Adware.Salus : rapport OTL

Résolu/Fermé
Tipi596 Messages postés 11 Date d'inscription mercredi 5 novembre 2014 Statut Membre Dernière intervention 5 novembre 2014 - Modifié par Malekal_morte- le 5/11/2014 à 19:02
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 5 nov. 2014 à 21:33
Bonjour,

voici le lien OTL que j'ai eu suite à l'analyse de mon PC avec OTL

https://pjjoint.malekal.com/files.php?id=20141105_s9b12q105t10

Merci d'avance de votre aide, sans ordi: plus d'outil de travail.

13 réponses

Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
5 nov. 2014 à 19:02
Salut,


Supprime les proxys : https://forum.malekal.com/viewtopic.php?t=47404&start=


Relance OTL.
o sous Personnalisation (Custom Scan), copie_colle le contenu ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:


:OTL
DRV:[b]64bit:[/b] - [2014/09/24 11:51:50 | 000,047,440 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\salus.sys -- (Salus)

DRV:[b]64bit:[/b] - [2014/10/30 14:12:20 | 000,047,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\b786bdb3c67d.sys -- (b786bdb3c67d)
DRV:[b]64bit:[/b] - [2014/10/02 08:56:14 | 000,048,792 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\{e9bebce7-deb3-4ab9-896c-549739f208c5}Gw64.sys -- ({e9bebce7-deb3-4ab9-896c-549739f208c5}Gw64)
O4 - HKLM..\Run: [CrashMon] C:\Program Files (x86)\0ca45c95134d\5596b4e010aa.exe ()
[2014/11/05 16:46:11 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\AskPartnerNetwork
[2014/11/05 16:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork
[2014/11/05 16:46:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskPartnerNetwork
[2014/11/05 16:45:57 | 000,000,000 | ---D | C] -- C:\ProgramData\APN
SRV - [2014/10/30 13:48:34 | 000,646,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\0ca45c95134d\cf3e08d747e4.exe -- (UniversalUpdater)
O4 - HKLM..\Run: [mbot_fr_219] File not found
O4 - HKLM..\Run: [Salus] C:\Program Files (x86)\Salus\Salus.exe ()
O4 - HKLM..\Run: [Salus CrashMon] C:\Program Files (x86)\Salus\CrashMon.exe ()
[2014/11/01 15:41:29 | 000,000,000 | -HSD | C] -- C:\Users\Thomas\AppData\Roaming\AnyProtectEx
[2014/11/01 10:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\predm
[2014/11/01 10:48:19 | 000,000,000 | ---D | C] -- C:\ProgramData\374311380
[2014/11/01 10:43:36 | 001,551,776 | ---- | C] (browser) -- C:\Users\Thomas\AppData\Roaming\UHY.exe
[2014/11/01 10:43:06 | 000,000,000 | ---D | C] -- C:\Users\Thomas\Documents\Optimizer Pro
[2014/11/01 10:42:33 | 002,043,808 | ---- | C] (browser) -- C:\Users\Thomas\AppData\Roaming\XXJQKZF.exe
[2014/11/01 10:42:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Salus
[2014/11/01 10:42:17 | 000,000,000 | ---D | C] -- C:\Users\Thomas\AppData\Local\globalUpdate
[2014/11/01 10:42:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\globalUpdate
[2014/11/01 10:41:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\0ca45c95134d
[2014/11/01 10:41:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\f552dd4c52e3
[2014/11/01 10:40:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
[2014/10/30 14:12:20 | 000,047,408 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\b786bdb3c67d.sys

* poste le rapport ici
0
Tipi596 Messages postés 11 Date d'inscription mercredi 5 novembre 2014 Statut Membre Dernière intervention 5 novembre 2014
5 nov. 2014 à 19:16
Pour les détails du pb du PC:

pas moyen d'atteindre une page internet alors que ma connexion est ok.
Tout allait bien jusque hier après midi.
Le message d'erreur est:
ERR_CONNEXION_CLOSED

Je vous transmets le rapport n°2 d'OTL dans un instant,

merci beaucoup
0
Tipi596 Messages postés 11 Date d'inscription mercredi 5 novembre 2014 Statut Membre Dernière intervention 5 novembre 2014
5 nov. 2014 à 19:18
========== OTL ==========
Error: Unable to stop service Salus!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Salus deleted successfully.
C:\Windows\SysNative\drivers\salus.sys moved successfully.
Service b786bdb3c67d stopped successfully!
Service b786bdb3c67d deleted successfully!
C:\Windows\SysNative\drivers\b786bdb3c67d.sys moved successfully.
Service {e9bebce7-deb3-4ab9-896c-549739f208c5}Gw64 stopped successfully!
Service {e9bebce7-deb3-4ab9-896c-549739f208c5}Gw64 deleted successfully!
C:\Windows\SysNative\drivers\{e9bebce7-deb3-4ab9-896c-549739f208c5}Gw64.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CrashMon deleted successfully.
C:\Program Files (x86)\0ca45c95134d\5596b4e010aa.exe moved successfully.
C:\Users\Thomas\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC folder moved successfully.
C:\Users\Thomas\AppData\Local\AskPartnerNetwork\Toolbar\Updater folder moved successfully.
C:\Users\Thomas\AppData\Local\AskPartnerNetwork\Toolbar folder moved successfully.
C:\Users\Thomas\AppData\Local\AskPartnerNetwork folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\Shared\CRX folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\Shared folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Response folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater\Config folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE\Updater folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-SPE folder moved successfully.
C:\ProgramData\AskPartnerNetwork\Toolbar folder moved successfully.
C:\ProgramData\AskPartnerNetwork folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\ORJ-SPE folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\IDC folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\VNT folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\{PartnerID} folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\{PartnerID} folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar\Updater folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\Toolbar folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork\ChromeUtils folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files\AskPartnerNetwork folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\program files folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version} folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID} folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata\AskPartnerNetwork\Toolbar\Shared\CRX folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata\AskPartnerNetwork\Toolbar\Shared folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata\AskPartnerNetwork\Toolbar folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata\AskPartnerNetwork folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\common appdata folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder} folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\appdata\Mozilla\Firefox\Profiles folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\appdata\Mozilla\Firefox folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\appdata\Mozilla folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source\appdata folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE\Source folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar\ORJ-SPE folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\Toolbar folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork\ChromeUtils folder moved successfully.
C:\Program Files (x86)\AskPartnerNetwork folder moved successfully.
C:\ProgramData\APN\APN-Stub folder moved successfully.
C:\ProgramData\APN folder moved successfully.
Service UniversalUpdater stopped successfully!
Service UniversalUpdater deleted successfully!
C:\Program Files (x86)\0ca45c95134d\cf3e08d747e4.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mbot_fr_219 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Salus deleted successfully.
C:\Program Files (x86)\Salus\Salus.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Salus CrashMon deleted successfully.
C:\Program Files (x86)\Salus\CrashMon.exe moved successfully.
C:\Users\Thomas\AppData\Roaming\AnyProtectEx\swf folder moved successfully.
C:\Users\Thomas\AppData\Roaming\AnyProtectEx\scan_results folder moved successfully.
C:\Users\Thomas\AppData\Roaming\AnyProtectEx\logs folder moved successfully.
C:\Users\Thomas\AppData\Roaming\AnyProtectEx\language folder moved successfully.
C:\Users\Thomas\AppData\Roaming\AnyProtectEx\installer folder moved successfully.
C:\Users\Thomas\AppData\Roaming\AnyProtectEx folder moved successfully.
C:\Program Files (x86)\predm folder moved successfully.
C:\ProgramData\374311380 folder moved successfully.
C:\Users\Thomas\AppData\Roaming\UHY.exe moved successfully.
C:\Users\Thomas\Documents\Optimizer Pro folder moved successfully.
C:\Users\Thomas\AppData\Roaming\XXJQKZF.exe moved successfully.
C:\Program Files (x86)\Salus\Salus\SSL folder moved successfully.
C:\Program Files (x86)\Salus\Salus folder moved successfully.
C:\Users\Thomas\AppData\Local\globalUpdate\CrashReports folder moved successfully.
C:\Users\Thomas\AppData\Local\globalUpdate folder moved successfully.
C:\Program Files (x86)\globalUpdate\CrashReports folder moved successfully.
C:\Program Files (x86)\globalUpdate folder moved successfully.
C:\Program Files (x86)\0ca45c95134d folder moved successfully.
C:\Program Files (x86)\f552dd4c52e3\nss folder moved successfully.
C:\Program Files (x86)\f552dd4c52e3\b786bdb3c67d\SSL folder moved successfully.
C:\Program Files (x86)\f552dd4c52e3\b786bdb3c67d folder moved successfully.
C:\Program Files (x86)\f552dd4c52e3 folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip folder moved successfully.
File C:\Windows\SysNative\drivers\b786bdb3c67d.sys not found.

OTL by OldTimer - Version 3.2.69.0 log created on 11052014_191305
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
5 nov. 2014 à 19:51
Ca donne quoi ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Tipi596 Messages postés 11 Date d'inscription mercredi 5 novembre 2014 Statut Membre Dernière intervention 5 novembre 2014
5 nov. 2014 à 19:58
Le rapport a été posté à 19:18. Vous le voyez?
Aucune page se s'affiche (sauf mes favoris, hors facebook)
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
5 nov. 2014 à 19:59
Refais un scan OTL et donne le rapport via pjjoint.
0
Tipi596 Messages postés 11 Date d'inscription mercredi 5 novembre 2014 Statut Membre Dernière intervention 5 novembre 2014
5 nov. 2014 à 20:02
Je ne mets rien dans "personnalisation"?
Je clique sur "Analyse" ou "Analyse rapide"?
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
Modifié par Malekal_morte- le 5/11/2014 à 20:05
Tout pareil que la première fois.
0
Tipi596 Messages postés 11 Date d'inscription mercredi 5 novembre 2014 Statut Membre Dernière intervention 5 novembre 2014
5 nov. 2014 à 20:10
ok, je viens de relancer une analyse avec le 1er script
0
Tipi596 Messages postés 11 Date d'inscription mercredi 5 novembre 2014 Statut Membre Dernière intervention 5 novembre 2014
5 nov. 2014 à 20:31
Le rapport est très très long, je le mets quand même?
0
Tipi596 Messages postés 11 Date d'inscription mercredi 5 novembre 2014 Statut Membre Dernière intervention 5 novembre 2014
5 nov. 2014 à 20:36
Ca à l'air de fonctionner .... est-ce normal? temporaire?
Merci de votre retour
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
5 nov. 2014 à 20:47
donne le rapport par pjjoint.
0
Tipi596 Messages postés 11 Date d'inscription mercredi 5 novembre 2014 Statut Membre Dernière intervention 5 novembre 2014
5 nov. 2014 à 20:58
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
5 nov. 2014 à 21:14
Relance OTL.
o sous Personnalisation (Custom Scan), copie_colle le contenu ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:


:OTL
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
[2014/11/01 10:42:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Salus
[2014/11/05 19:59:53 | 000,001,688 | ---- | M] () -- C:\Windows\tasks\XXJQKZF.job
[2014/10/03 21:51:31 | 000,022,528 | ---- | C] () -- C:\Users\Thomas\AppData\Local\35481585dsisetup355158582.exe
[2014/09/01 09:18:44 | 000,001,248 | ---- | C] () -- C:\Users\Thomas\AppData\Roaming\XXJQKZF
:files
C:\Program Files (x86)\SweetIM

* poste le rapport ici


Redémarre l'ordinateur

0
Tipi596 Messages postés 11 Date d'inscription mercredi 5 novembre 2014 Statut Membre Dernière intervention 5 novembre 2014
5 nov. 2014 à 21:20
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM deleted successfully.
C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe moved successfully.
C:\Program Files (x86)\Salus\nss folder moved successfully.
C:\Program Files (x86)\Salus folder moved successfully.
C:\Windows\Tasks\XXJQKZF.job moved successfully.
C:\Users\Thomas\AppData\Local\35481585dsisetup355158582.exe moved successfully.
C:\Users\Thomas\AppData\Roaming\XXJQKZF moved successfully.
========== FILES ==========
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer folder moved successfully.
C:\Program Files (x86)\SweetIM\Toolbars folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources\sqlite folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources\images folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger\resources folder moved successfully.
C:\Program Files (x86)\SweetIM\Messenger folder moved successfully.
C:\Program Files (x86)\SweetIM folder moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 11052014_211814

le PC redémarre
0
Tipi596 Messages postés 11 Date d'inscription mercredi 5 novembre 2014 Statut Membre Dernière intervention 5 novembre 2014
5 nov. 2014 à 21:24
apparemment, tout fonctionne
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 660
5 nov. 2014 à 21:33
yep :)


Quelques conseils :

Installe Malwarebyte's Anti-Malware : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Fais des scans réguliers avec, il est efficace.


Pour prévenir les sites malicieux, tu peux installer Blockulicious : https://forum.malekal.com/viewtopic.php?t=46656&start=


Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/


0