Sujet Précédent Sujet Suivant

Omiga Plus et Search Protect

Résolu/Fermé
theboserx Messages postés 30 Date d'inscription lundi 4 février 2013 Statut Membre Dernière intervention 21 août 2019 - 23 déc. 2014 à 17:26
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 23 déc. 2014 à 21:19
Bonjour,

depuis ma coupure de courant qui c'est produit ce matin mon ordinateur me pose quelque soucis : après l'avoir redémarrer normalement je passe quelque minute sur internet et HOP la page se ferme, bien entendu je la ré-ouvre mais toutes mes pages on disparu mais une seul et rester allumer "Omiga Plus" et une icone et apparue en bas a droite toute a cote de l'heure "Search Protect" qui c'est installer lui aussi je nettoie donc avec CCleaner et AdwCleaner mais même après avoir redémarrer ils reviennent je le fais plusieurs fois mais a cour de solution je fais donc une restauration qui date du 21/12/14 "il y a 2 jour" mais même topo ils reviennent toujours plus fort que jamais
mais bizarrement tout cela c'est produit sans rien installer

que puis-je faire ?? comment remettre tout dans l'ordre ??

merci pour votre aide
A voir également:

9 réponses

Réponse 1 / 9
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
23 déc. 2014 à 17:30
Salut,

Commence par un nettoyage adwcleaner : https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start=
Donne le rapport de nettoyage dans un nouveau message.

--
0
Réponse 2 / 9
theboserx Messages postés 30 Date d'inscription lundi 4 février 2013 Statut Membre Dernière intervention 21 août 2019 32
23 déc. 2014 à 18:03
deja fait mais bon on sait jamais

# AdwCleaner v4.106 - Rapport créé le 23/12/2014 à 17:54:04
# Mis à jour le 21/12/2014 par Xplode
# Database : 2014-12-21.4 [Live]
# Système d'exploitation : Windows 7 Ultimate Service Pack 1 (64 bits)
# Nom d'utilisateur : guillaume_2 - GUILLAUME-PC
# Exécuté depuis : C:\Users\guillaume_2\Desktop\adwcleaner_4.106.exe
# Option : Nettoyer

***** [ Services ] *****

Service Supprimé : IePluginServices
Service Supprimé : WindowsMangerProtect

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\IePluginServices
Dossier Supprimé : C:\ProgramData\WindowsMangerProtect
Dossier Supprimé : C:\ProgramData\Driver Mender
Dossier Supprimé : C:\ProgramData\drivergenius
Dossier Supprimé : C:\ProgramData\Software
Dossier Supprimé : C:\ProgramData\269c2ebbe3b7f5f2
Dossier Supprimé : C:\Program Files (x86)\SupTab
Dossier Supprimé : C:\Users\guillaume_2\AppData\Local\CrashRpt
Dossier Supprimé : C:\Users\guillaume_2\AppData\Roaming\omiga-plus
Dossier Supprimé : C:\Users\guillaume_2\AppData\Roaming\VOPackage
Dossier Supprimé : C:\Users\guillaume_2\AppData\Roaming\winservices
Dossier Supprimé : C:\Users\guillaume\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
Fichier Supprimé : C:\Windows\LibDownloadManagement.dll
Fichier Supprimé : C:\Windows\Kommun.dll
Fichier Supprimé : C:\Users\guillaume\AppData\Roaming\Bubble Dock.installation.log
Fichier Supprimé : C:\Users\guillaume_2\AppData\Roaming\Bubble Dock.installation.log
Fichier Supprimé : C:\Users\guillaume_2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Fichier Supprimé : C:\Users\guillaume_2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Fichier Supprimé : C:\Users\guillaume_2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal
Fichier Supprimé : C:\Users\guillaume_2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal

***** [ Tâches planifiées ] *****

Tâche Supprimée : RunAsStdUser Task

***** [ Raccourcis ] *****

Raccourci Désinfecté : C:\Users\guillaume_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Raccourci Désinfecté : C:\Users\guillaume_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Raccourci Désinfecté : C:\Users\guillaume_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Raccourci Désinfecté : C:\Users\guillaume_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registre ] *****

Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\janmfndmohbaaoocpcgfbghioojoakjg
Clé Supprimée : HKCU\Software\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif
Clé Supprimée : HKLM\SOFTWARE\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif
Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Clé Supprimée : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Supprimée : HKCU\Software\SupHpUISoft
Clé Supprimée : HKCU\Software\gameo
Clé Supprimée : HKLM\SOFTWARE\omiga-plusSoftware
Clé Supprimée : HKLM\SOFTWARE\SupDp
Clé Supprimée : HKLM\SOFTWARE\SupTab
Clé Supprimée : HKLM\SOFTWARE\supWindowsMangerProtect
Clé Supprimée : HKLM\SOFTWARE\supWPM
Clé Supprimée : HKLM\SOFTWARE\winservice86-nv
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftwareUpdate.exe

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17207

Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Search [CustomizeSearch]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v

[C:\Users\guillaume_2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Supprimée [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419350630&from=ill&uid=WDCXWD10EARS-003BB1_WD-WCAV5N85553055530&q={searchTerms}
[C:\Users\guillaume_2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Supprimée [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419350630&from=ill&uid=WDCXWD10EARS-003BB1_WD-WCAV5N85553055530&q={searchTerms}
[C:\Users\guillaume_2\AppData\Local\Google\Chrome\User Data\Default\preferences] - Supprimée [Extension] : kfkcangbigakljkjeglcofaomihpejif
[C:\Users\guillaume_2\AppData\Local\Google\Chrome\User Data\Default\preferences] - Supprimée [Startup_URLs] : hxxp://astromenda.com/?f=7&a=ast_cmi_14_35_ch&cd=2XzuyEtN2Y1L1QzutDtDtC0C0CtDtCzyzytBtAyE0EtDzztAtN0D0Tzu0SzyyCzztN1L2XzutAtFtDtFtCtDtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtBtA0AyBzyyBzytGtBtAtAyCtG0F0CtCtBtG0CyDtD0AtGyCtA0D0E0CzzyD0FtAtAyD0F2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByB0ByDtC0D0EzztGyE0E0EzytGyE0A0AyBtGzy0FyD0FtG0AtDtDtC0F0AtCyC0B0C0E0B2Q&cr=2059925638&ir=
[C:\Users\guillaume_2\AppData\Local\Google\Chrome\User Data\Default\preferences] - Supprimée [Startup_URLs] : hxxp://search.gboxapp.com/
[C:\Users\guillaume_2\AppData\Local\Google\Chrome\User Data\Default\preferences] - Supprimée [Startup_URLs] : hxxp://isearch.omiga-plus.com/?type=hp&ts=1419350630&from=ill&uid=WDCXWD10EARS-003BB1_WD-WCAV5N85553055530
[C:\Users\guillaume_2\AppData\Local\Google\Chrome\User Data\Default\preferences] - Supprimée [Startup_URLs] : hxxp://istart.webssearches.com/?type=hp&ts=1416412983&from=ill&uid=WDCXWD10EARS-003BB1_WD-WCAV5N85553055530
[C:\Users\guillaume_2\AppData\Local\Google\Chrome\User Data\Default\preferences] - Supprimée [Startup_URLs] : hxxp://isearch.omiga-plus.com/?type=hp&ts=1419350630&from=ill&uid=WDCXWD10EARS-003BB1_WD-WCAV5N85553055530
[C:\Users\guillaume_2\AppData\Local\Google\Chrome\User Data\Default\preferences] - Supprimée [Startup_URLs] : hxxp://www.sweet-page.com/?type=hp&ts=1411055843&from=cor&uid=WDCXWD10EARS-003BB1_WD-WCAV5N85553055530
[C:\Users\guillaume_2\AppData\Local\Google\Chrome\User Data\Default\preferences] - Supprimée [Startup_URLs] : hxxp://istart.webssearches.com/?type=hp&ts=1416412983&from=ill&uid=WDCXWD10EARS-003BB1_WD-WCAV5N85553055530

-\\ Comodo Dragon v

[C:\Users\guillaume_2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Supprimée [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419350630&from=ill&uid=WDCXWD10EARS-003BB1_WD-WCAV5N85553055530&q={searchTerms}
[C:\Users\guillaume_2\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Supprimée [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419350630&from=ill&uid=WDCXWD10EARS-003BB1_WD-WCAV5N85553055530&q={searchTerms}

*************************

AdwCleaner[R0].txt - [157458 octets] - [28/07/2014 10:38:14]
AdwCleaner[R10].txt - [8947 octets] - [19/11/2014 17:10:51]
AdwCleaner[R11].txt - [20884 octets] - [23/12/2014 15:40:06]
AdwCleaner[R12].txt - [8123 octets] - [23/12/2014 16:11:01]
AdwCleaner[R1].txt - [37678 octets] - [28/07/2014 10:42:01]
AdwCleaner[R2].txt - [25410 octets] - [31/08/2014 15:43:38]
AdwCleaner[R3].txt - [16122 octets] - [01/10/2014 11:23:18]
AdwCleaner[R4].txt - [15765 octets] - [01/10/2014 11:25:57]
AdwCleaner[R5].txt - [15826 octets] - [01/10/2014 11:26:56]
AdwCleaner[R6].txt - [15887 octets] - [01/10/2014 11:35:33]
AdwCleaner[R7].txt - [8014 octets] - [07/10/2014 17:06:50]
AdwCleaner[R8].txt - [3143 octets] - [29/10/2014 17:08:39]
AdwCleaner[R9].txt - [3246 octets] - [13/11/2014 20:02:18]
AdwCleaner[S0].txt - [10699 octets] - [28/07/2014 10:41:12]
AdwCleaner[S1].txt - [33139 octets] - [28/07/2014 10:42:40]
AdwCleaner[S2].txt - [23028 octets] - [31/08/2014 15:45:38]
AdwCleaner[S3].txt - [14959 octets] - [01/10/2014 11:37:58]
AdwCleaner[S4].txt - [6003 octets] - [07/10/2014 17:07:56]
AdwCleaner[S5].txt - [3222 octets] - [29/10/2014 17:10:42]
AdwCleaner[S6].txt - [6762 octets] - [19/11/2014 17:12:27]
AdwCleaner[S7].txt - [17624 octets] - [23/12/2014 15:41:16]
AdwCleaner[S8].txt - [5957 octets] - [23/12/2014 16:12:48]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [17745 octets] ##########
0
theboserx Messages postés 30 Date d'inscription lundi 4 février 2013 Statut Membre Dernière intervention 21 août 2019 32
23 déc. 2014 à 18:14
est voila google a redémarrer a l'instant avec avec Search Protect et Omiga plus qui s'installe
0
Réponse 3 / 9
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
23 déc. 2014 à 18:58
Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :
* Internet Explorer et modules complémentaires / moteurs de recherche : https://forum.malekal.com/viewtopic.php?t=41399&start=
* Firefox : https://www.malekal.com/reparer-firefox/?t=36057&start=
* Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=




puis :


Suis ce tutorial : https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
Cela va générer deux rapports FRST.
Envoie comme expliqué, ces deux rapports sur le site http://pjjoint.malekal.com et donne les trois liens pjjoint de ces rapports afin qu'ils puissent être consultés.



0
Réponse 4 / 9
theboserx Messages postés 30 Date d'inscription lundi 4 février 2013 Statut Membre Dernière intervention 21 août 2019 32
23 déc. 2014 à 19:52
merci de ton aide mais je pense qu'il na rien supprimer c'est normal ??

https://pjjoint.malekal.com/files.php?read=20141223_g6q9s14y7x14

https://pjjoint.malekal.com/files.php?read=FRST_20141223_r5t12u77j7

https://pjjoint.malekal.com/files.php?read=20141223_p8v11d12k5v7
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
23 déc. 2014 à 20:20
Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :

HKLM-x32\...\Run: [fst_fr_303] => [X]
HKLM-x32\...\Run: [GoforFilesInstaller Starter] => C:\Users\GUILLA~2\AppData\Local\Temp\install311620968.exe -startup
HKLM-x32\...\Run: [YourFile DownloaderInstaller Starter] => C:\Users\GUILLA~2\AppData\Local\Temp\install564644433.exe -startup
FF HKLM-x32\...\Firefox\Extensions: [50c8d4cdacbdb@50c8d4cdacc15.com] - C:\Users\guillaume_2\AppData\Roaming\Mozilla\Firefox\Profiles\ppm8w43i.default\extensions\50c8d4cdacbdb@50c8d4cdacc15.com
FF HKLM-x32\...\Firefox\Extensions: [ywnayupcbt@eoou-ghq.org] - C:\Users\guillaume_2\AppData\Roaming\Mozilla\Firefox\Profiles\ppm8w43i.default\extensions\ywnayupcbt@eoou-ghq.org
FF HKLM-x32\...\Firefox\Extensions: [jsgdomhg@o-yoo.co.uk] - C:\Users\guillaume_2\AppData\Roaming\Mozilla\Firefox\Profiles\ppm8w43i.default\extensions\jsgdomhg@o-yoo.co.uk
FF HKLM-x32\...\Firefox\Extensions: [ieuyqofpf@y-youe.org] - C:\Users\guillaume_2\AppData\Roaming\Mozilla\Firefox\Profiles\ppm8w43i.default\extensions\ieuyqofpf@y-youe.org
FF HKU\.DEFAULT\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
CHR HKLM-x32\...\Chrome\Extension: [fjdkdjokkloghgmiiibhpkhipdfomgbo] - C:\Users\GUILLA~1\AppData\Local\Temp\ccex.crx [2012-02-21]
CHR HKLM-x32\...\Chrome\Extension: [nakkgbkobdhknhojkjdjcfelmkdhhmhl] - C:\ProgramData\Browse2save\nakkgbkobdhknhojkjdjcfelmkdhhmhl.crx [Not Found]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-12-23] (Cherished Technololgy LIMITED)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-23] (Fuyu LIMITED) [File not signed]
2014-12-23 18:11 - 2014-12-23 18:11 - 00000000 ____D () C:\Users\guillaume_2\AppData\Roaming\omiga-plus
2014-12-23 18:11 - 2014-12-23 18:11 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-12-23 18:11 - 2014-12-23 18:11 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-12-23 18:11 - 2014-12-23 18:11 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-11-25 17:51 - 2014-11-25 17:51 - 00003292 _____ () C:\Windows\System32\Tasks\qxxwxA7LKzE7le0
2014-11-25 17:51 - 2014-11-25 17:51 - 00003252 _____ () C:\Windows\System32\Tasks\V51iGxdIj8cPzn0
2014-11-25 17:51 - 2014-11-25 17:51 - 00003250 _____ () C:\Windows\System32\Tasks\kfSpVZ7FtvVWyw3
2014-11-25 17:51 - 2014-11-25 17:51 - 00000000 ____D () C:\Users\guillaume_2\AppData\Roaming\UxoXhZD
2014-11-25 17:51 - 2014-11-25 17:51 - 00000000 ____D () C:\Users\guillaume_2\AppData\Roaming\ekHib2U
2014-11-25 17:51 - 2014-11-25 17:51 - 00000000 ____D () C:\ProgramData\atjs
2014-11-25 17:50 - 2014-11-25 17:51 - 00000000 ____D () C:\Users\guillaume_2\AppData\Roaming\DQJOkyj
Task: {23ED56F7-6B6B-45CF-8069-C06C243992D8} - System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC => C:\Users\guillaume_2\AppData\Roaming\~jeztbmn.exe
Task: {3915536D-C8D3-48BE-AFEF-3AEB0DE9AC2C} - System32\Tasks\WIN-statsAdmin => C:\Users\guillaume_2\AppData\Local\Microsoft\WinU\~mwnthah.exe [2014-08-06] () <==== ATTENTION
Task: {4D522AFE-D067-4F75-8A12-B60E6712BB60} - System32\Tasks\Test TimeTrigger => C:\Users\GUILLA~2\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {A7BD8F3D-7026-49E1-9B14-429772D5742D} - System32\Tasks\WIN-fIGbfFfEGCfFGEGbfCfE => C:\Users\guillaume_2\AppData\Roaming\~cwrfaab.exe
Task: {B712D017-E365-4B76-8715-08C25B1EC83B} - System32\Tasks\kfSpVZ7FtvVWyw3 => C:\Users\guillaume_2\AppData\Roaming\DQJOkyj\T8n3YzK.exe [2014-11-25] ( )
Task: {BC055C72-0BB1-469D-9ABD-6409F540BFFA} - System32\Tasks\WIN-fdfEfEfAfC => C:\Users\guillaume_2\AppData\Roaming\~tsnpeqk.exe
Task: {CDD06771-87FD-42BD-9AF7-84CB23F72FF8} - System32\Tasks\WIN-statsSystem => C:\Users\guillaume_2\AppData\Local\Microsoft\WinU\~kdehhou.exe [2014-06-30] ()
Task: C:\Windows\Tasks\SN.Booster-S-4674074418.job => c:\programdata\allaboutapp\sn.booster\SN.Booster.exe <==== ATTENTION
C:\Users\guillaume_2\AppData\Local\Microsoft\WinU\


Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.



Refais un nettoyage AdwCleaner.
Redémarre bien l'ordinateur.


0
Réponse 6 / 9
theboserx Messages postés 30 Date d'inscription lundi 4 février 2013 Statut Membre Dernière intervention 21 août 2019 32
23 déc. 2014 à 20:41
et voila maintenant je fais adwcleaner et je redémarre espérons que sa marche
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2014
Ran by guillaume_2 at 2014-12-23 20:33:44 Run:1
Running from C:\Users\guillaume_2\Desktop
Loaded Profile: guillaume_2 (Available profiles: guillaume & guillaume_2)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [fst_fr_303] => [X]
HKLM-x32\...\Run: [GoforFilesInstaller Starter] => C:\Users\GUILLA~2\AppData\Local\Temp\install311620968.exe -startup
HKLM-x32\...\Run: [YourFile DownloaderInstaller Starter] => C:\Users\GUILLA~2\AppData\Local\Temp\install564644433.exe -startup
FF HKLM-x32\...\Firefox\Extensions: [50c8d4cdacbdb@50c8d4cdacc15.com] - C:\Users\guillaume_2\AppData\Roaming\Mozilla\Firefox\Profiles\ppm8w43i.default\extensions\50c8d4cdacbdb@50c8d4cdacc15.com
FF HKLM-x32\...\Firefox\Extensions: [ywnayupcbt@eoou-ghq.org] - C:\Users\guillaume_2\AppData\Roaming\Mozilla\Firefox\Profiles\ppm8w43i.default\extensions\ywnayupcbt@eoou-ghq.org
FF HKLM-x32\...\Firefox\Extensions: [jsgdomhg@o-yoo.co.uk] - C:\Users\guillaume_2\AppData\Roaming\Mozilla\Firefox\Profiles\ppm8w43i.default\extensions\jsgdomhg@o-yoo.co.uk
FF HKLM-x32\...\Firefox\Extensions: [ieuyqofpf@y-youe.org] - C:\Users\guillaume_2\AppData\Roaming\Mozilla\Firefox\Profiles\ppm8w43i.default\extensions\ieuyqofpf@y-youe.org
FF HKU\.DEFAULT\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
CHR HKLM-x32\...\Chrome\Extension: [fjdkdjokkloghgmiiibhpkhipdfomgbo] - C:\Users\GUILLA~1\AppData\Local\Temp\ccex.crx [2012-02-21]
CHR HKLM-x32\...\Chrome\Extension: [nakkgbkobdhknhojkjdjcfelmkdhhmhl] - C:\ProgramData\Browse2save\nakkgbkobdhknhojkjdjcfelmkdhhmhl.crx [Not Found]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-12-23] (Cherished Technololgy LIMITED)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-23] (Fuyu LIMITED) [File not signed]
2014-12-23 18:11 - 2014-12-23 18:11 - 00000000 ____D () C:\Users\guillaume_2\AppData\Roaming\omiga-plus
2014-12-23 18:11 - 2014-12-23 18:11 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-12-23 18:11 - 2014-12-23 18:11 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-12-23 18:11 - 2014-12-23 18:11 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-11-25 17:51 - 2014-11-25 17:51 - 00003292 _____ () C:\Windows\System32\Tasks\qxxwxA7LKzE7le0
2014-11-25 17:51 - 2014-11-25 17:51 - 00003252 _____ () C:\Windows\System32\Tasks\V51iGxdIj8cPzn0
2014-11-25 17:51 - 2014-11-25 17:51 - 00003250 _____ () C:\Windows\System32\Tasks\kfSpVZ7FtvVWyw3
2014-11-25 17:51 - 2014-11-25 17:51 - 00000000 ____D () C:\Users\guillaume_2\AppData\Roaming\UxoXhZD
2014-11-25 17:51 - 2014-11-25 17:51 - 00000000 ____D () C:\Users\guillaume_2\AppData\Roaming\ekHib2U
2014-11-25 17:51 - 2014-11-25 17:51 - 00000000 ____D () C:\ProgramData\atjs
2014-11-25 17:50 - 2014-11-25 17:51 - 00000000 ____D () C:\Users\guillaume_2\AppData\Roaming\DQJOkyj
Task: {23ED56F7-6B6B-45CF-8069-C06C243992D8} - System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC => C:\Users\guillaume_2\AppData\Roaming\~jeztbmn.exe
Task: {3915536D-C8D3-48BE-AFEF-3AEB0DE9AC2C} - System32\Tasks\WIN-statsAdmin => C:\Users\guillaume_2\AppData\Local\Microsoft\WinU\~mwnthah.exe [2014-08-06] () <==== ATTENTION
Task: {4D522AFE-D067-4F75-8A12-B60E6712BB60} - System32\Tasks\Test TimeTrigger => C:\Users\GUILLA~2\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {A7BD8F3D-7026-49E1-9B14-429772D5742D} - System32\Tasks\WIN-fIGbfFfEGCfFGEGbfCfE => C:\Users\guillaume_2\AppData\Roaming\~cwrfaab.exe
Task: {B712D017-E365-4B76-8715-08C25B1EC83B} - System32\Tasks\kfSpVZ7FtvVWyw3 => C:\Users\guillaume_2\AppData\Roaming\DQJOkyj\T8n3YzK.exe [2014-11-25] ( )
Task: {BC055C72-0BB1-469D-9ABD-6409F540BFFA} - System32\Tasks\WIN-fdfEfEfAfC => C:\Users\guillaume_2\AppData\Roaming\~tsnpeqk.exe
Task: {CDD06771-87FD-42BD-9AF7-84CB23F72FF8} - System32\Tasks\WIN-statsSystem => C:\Users\guillaume_2\AppData\Local\Microsoft\WinU\~kdehhou.exe [2014-06-30] ()
Task: C:\Windows\Tasks\SN.Booster-S-4674074418.job => c:\programdata\allaboutapp\sn.booster\SN.Booster.exe <==== ATTENTION
C:\Users\guillaume_2\AppData\Local\Microsoft\WinU\
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_fr_303 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GoforFilesInstaller Starter => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YourFile DownloaderInstaller Starter => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\50c8d4cdacbdb@50c8d4cdacc15.com => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ywnayupcbt@eoou-ghq.org => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\jsgdomhg@o-yoo.co.uk => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ieuyqofpf@y-youe.org => value deleted successfully.
HKU\.DEFAULT\Software\Mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8} => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fjdkdjokkloghgmiiibhpkhipdfomgbo" => Key deleted successfully.
C:\Users\GUILLA~1\AppData\Local\Temp\ccex.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nakkgbkobdhknhojkjdjcfelmkdhhmhl" => Key deleted successfully.
IePluginServices => Service stopped successfully.
IePluginServices => Service deleted successfully.
WindowsMangerProtect => Service stopped successfully.
WindowsMangerProtect => Service deleted successfully.
C:\Users\guillaume_2\AppData\Roaming\omiga-plus => Moved successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
C:\ProgramData\IePluginServices => Moved successfully.

"C:\Program Files (x86)\SupTab" directory move:

C:\Program Files (x86)\SupTab\DpInterface32.dll => Moved successfully.
C:\Program Files (x86)\SupTab\DpInterface64.dll => Moved successfully.
C:\Program Files (x86)\SupTab\HpUI.exe => Moved successfully.
C:\Program Files (x86)\SupTab\ient.json => Moved successfully.
C:\Program Files (x86)\SupTab\install.data => Moved successfully.
C:\Program Files (x86)\SupTab\Loader32.exe => Moved successfully.
C:\Program Files (x86)\SupTab\Loader64.exe => Moved successfully.
C:\Program Files (x86)\SupTab\msvcp110.dll => Moved successfully.
C:\Program Files (x86)\SupTab\msvcr110.dll => Moved successfully.
C:\Program Files (x86)\SupTab\RSHP.exe => Moved successfully.
C:\Program Files (x86)\SupTab\SearchProtect32.dll => Moved successfully.
C:\Program Files (x86)\SupTab\SearchProtect64.dll => Moved successfully.
C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe => Moved successfully.
C:\Program Files (x86)\SupTab\SupTab.dll => Moved successfully.
C:\Program Files (x86)\SupTab\uninstall.exe => Moved successfully.
C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll => Moved successfully.
C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll => Moved successfully.
C:\Program Files (x86)\SupTab\web\data.html => Moved successfully.
C:\Program Files (x86)\SupTab\web\indexIE.html => Moved successfully.
C:\Program Files (x86)\SupTab\web\indexIE8.html => Moved successfully.
C:\Program Files (x86)\SupTab\web\main.css => Moved successfully.
C:\Program Files (x86)\SupTab\web\ver.txt => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\common.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\ga.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\js.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\library.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\img\google_trends.png => Moved successfully.
C:\Program Files (x86)\SupTab\web\img\icon128.png => Moved successfully.
C:\Program Files (x86)\SupTab\web\img\icon16.png => Moved successfully.
C:\Program Files (x86)\SupTab\web\img\icon48.png => Moved successfully.
C:\Program Files (x86)\SupTab\web\img\loading.gif => Moved successfully.
C:\Program Files (x86)\SupTab\web\img\logo32.ico => Moved successfully.
C:\Program Files (x86)\SupTab\skin\bk_shadow.png => Moved successfully.
C:\Program Files (x86)\SupTab\skin\btn.png => Moved successfully.
C:\Program Files (x86)\SupTab\skin\close.png => Moved successfully.
C:\Program Files (x86)\SupTab\skin\main.xml => Moved successfully.
C:\Program Files (x86)\SupTab\skin\main.xml.bak => Moved successfully.
C:\Program Files (x86)\SupTab\skin\image\ck_box.png => Moved successfully.
C:\Program Files (x86)\SupTab\skin\image\ck_check.png => Moved successfully.
C:\Program Files (x86)\SupTab\skin\image\radio_bk.png => Moved successfully.
C:\Program Files (x86)\SupTab\skin\image\radio_check.png => Moved successfully.
Could not move "C:\Program Files (x86)\SupTab" directory. => Scheduled to move on reboot.

C:\Windows\System32\Tasks\qxxwxA7LKzE7le0 => Moved successfully.
C:\Windows\System32\Tasks\V51iGxdIj8cPzn0 => Moved successfully.
C:\Windows\System32\Tasks\kfSpVZ7FtvVWyw3 => Moved successfully.
C:\Users\guillaume_2\AppData\Roaming\UxoXhZD => Moved successfully.
C:\Users\guillaume_2\AppData\Roaming\ekHib2U => Moved successfully.
C:\ProgramData\atjs => Moved successfully.
C:\Users\guillaume_2\AppData\Roaming\DQJOkyj => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23ED56F7-6B6B-45CF-8069-C06C243992D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23ED56F7-6B6B-45CF-8069-C06C243992D8}" => Key deleted successfully.
C:\Windows\System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WIN-GGfIfEGCfEGbGffIfCfEGC" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3915536D-C8D3-48BE-AFEF-3AEB0DE9AC2C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3915536D-C8D3-48BE-AFEF-3AEB0DE9AC2C}" => Key deleted successfully.
C:\Windows\System32\Tasks\WIN-statsAdmin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WIN-statsAdmin" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D522AFE-D067-4F75-8A12-B60E6712BB60}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D522AFE-D067-4F75-8A12-B60E6712BB60}" => Key deleted successfully.
C:\Windows\System32\Tasks\Test TimeTrigger => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A7BD8F3D-7026-49E1-9B14-429772D5742D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7BD8F3D-7026-49E1-9B14-429772D5742D}" => Key deleted successfully.
C:\Windows\System32\Tasks\WIN-fIGbfFfEGCfFGEGbfCfE => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WIN-fIGbfFfEGCfFGEGbfCfE" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B712D017-E365-4B76-8715-08C25B1EC83B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B712D017-E365-4B76-8715-08C25B1EC83B}" => Key deleted successfully.
C:\Windows\System32\Tasks\kfSpVZ7FtvVWyw3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\kfSpVZ7FtvVWyw3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BC055C72-0BB1-469D-9ABD-6409F540BFFA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC055C72-0BB1-469D-9ABD-6409F540BFFA}" => Key deleted successfully.
C:\Windows\System32\Tasks\WIN-fdfEfEfAfC => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WIN-fdfEfEfAfC" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CDD06771-87FD-42BD-9AF7-84CB23F72FF8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDD06771-87FD-42BD-9AF7-84CB23F72FF8}" => Key deleted successfully.
C:\Windows\System32\Tasks\WIN-statsSystem => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WIN-statsSystem" => Key deleted successfully.
C:\Windows\Tasks\SN.Booster-S-4674074418.job => Moved successfully.
C:\Users\guillaume_2\AppData\Local\Microsoft\WinU => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-23 20:35:40)<=

C:\Program Files (x86)\SupTab => Is moved successfully.

==== End of Fixlog 20:35:40 ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-12-2014
Ran by guillaume_2 at 2014-12-23 20:33:44 Run:1
Running from C:\Users\guillaume_2\Desktop
Loaded Profile: guillaume_2 (Available profiles: guillaume & guillaume_2)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [fst_fr_303] => [X]
HKLM-x32\...\Run: [GoforFilesInstaller Starter] => C:\Users\GUILLA~2\AppData\Local\Temp\install311620968.exe -startup
HKLM-x32\...\Run: [YourFile DownloaderInstaller Starter] => C:\Users\GUILLA~2\AppData\Local\Temp\install564644433.exe -startup
FF HKLM-x32\...\Firefox\Extensions: [50c8d4cdacbdb@50c8d4cdacc15.com] - C:\Users\guillaume_2\AppData\Roaming\Mozilla\Firefox\Profiles\ppm8w43i.default\extensions\50c8d4cdacbdb@50c8d4cdacc15.com
FF HKLM-x32\...\Firefox\Extensions: [ywnayupcbt@eoou-ghq.org] - C:\Users\guillaume_2\AppData\Roaming\Mozilla\Firefox\Profiles\ppm8w43i.default\extensions\ywnayupcbt@eoou-ghq.org
FF HKLM-x32\...\Firefox\Extensions: [jsgdomhg@o-yoo.co.uk] - C:\Users\guillaume_2\AppData\Roaming\Mozilla\Firefox\Profiles\ppm8w43i.default\extensions\jsgdomhg@o-yoo.co.uk
FF HKLM-x32\...\Firefox\Extensions: [ieuyqofpf@y-youe.org] - C:\Users\guillaume_2\AppData\Roaming\Mozilla\Firefox\Profiles\ppm8w43i.default\extensions\ieuyqofpf@y-youe.org
FF HKU\.DEFAULT\...\Firefox\Extensions: [{b64982b1-d112-42b5-b1e4-d3867c4533f8}] - C:\ProgramData\Browser Manager\2.2.643.41\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
CHR HKLM-x32\...\Chrome\Extension: [fjdkdjokkloghgmiiibhpkhipdfomgbo] - C:\Users\GUILLA~1\AppData\Local\Temp\ccex.crx [2012-02-21]
CHR HKLM-x32\...\Chrome\Extension: [nakkgbkobdhknhojkjdjcfelmkdhhmhl] - C:\ProgramData\Browse2save\nakkgbkobdhknhojkjdjcfelmkdhhmhl.crx [Not Found]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-12-23] (Cherished Technololgy LIMITED)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-23] (Fuyu LIMITED) [File not signed]
2014-12-23 18:11 - 2014-12-23 18:11 - 00000000 ____D () C:\Users\guillaume_2\AppData\Roaming\omiga-plus
2014-12-23 18:11 - 2014-12-23 18:11 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-12-23 18:11 - 2014-12-23 18:11 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-12-23 18:11 - 2014-12-23 18:11 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-11-25 17:51 - 2014-11-25 17:51 - 00003292 _____ () C:\Windows\System32\Tasks\qxxwxA7LKzE7le0
2014-11-25 17:51 - 2014-11-25 17:51 - 00003252 _____ () C:\Windows\System32\Tasks\V51iGxdIj8cPzn0
2014-11-25 17:51 - 2014-11-25 17:51 - 00003250 _____ () C:\Windows\System32\Tasks\kfSpVZ7FtvVWyw3
2014-11-25 17:51 - 2014-11-25 17:51 - 00000000 ____D () C:\Users\guillaume_2\AppData\Roaming\UxoXhZD
2014-11-25 17:51 - 2014-11-25 17:51 - 00000000 ____D () C:\Users\guillaume_2\AppData\Roaming\ekHib2U
2014-11-25 17:51 - 2014-11-25 17:51 - 00000000 ____D () C:\ProgramData\atjs
2014-11-25 17:50 - 2014-11-25 17:51 - 00000000 ____D () C:\Users\guillaume_2\AppData\Roaming\DQJOkyj
Task: {23ED56F7-6B6B-45CF-8069-C06C243992D8} - System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC => C:\Users\guillaume_2\AppData\Roaming\~jeztbmn.exe
Task: {3915536D-C8D3-48BE-AFEF-3AEB0DE9AC2C} - System32\Tasks\WIN-statsAdmin => C:\Users\guillaume_2\AppData\Local\Microsoft\WinU\~mwnthah.exe [2014-08-06] () <==== ATTENTION
Task: {4D522AFE-D067-4F75-8A12-B60E6712BB60} - System32\Tasks\Test TimeTrigger => C:\Users\GUILLA~2\AppData\Local\Temp\Runner.exe <==== ATTENTION
Task: {A7BD8F3D-7026-49E1-9B14-429772D5742D} - System32\Tasks\WIN-fIGbfFfEGCfFGEGbfCfE => C:\Users\guillaume_2\AppData\Roaming\~cwrfaab.exe
Task: {B712D017-E365-4B76-8715-08C25B1EC83B} - System32\Tasks\kfSpVZ7FtvVWyw3 => C:\Users\guillaume_2\AppData\Roaming\DQJOkyj\T8n3YzK.exe [2014-11-25] ( )
Task: {BC055C72-0BB1-469D-9ABD-6409F540BFFA} - System32\Tasks\WIN-fdfEfEfAfC => C:\Users\guillaume_2\AppData\Roaming\~tsnpeqk.exe
Task: {CDD06771-87FD-42BD-9AF7-84CB23F72FF8} - System32\Tasks\WIN-statsSystem => C:\Users\guillaume_2\AppData\Local\Microsoft\WinU\~kdehhou.exe [2014-06-30] ()
Task: C:\Windows\Tasks\SN.Booster-S-4674074418.job => c:\programdata\allaboutapp\sn.booster\SN.Booster.exe <==== ATTENTION
C:\Users\guillaume_2\AppData\Local\Microsoft\WinU\
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\fst_fr_303 => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\GoforFilesInstaller Starter => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YourFile DownloaderInstaller Starter => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\50c8d4cdacbdb@50c8d4cdacc15.com => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ywnayupcbt@eoou-ghq.org => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\jsgdomhg@o-yoo.co.uk => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ieuyqofpf@y-youe.org => value deleted successfully.
HKU\.DEFAULT\Software\Mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8} => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fjdkdjokkloghgmiiibhpkhipdfomgbo" => Key deleted successfully.
C:\Users\GUILLA~1\AppData\Local\Temp\ccex.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nakkgbkobdhknhojkjdjcfelmkdhhmhl" => Key deleted successfully.
IePluginServices => Service stopped successfully.
IePluginServices => Service deleted successfully.
WindowsMangerProtect => Service stopped successfully.
WindowsMangerProtect => Service deleted successfully.
C:\Users\guillaume_2\AppData\Roaming\omiga-plus => Moved successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
C:\ProgramData\IePluginServices => Moved successfully.

"C:\Program Files (x86)\SupTab" directory move:

C:\Program Files (x86)\SupTab\DpInterface32.dll => Moved successfully.
C:\Program Files (x86)\SupTab\DpInterface64.dll => Moved successfully.
C:\Program Files (x86)\SupTab\HpUI.exe => Moved successfully.
C:\Program Files (x86)\SupTab\ient.json => Moved successfully.
C:\Program Files (x86)\SupTab\install.data => Moved successfully.
C:\Program Files (x86)\SupTab\Loader32.exe => Moved successfully.
C:\Program Files (x86)\SupTab\Loader64.exe => Moved successfully.
C:\Program Files (x86)\SupTab\msvcp110.dll => Moved successfully.
C:\Program Files (x86)\SupTab\msvcr110.dll => Moved successfully.
C:\Program Files (x86)\SupTab\RSHP.exe => Moved successfully.
C:\Program Files (x86)\SupTab\SearchProtect32.dll => Moved successfully.
C:\Program Files (x86)\SupTab\SearchProtect64.dll => Moved successfully.
C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe => Moved successfully.
C:\Program Files (x86)\SupTab\SupTab.dll => Moved successfully.
C:\Program Files (x86)\SupTab\uninstall.exe => Moved successfully.
C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll => Moved successfully.
C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll => Moved successfully.
C:\Program Files (x86)\SupTab\web\data.html => Moved successfully.
C:\Program Files (x86)\SupTab\web\indexIE.html => Moved successfully.
C:\Program Files (x86)\SupTab\web\indexIE8.html => Moved successfully.
C:\Program Files (x86)\SupTab\web\main.css => Moved successfully.
C:\Program Files (x86)\SupTab\web\ver.txt => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\common.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\ga.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\js.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\library.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\img\google_trends.png => Moved successfully.
C:\Program Files (x86)\SupTab\web\img\icon128.png => Moved successfully.
C:\Program Files (x86)\SupTab\web\img\icon16.png => Moved successfully.
C:\Program Files (x86)\SupTab\web\img\icon48.png => Moved successfully.
C:\Program Files (x86)\SupTab\web\img\loading.gif => Moved successfully.
C:\Program Files (x86)\SupTab\web\img\logo32.ico => Moved successfully.
C:\Program Files (x86)\SupTab\skin\bk_shadow.png => Moved successfully.
C:\Program Files (x86)\SupTab\skin\btn.png => Moved successfully.
C:\Program Files (x86)\SupTab\skin\close.png => Moved successfully.
C:\Program Files (x86)\SupTab\skin\main.xml => Moved successfully.
C:\Program Files (x86)\SupTab\skin\main.xml.bak => Moved successfully.
C:\Program Files (x86)\SupTab\skin\image\ck_box.png => Moved successfully.
C:\Program Files (x86)\SupTab\skin\image\ck_check.png => Moved successfully.
C:\Program Files (x86)\SupTab\skin\image\radio_bk.png => Moved successfully.
C:\Program Files (x86)\SupTab\skin\image\radio_check.png => Moved successfully.
Could not move "C:\Program Files (x86)\SupTab" directory. => Scheduled to move on reboot.

C:\Windows\System32\Tasks\qxxwxA7LKzE7le0 => Moved successfully.
C:\Windows\System32\Tasks\V51iGxdIj8cPzn0 => Moved successfully.
C:\Windows\System32\Tasks\kfSpVZ7FtvVWyw3 => Moved successfully.
C:\Users\guillaume_2\AppData\Roaming\UxoXhZD => Moved successfully.
C:\Users\guillaume_2\AppData\Roaming\ekHib2U => Moved successfully.
C:\ProgramData\atjs => Moved successfully.
C:\Users\guillaume_2\AppData\Roaming\DQJOkyj => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{23ED56F7-6B6B-45CF-8069-C06C243992D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23ED56F7-6B6B-45CF-8069-C06C243992D8}" => Key deleted successfully.
C:\Windows\System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WIN-GGfIfEGCfEGbGffIfCfEGC" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3915536D-C8D3-48BE-AFEF-3AEB0DE9AC2C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3915536D-C8D3-48BE-AFEF-3AEB0DE9AC2C}" => Key deleted successfully.
C:\Windows\System32\Tasks\WIN-statsAdmin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WIN-statsAdmin" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D522AFE-D067-4F75-8A12-B60E6712BB60}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D522AFE-D067-4F75-8A12-B60E6712BB60}" => Key deleted successfully.
C:\Windows\System32\Tasks\Test TimeTrigger => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Test TimeTrigger" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A7BD8F3D-7026-49E1-9B14-429772D5742D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7BD8F3D-7026-49E1-9B14-429772D5742D}" => Key deleted successfully.
C:\Windows\System32\Tasks\WIN-fIGbfFfEGCfFGEGbfCfE => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WIN-fIGbfFfEGCfFGEGbfCfE" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B712D017-E365-4B76-8715-08C25B1EC83B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B712D017-E365-4B76-8715-08C25B1EC83B}" => Key deleted successfully.
C:\Windows\System32\Tasks\kfSpVZ7FtvVWyw3 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\kfSpVZ7FtvVWyw3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BC055C72-0BB1-469D-9ABD-6409F540BFFA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC055C72-0BB1-469D-9ABD-6409F540BFFA}" => Key deleted successfully.
C:\Windows\System32\Tasks\WIN-fdfEfEfAfC => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WIN-fdfEfEfAfC" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CDD06771-87FD-42BD-9AF7-84CB23F72FF8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDD06771-87FD-42BD-9AF7-84CB23F72FF8}" => Key deleted successfully.
C:\Windows\System32\Tasks\WIN-statsSystem => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WIN-statsSystem" => Key deleted successfully.
C:\Windows\Tasks\SN.Booster-S-4674074418.job => Moved successfully.
C:\Users\guillaume_2\AppData\Local\Microsoft\WinU => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-23 20:35:40)<=

C:\Program Files (x86)\SupTab => Is moved successfully.

==== End of Fixlog 20:35:40 ====
0
Réponse 7 / 9
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
23 déc. 2014 à 21:01
ok, refais un nettoyage AdwCleaner.
0
Réponse 8 / 9
theboserx Messages postés 30 Date d'inscription lundi 4 février 2013 Statut Membre Dernière intervention 21 août 2019 32
23 déc. 2014 à 21:04
merci infiniment sa a l'aire de marcher ... enfin pour l'instant
0
Réponse 9 / 9
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
23 déc. 2014 à 21:06
ok :)


Quelques conseils :

Installe Malwarebyte's Anti-Malware : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Fais des scans réguliers avec, il est efficace.


Pour prévenir les sites malicieux, tu peux installer Blockulicious : https://forum.malekal.com/viewtopic.php?t=46656&start=


Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/


0
theboserx Messages postés 30 Date d'inscription lundi 4 février 2013 Statut Membre Dernière intervention 21 août 2019 32
23 déc. 2014 à 21:18
ok merci c'est super mais généralement je fais attention quand même , mais des fois comme tu dit je me fais avoir mais la je vois vraiment pas comment enfin bref merci encore
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
23 déc. 2014 à 21:19
Pas de soucis, et bonnes fêtes :)
0

Discussions similaires

blocage dl-protect.link
stef38100 -
bazfile -

8 réponses
search engine
joja4950 -
Malekal_morte- -

3 réponses
Search web or type URL
josygot -
Malekal_morte- -

3 réponses
Norton Safe Search
greg35 -
gugu01 -

1 réponse
Mode PROTECT Autoradio Kenwood
Py_Wa -
Py_Wa -

2 réponses