Perso j'ai eu la version Allemande de se p'tit virus.
Hop : google : tape le nom qui est écrit en gros dans l'entête : hop roguekiller (toujours efficace)

Et en moins de temps qu'il ne faut pour l'écrire, tout redevient comme avant...

Alors je rigole bien devant le millier de manip' cités plus haut :D

Le problème c'est que jeremdu56 s'est greffé sur le topic de Uranie et que son cas concernant "Ransomware" devait être résolu car il n'y avait aucun blocage et donc pas de Rogue présent sur l'analyse ZHPDiag, donc pas besoin de prendre des antibiotiques quand tu n'es pas malade...

Par contre j'aurai dû lui faire ouvrir un autre topic dès de départ.

@+

Connexion

Virus "police nationale"

Messages recommandés

Lien à poster

Partager sur d’autres sites

Lien à poster

Partager sur d’autres sites

Lien à poster

Partager sur d’autres sites

Lien à poster

Partager sur d’autres sites

Lien à poster

Partager sur d’autres sites

Lien à poster

Partager sur d’autres sites

Lien à poster

Partager sur d’autres sites

Lien à poster

Partager sur d’autres sites

Lien à poster

Partager sur d’autres sites

Lien à poster

Partager sur d’autres sites

Invité sfc

Lien à poster

Partager sur d’autres sites

Lien à poster

Partager sur d’autres sites

Lien à poster

Partager sur d’autres sites

Archivé

Bienvenue sur Forum Fr !

FFr Mag' 2.0

Dire à un ami