salut laisse tomber cacaoweb , c'est un ADWARE
========
ton pc est une poubelle numérique ( elle m'a plu celle là ^^ )
ca doit ramer grave sur internet , tu installes n"importe quoi !
========
desinstalle adobe reader 9
desinstalle SweetIM Toolbar
desinstalle Toolbar.Crawler
desinstalle crazyloader
desinstalle Ilivid
Desinstalle babylon
desinstalle Search qu mediaBar/windows search qu toolbar
desinstalle Bandoo
desinstalle offerbox
desinstalle whtiesmoke
desinstalle Fluendo
desinstalle Spybot search and destroy il vaut rien
========
un truc pour bien te faire comprendre que spybot est à la ramasse :
[HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb] | Cacaoweb -> "C:\Program Files\cacaoweb\Cacaoweb.exe" -noplayer => Infection PUP (PUP.CacaoWeb)
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"=0x21BF5C0E5FD1D011830100AA005B438322001C000800000006000000010000000000000000000000000000004C0000000114020000000000C000000000000046810000001000000008C258F6C260CB01C2931C32C460CB0108C258F6C260CB0100000000000000000100 => Infection BT (Cram Toolbar.Adw)
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=0x3BE1C37ACA3B5841B330F66DBB03C1B5 => Infection PUP (PUP.VShareRedir)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu MediaBar] => Infection PUP (Adware.Bandoo)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6084C211-01A1-464E-97A0-09772E122B50}] => Infection BT (Adware.SPointer)
[HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193}] | (cherche.us) -> http://www.cherche.us/Result.php?cx=partner-pub-0420647136319153%3A5n6ugpjrdrh&cof=GIMP%3ACCCCCC%3BT%3A000000%3BALC%3A551a8b%3BGFNT%3AB7B7B7% => Infection BT (Hijacker.ChercheUS)
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}] | (BndCore.exe) -> C:\Program Files\Bandoo => Infection PUP (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}] | (ExtensionsManager.exe) -> C:\Program Files\Bandoo => Infection PUP (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}] | (Bandoo.exe) -> C:\Program Files\Bandoo => Infection PUP (Adware.Bandoo)
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}] | (BandooUI.exe) -> C:\Program Files\Bandoo => Infection PUP (Adware.Bandoo)
[HKCU\Software\Babylon] => Infection BT (Toolbar.Babylon)
[HKCU\Software\cacaoweb] => Infection PUP (PUP.CacaoWeb)
[HKCU\Software\Grand Virtual] => Infection PUP (PUP.GrandVirtual)
[HKCU\Software\OfferBox] => Infection PUP (PUP.OfferBox)
[HKCU\Software\Spointer] => Infection BT (Adware.SPointer)
[HKCU\Software\WhiteSmoke] => Infection PUP (PUP.Whitesmoke)
[HKLM\Software\Bandoo] => Infection PUP (Adware.Bandoo)
[HKLM\Software\CrazyLoader] => Infection BT (Adware.SPointer)
[HKLM\Software\ilivid] => Infection BT (Adware.Bandoo)
[HKLM\Software\OfferBox] => Infection PUP (PUP.OfferBox)
[HKLM\Software\WhiteSmoke] => Infection PUP (PUP.Whitesmoke)
Suspect : HKCU\Software\Babylon => Infection BT (Toolbar.Babylon)
[12/08/2011|19:01:53] | C:\Documents and Settings\Thibault.MACIO-PQCCL0E70\Application Data\Bandoo => Infection PUP (Adware.Bandoo)
[27/08/2010|23:39:48] | C:\Documents and Settings\Thibault.MACIO-PQCCL0E70\Application Data\cacaoweb => Infection PUP (PUP.CacaoWeb)
[10/02/2011|22:09:10] | C:\Documents and Settings\Thibault.MACIO-PQCCL0E70\Application Data\CrazyLoader => Infection BT (Adware.SPointer)
[25/12/2010|20:56:45] | C:\Documents and Settings\Thibault.MACIO-PQCCL0E70\Application Data\OfferBox => Infection PUP (PUP.OfferBox)
[14/01/2011|21:56:36] | C:\Documents and Settings\Thibault.MACIO-PQCCL0E70\Application Data\WhiteSmoke => Infection PUP (PUP.Whitesmoke)
[11/08/2011|21:23:24] | C:\Documents and Settings\All Users.WINDOWS\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820} => Infection BT
[25/12/2010|20:59:36] | C:\Documents and Settings\Thibault.MACIO-PQCCL0E70\Local Settings\Application Data\Babylon => Infection BT (Toolbar.Babylon)
[12/07/2010|13:11:57] | C:\Documents and Settings\Thibault.MACIO-PQCCL0E70\Local Settings\Application Data\moovida Air => Infection BT (Adware.SPointer)
[24/12/2010|12:13:51] | C:\Program Files\Babylon => Infection BT (Toolbar.Babylon)
[27/08/2010|23:39:44] | C:\Program Files\cacaoweb => Infection PUP (PUP.CacaoWeb)
[06/06/2010|15:35:14] | C:\Program Files\Fluendo => Infection BT (Adware.SPointer)
[11/08/2011|21:22:34] | C:\Program Files\iLivid => Infection BT (Adware.Bandoo)
[04/04/2010|10:40:28] | C:\Program Files\OfferBoxSearch => Infection PUP (PUP.OfferBox)
[14/01/2011|21:55:58] | C:\Program Files\WhiteSmoke => Infection PUP (PUP.Whitesmoke)
[04/04/2010|10:40:28] | C:\Program Files\Widestream6 => Infection BT (Adware.SPointer)
"C:\Program Files\CrazyLoader\crazyloader.exe"=C:\Program Files\CrazyLoader\crazyloader.exe:*:Enabled:CrazyLoader v1.2 => Infection BT (Adware.SPointer)
"C:\Program Files\cacaoweb\Cacaoweb.exe"=C:\Program Files\cacaoweb\cacaoweb.exe:*:Enabled:cacaoweb => Infection PUP (PUP.CacaoWeb)
"iLivid"=iLivid (Bandoo Media Inc.) -> "C:\Documents and Settings\All Users.WINDOWS\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.exe" REMOVE=TRUE MODIFY=FALSE => Infection BT
"{766A55D2-E428-4B7C-B5B3-92592F6B107C}"=OfferBox (Secure Digital Services) -> MsiExec.exe /X{766A55D2-E428-4B7C-B5B3-92592F6B107C} => Infection PUP (PUP.OfferBox)
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}"=iLivid (Bandoo Media Inc.) -> C:\Documents and Settings\All Users.WINDOWS\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}\iLividSetupV1.exe => Infection BT
Malware (42)
======================
fais glisser une icone n'importe quel fichier sur Pre_scan , pre_script va apparaitre
Lance Pre_script , une page vierge va s'ouvrir.
selectionne tout le texte en gras ci-dessous, puis (clic droit/copier ou ctrl+c) :
___________________________________________________
Kill::
Registry::
[-HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe Reader Speed Launcher]
[-HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cacaoweb]
[-HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSConfig]
[-HKEY_CLASSES_ROOT\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{EEE6C35B-6118-11DC-9C72-001320C79847}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{EEE6C35B-6118-11DC-9C72-001320C79847}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"=-
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"=-
[-HKEY_CLASSES_ROOT\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{4B3803EA-5230-4DC3-A7FC-33638F3D3542}"=-
[-HKEY_CLASSES_ROOT\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
[-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ext\stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\3BEF1AFDE8303306594E2ADA27520E6E700820AE]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\CrazyLoader]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\iLivid]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Searchqu MediaBar]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{6084C211-01A1-464E-97A0-09772E122B50}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{557C21FE-7274-410D-853E-9ED4471BF193}]
[-HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7402}]
[-HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7402}]
[-HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{A7CB518A-3231-4965-A6FF-704655A3BEFD}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4e1d-BDD0-1E9C9B7799CC}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7f000001-db8e-f89c-2fec-49bf726f8c12}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}]
[-HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4fde-B055-AE7B0F4CF080}]
[-HKCU\Software\Babylon]
[-HKCU\Software\cacaoweb]
[-HKCU\Software\Grand Virtual]
[-HKCU\Software\OfferBox]
[-HKCU\Software\Spointer]
[-HKCU\Software\WhiteSmoke]
[-HKLM\Software\Bandoo]
[-HKLM\Software\BrowserChoice]
[-HKLM\Software\Crazyloader]
[-HKLM\Software\ilivid]
[-HKLM\Software\OfferBox]
[-HKLM\Software\SweetIM]
[-HKLM\Software\WhiteSmoke]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\CrazyLoader\crazyloader.exe"=-
"C:\Program Files\cacaoweb\Cacaoweb.exe"=-
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"=-
"52344:TCP"=-
[HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\sharedaccess\parameters\firewallpolicy\domainprofile\GloballyOpenPorts\List]
"65533:TCP"=-
"52344:TCP"=-
file::
C:\Documents and Settings\Thibault.MACIO-PQCCL0E70\Local Settings\Application Data\_1_
folder::
C:\Program Files\cacaoweb
C:\Program Files\Bandoo
C:\Documents and Settings\Thibault.MACIO-PQCCL0E70\Application Data\Mozilla\Firefox\Profiles\5dgs69ee.default\extensions\cacaoweb@cacaoweb.org
C:\WINDOWS\assembly\tmp\KSZ6CJQW
C:\3b7ddbbee8c0b18cc44012df
C:\a19c5da03d9dfe8ab629
C:\a5b11ef115b915384b3a21a563bc
C:\Documents and Settings\Thibault.MACIO-PQCCL0E70\Application Data\Bandoo
C:\Documents and Settings\Thibault.MACIO-PQCCL0E70\Application Data\cacaoweb
C:\Documents and Settings\Thibault.MACIO-PQCCL0E70\Application Data\CrazyLoader
C:\Documents and Settings\Thibault.MACIO-PQCCL0E70\Application Data\OfferBox
C:\Documents and Settings\Thibault.MACIO-PQCCL0E70\Application Data\WhiteSmoke
C:\Documents and Settings\All Users.WINDOWS\Application Data\{9CD61942-8DA1-4781-925C-4FE1471E0820}
C:\Documents and Settings\Thibault.MACIO-PQCCL0E70\Local Settings\Application Data\Babylon
C:\Documents and Settings\Thibault.MACIO-PQCCL0E70\Local Settings\Application Data\moovida Air
C:\Documents and Settings\Thibault.MACIO-PQCCL0E70\Local Settings\Application Data\_1_
C:\Program Files\Babylon
C:\Program Files\Fluendo
C:\Program Files\iLivid
C:\Program Files\OfferBoxSearch
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\WhiteSmoke
C:\Program Files\Widestream6
Mbr::
clean::
Reboot::
___________________________________________________
colle-le ensuite (clic droit/coller ou ctrl+V) dans la page vierge.
puis onglet fichier => enregistrer (pas enregistrer sous...) , puis ferme le texte
des fenetres noires risquent de clignoter , c'est normal , c'est le programme qui travaille
poste Pre_Script.txt qui apparaitra sur le bureau en fin de travail
=================================
▶
Télécharge Sur cette page : AdwCleaner (de Xplode)
▶ clique sur Télécharger et enregistre le fichier sur ton Bureau
▶ Double-clique sur l'icône AdwCleaner0.exe pour lancer l'installation
==================================
▶▶▶ Sous Vista et Windows 7 /!\ :
il faut lancer le fichier par clic-droit -> Exécuter
en tant qu'administrateur
==================================
Sur le menu principal :
▶ clique sur Suppression et patiente le temps de l'analyse
▶ poste le contenu du rapport que tu trouveras dans ton disque dur c:\ADwcleaner[Sx].txt ou son contenu s'il s'ouvre.
