Fast Start / Search Protect [Résolu/Fermé]

Signaler
-
Messages postés
180120
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 octobre 2020
-
Bonjour,
J'ai un problème avec Fast Start et autres Search Protect que je n'arrive pas à enlever malgré l'utilisation de adwcleaner. Si quelqu'un pouvait m'aider. Merci d'avance

7 réponses

Messages postés
180120
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 octobre 2020
22 402
Salut,

Tu as installé des adwares et programmes parasites sur ton PC.
Voici la procédure à suivre pour les supprimer :

Commence par ceci :

Donne le rapport AdwCleaner.

Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
# AdwCleaner v4.106 - Rapport créé le 24/12/2014 à 15:12:30
# Mis à jour le 21/12/2014 par Xplode
# Database : 2014-12-21.4 [Live]
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : Baptiste - BAPTISTE-HP
# Exécuté depuis : C:\Users\TEMP\Downloads\adwcleaner_4.106.exe
# Option : Scanner

***** [ Services ] *****

Service Présent : IePluginServices
Service Présent : WindowsMangerProtect

***** [ Fichiers / Dossiers ] *****

Dossier Présent : C:\Program Files (x86)\SupTab
Dossier Présent : C:\ProgramData\IePluginServices
Dossier Présent : C:\ProgramData\WindowsMangerProtect
Dossier Présent : C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\wcj4m04p.default\Extensions\***@***
Fichier Présent : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\omiga-plus.xml

***** [ Tâches planifiées ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****

Clé Présente : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Présente : HKCU\Software\Mozilla\Extends
Clé Présente : HKCU\Software\SupHpUISoft
Clé Présente : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Présente : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Clé Présente : [x64] HKCU\Software\SupHpUISoft
Clé Présente : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Présente : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Clé Présente : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Présente : HKLM\SOFTWARE\omiga-plusSoftware
Clé Présente : HKLM\SOFTWARE\SupDp
Clé Présente : HKLM\SOFTWARE\SupTab
Clé Présente : HKLM\SOFTWARE\supWindowsMangerProtect
Clé Présente : HKLM\SOFTWARE\supWPM
Clé Présente : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Clé Présente : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Clé Présente : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Donnée Présente : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [(Default)] - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1419426764&from=ill&uid=WDCXWD6400BPVT-60HXZT1_WD-WXK1A613368733687
Donnée Présente : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1419426764&from=ill&uid=WDCXWD6400BPVT-60HXZT1_WD-WXK1A613368733687
Valeur Présente : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [***@***]

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17496

Paramètre Présent : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.omiga-plus.com/?type=hp&ts=1419426764&from=ill&uid=WDCXWD6400BPVT-60HXZT1_WD-WXK1A613368733687
Paramètre Présent : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.omiga-plus.com/?type=hp&ts=1419426764&from=ill&uid=WDCXWD6400BPVT-60HXZT1_WD-WXK1A613368733687
Paramètre Présent : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419426764&from=ill&uid=WDCXWD6400BPVT-60HXZT1_WD-WXK1A613368733687&q={searchTerms}
Paramètre Présent : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.omiga-plus.com/?type=hp&ts=1419426764&from=ill&uid=WDCXWD6400BPVT-60HXZT1_WD-WXK1A613368733687
Paramètre Présent : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.omiga-plus.com/?type=hp&ts=1419426764&from=ill&uid=WDCXWD6400BPVT-60HXZT1_WD-WXK1A613368733687
Paramètre Présent : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419426764&from=ill&uid=WDCXWD6400BPVT-60HXZT1_WD-WXK1A613368733687&q={searchTerms}
Paramètre Présent : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419426764&from=ill&uid=WDCXWD6400BPVT-60HXZT1_WD-WXK1A613368733687&q={searchTerms}
Paramètre Présent : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.omiga-plus.com/?type=hp&ts=1419426764&from=ill&uid=WDCXWD6400BPVT-60HXZT1_WD-WXK1A613368733687
Paramètre Présent : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.omiga-plus.com/?type=hp&ts=1419426764&from=ill&uid=WDCXWD6400BPVT-60HXZT1_WD-WXK1A613368733687
Paramètre Présent : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1419426764&from=ill&uid=WDCXWD6400BPVT-60HXZT1_WD-WXK1A613368733687&q={searchTerms}

-\\ Mozilla Firefox v34.0 (x86 fr)

[wcj4m04p.default] - Ligne Trouvée : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[wcj4m04p.default] - Ligne Trouvée : user_pref("browser.search.selectedEngine", "omiga-plus");
[wcj4m04p.default] - Ligne Trouvée : user_pref("browser.startup.homepage", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1419426764&from=ill&uid=WDCXWD6400BPVT-60HXZT1_WD-WXK1A613368733687");
[wcj4m04p.default] - Ligne Trouvée : user_pref("extensions.quick_start.enable_search1", false);
[wcj4m04p.default] - Ligne Trouvée : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);

*************************

AdwCleaner[R0].txt - [11243 octets] - [01/08/2014 22:48:23]
AdwCleaner[R10].txt - [14012 octets] - [04/12/2014 00:40:54]
AdwCleaner[R11].txt - [2133 octets] - [07/12/2014 15:28:30]
AdwCleaner[R12].txt - [2943 octets] - [09/12/2014 00:32:28]
AdwCleaner[R13].txt - [2377 octets] - [11/12/2014 23:47:59]
AdwCleaner[R14].txt - [7801 octets] - [24/12/2014 00:05:30]
AdwCleaner[R15].txt - [7921 octets] - [24/12/2014 01:57:33]
AdwCleaner[R16].txt - [8043 octets] - [24/12/2014 13:55:06]
AdwCleaner[R17].txt - [6261 octets] - [24/12/2014 15:12:30]
AdwCleaner[R1].txt - [10339 octets] - [12/09/2014 19:44:53]
AdwCleaner[R2].txt - [12304 octets] - [16/09/2014 13:57:15]
AdwCleaner[R3].txt - [18108 octets] - [16/09/2014 16:30:48]
AdwCleaner[R4].txt - [55923 octets] - [02/10/2014 06:46:33]
AdwCleaner[R5].txt - [3940 octets] - [11/10/2014 01:08:29]
AdwCleaner[R6].txt - [6971 octets] - [25/10/2014 10:16:00]
AdwCleaner[R7].txt - [8097 octets] - [10/11/2014 11:52:03]
AdwCleaner[R8].txt - [19078 octets] - [14/11/2014 20:41:06]
AdwCleaner[R9].txt - [3493 octets] - [30/11/2014 17:41:02]
AdwCleaner[S0].txt - [7012 octets] - [01/08/2014 22:49:45]
AdwCleaner[S10].txt - [12480 octets] - [04/12/2014 00:42:15]
AdwCleaner[S11].txt - [2196 octets] - [07/12/2014 15:49:43]
AdwCleaner[S12].txt - [3012 octets] - [09/12/2014 00:34:13]
AdwCleaner[S13].txt - [2440 octets] - [11/12/2014 23:49:36]
AdwCleaner[S14].txt - [6814 octets] - [24/12/2014 00:07:31]
AdwCleaner[S15].txt - [6936 octets] - [24/12/2014 02:01:44]
AdwCleaner[S16].txt - [7058 octets] - [24/12/2014 13:56:31]
AdwCleaner[S1].txt - [4514 octets] - [12/09/2014 19:50:10]
AdwCleaner[S2].txt - [11972 octets] - [16/09/2014 13:59:39]
AdwCleaner[S3].txt - [6903 octets] - [16/09/2014 16:31:58]
AdwCleaner[S4].txt - [15220 octets] - [02/10/2014 06:49:01]
AdwCleaner[S5].txt - [3739 octets] - [11/10/2014 01:09:56]
AdwCleaner[S6].txt - [7063 octets] - [25/10/2014 10:26:44]
AdwCleaner[S7].txt - [8193 octets] - [10/11/2014 12:05:30]
AdwCleaner[S8].txt - [17279 octets] - [14/11/2014 20:43:45]
AdwCleaner[S9].txt - [2057 octets] - [30/11/2014 17:42:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R17].txt - [7898 octets] ##########
Messages postés
180120
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 octobre 2020
22 402
voici la suite :


Suis ce tutorial : https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
Cela va générer deux rapports FRST.
Envoie comme expliqué, ces deux rapports sur le site http://pjjoint.malekal.com et donne les trois liens pjjoint de ces rapports afin qu'ils puissent être consultés.


http://pjjoint.malekal.com/files.php?id=FRST_20141224_i7x10t10j8g8
http://pjjoint.malekal.com/files.php?id=20141224_l14n6y6g11q10
http://pjjoint.malekal.com/files.php?id=20141224_s13u10s12y9j8
Messages postés
180120
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 octobre 2020
22 402
Désinstalle
McAfee Security Scan
et McAfee SiteAdvisor
Sert à rien... comme tu peux le voir.


Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :

Task: {0E81E61B-AE75-4475-AEF4-90718FEBBED4} - System32\Tasks\WIN-fdfEfEfAfC => C:\Users\TEMP\AppData\Roaming\~nxbrruw.exe
Task: {238172D5-EB5B-427E-8DFB-68A1EE2B3F0D} - System32\Tasks\PhXBf1gm0abjFFI => C:\Users\TEMP\AppData\Roaming\rGJ5aRz\WXxXaev.exe [2014-11-22] ( )
Task: {7CCBDC61-9A52-431E-863E-81A5C77FCA1A} - System32\Tasks\TaskUserUpdate_wp => C:\Users\TEMP\AppData\Roaming\~fjkcfhv.exe
Task: {69DD0D48-B5B4-4F4F-A231-63D11DEBFCC7} - System32\Tasks\uBoYOSvRpYvktLL => C:\Users\TEMP\AppData\Roaming\YgzuSlg\z3oGVts.exe [2014-12-22] ( )
Task: {9537583E-DE76-44AB-9F66-EA5DC9E1EEFC} - System32\Tasks\z2pm6raViSbP9Tn => C:\Users\TEMP\AppData\Roaming\uFW53Pv\T1sNbpf.exe [2014-12-22] ( )
Task: {DDCF4A0D-0B5C-47F4-88D3-503A8FEFD9DA} - System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC => C:\Users\TEMP\AppData\Roaming\~iflltgn.exe
Task: {DF37CC6A-1DC2-4383-8E92-2D9374D43A88} - System32\Tasks\WIN-statsAdmin => C:\Users\TEMP\AppData\Local\Microsoft\WinU\~zamrbna.exe [2014-08-06] () <==== ATTENTION
2014-12-24 14:13 - 2014-12-24 14:13 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-12-24 14:13 - 2014-12-24 14:13 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-12-24 14:13 - 2014-12-24 14:13 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-12-22 13:42 - 2014-12-22 13:42 - 00003278 _____ () C:\Windows\System32\Tasks\z2pm6raViSbP9Tn
2014-12-22 13:42 - 2014-12-22 13:42 - 00003238 _____ () C:\Windows\System32\Tasks\uBoYOSvRpYvktLL
2014-12-22 13:42 - 2014-12-22 13:42 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\YgzuSlg
2014-12-22 13:42 - 2014-12-22 13:42 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\uFW53Pv
C:\Users\TEMP\AppData\Local\Microsoft\WinU
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-12-24] (Cherished Technololgy LIMITED)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-24] (Fuyu LIMITED) [File not signed]
HKU\TS_KeyLodaded\...\Run: [Kujytuo] => C:\Users\Baptiste\AppData\Roaming\kujytuo.exe [391528 2012-03-19] ()

Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.


Refais un nettoyage AdwCleaner.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-12-2014
Ran by Baptiste at 2014-12-24 16:47:18 Run:1
Running from C:\Users\TEMP\Desktop
Loaded Profile: Baptiste (Available profiles: Baptiste)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Task: {0E81E61B-AE75-4475-AEF4-90718FEBBED4} - System32\Tasks\WIN-fdfEfEfAfC => C:\Users\TEMP\AppData\Roaming\~nxbrruw.exe
Task: {238172D5-EB5B-427E-8DFB-68A1EE2B3F0D} - System32\Tasks\PhXBf1gm0abjFFI => C:\Users\TEMP\AppData\Roaming\rGJ5aRz\WXxXaev.exe [2014-11-22] ( )
Task: {7CCBDC61-9A52-431E-863E-81A5C77FCA1A} - System32\Tasks\TaskUserUpdate_wp => C:\Users\TEMP\AppData\Roaming\~fjkcfhv.exe
Task: {69DD0D48-B5B4-4F4F-A231-63D11DEBFCC7} - System32\Tasks\uBoYOSvRpYvktLL => C:\Users\TEMP\AppData\Roaming\YgzuSlg\z3oGVts.exe [2014-12-22] ( )
Task: {9537583E-DE76-44AB-9F66-EA5DC9E1EEFC} - System32\Tasks\z2pm6raViSbP9Tn => C:\Users\TEMP\AppData\Roaming\uFW53Pv\T1sNbpf.exe [2014-12-22] ( )
Task: {DDCF4A0D-0B5C-47F4-88D3-503A8FEFD9DA} - System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC => C:\Users\TEMP\AppData\Roaming\~iflltgn.exe
Task: {DF37CC6A-1DC2-4383-8E92-2D9374D43A88} - System32\Tasks\WIN-statsAdmin => C:\Users\TEMP\AppData\Local\Microsoft\WinU\~zamrbna.exe [2014-08-06] () <==== ATTENTION
2014-12-24 14:13 - 2014-12-24 14:13 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-12-24 14:13 - 2014-12-24 14:13 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-12-24 14:13 - 2014-12-24 14:13 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-12-22 13:42 - 2014-12-22 13:42 - 00003278 _____ () C:\Windows\System32\Tasks\z2pm6raViSbP9Tn
2014-12-22 13:42 - 2014-12-22 13:42 - 00003238 _____ () C:\Windows\System32\Tasks\uBoYOSvRpYvktLL
2014-12-22 13:42 - 2014-12-22 13:42 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\YgzuSlg
2014-12-22 13:42 - 2014-12-22 13:42 - 00000000 ____D () C:\Users\TEMP\AppData\Roaming\uFW53Pv
C:\Users\TEMP\AppData\Local\Microsoft\WinU
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-12-24] (Cherished Technololgy LIMITED)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [485888 2014-12-24] (Fuyu LIMITED) [File not signed]
HKU\TS_KeyLodaded\...\Run: [Kujytuo] => C:\Users\Baptiste\AppData\Roaming\kujytuo.exe [391528 2012-03-19] ()
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0E81E61B-AE75-4475-AEF4-90718FEBBED4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E81E61B-AE75-4475-AEF4-90718FEBBED4}" => Key deleted successfully.
C:\Windows\System32\Tasks\WIN-fdfEfEfAfC => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WIN-fdfEfEfAfC" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{238172D5-EB5B-427E-8DFB-68A1EE2B3F0D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{238172D5-EB5B-427E-8DFB-68A1EE2B3F0D}" => Key deleted successfully.
C:\Windows\System32\Tasks\PhXBf1gm0abjFFI => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PhXBf1gm0abjFFI" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7CCBDC61-9A52-431E-863E-81A5C77FCA1A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CCBDC61-9A52-431E-863E-81A5C77FCA1A}" => Key deleted successfully.
C:\Windows\System32\Tasks\TaskUserUpdate_wp => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TaskUserUpdate_wp" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69DD0D48-B5B4-4F4F-A231-63D11DEBFCC7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69DD0D48-B5B4-4F4F-A231-63D11DEBFCC7}" => Key deleted successfully.
C:\Windows\System32\Tasks\uBoYOSvRpYvktLL => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\uBoYOSvRpYvktLL" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9537583E-DE76-44AB-9F66-EA5DC9E1EEFC}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9537583E-DE76-44AB-9F66-EA5DC9E1EEFC}" => Key deleted successfully.
C:\Windows\System32\Tasks\z2pm6raViSbP9Tn => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\z2pm6raViSbP9Tn" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DDCF4A0D-0B5C-47F4-88D3-503A8FEFD9DA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDCF4A0D-0B5C-47F4-88D3-503A8FEFD9DA}" => Key deleted successfully.
C:\Windows\System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WIN-GGfIfEGCfEGbGffIfCfEGC" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DF37CC6A-1DC2-4383-8E92-2D9374D43A88}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF37CC6A-1DC2-4383-8E92-2D9374D43A88}" => Key deleted successfully.
C:\Windows\System32\Tasks\WIN-statsAdmin => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WIN-statsAdmin" => Key deleted successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
C:\ProgramData\IePluginServices => Moved successfully.

"C:\Program Files (x86)\SupTab" directory move:

C:\Program Files (x86)\SupTab\DpInterface32.dll => Moved successfully.
C:\Program Files (x86)\SupTab\DpInterface64.dll => Moved successfully.
C:\Program Files (x86)\SupTab\HpUI.exe => Moved successfully.
C:\Program Files (x86)\SupTab\ient.json => Moved successfully.
C:\Program Files (x86)\SupTab\install.data => Moved successfully.
C:\Program Files (x86)\SupTab\Loader32.exe => Moved successfully.
C:\Program Files (x86)\SupTab\Loader64.exe => Moved successfully.
C:\Program Files (x86)\SupTab\msvcp110.dll => Moved successfully.
C:\Program Files (x86)\SupTab\msvcr110.dll => Moved successfully.
C:\Program Files (x86)\SupTab\RSHP.exe => Moved successfully.
C:\Program Files (x86)\SupTab\SearchProtect32.dll => Moved successfully.
C:\Program Files (x86)\SupTab\SearchProtect64.dll => Moved successfully.
C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe => Moved successfully.
C:\Program Files (x86)\SupTab\SupTab.dll => Moved successfully.
C:\Program Files (x86)\SupTab\uninstall.exe => Moved successfully.
C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll => Moved successfully.
C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll => Moved successfully.
C:\Program Files (x86)\SupTab\web\data.html => Moved successfully.
C:\Program Files (x86)\SupTab\web\indexIE.html => Moved successfully.
C:\Program Files (x86)\SupTab\web\indexIE8.html => Moved successfully.
C:\Program Files (x86)\SupTab\web\main.css => Moved successfully.
C:\Program Files (x86)\SupTab\web\ver.txt => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\common.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\ga.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\js.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\library.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js => Moved successfully.
C:\Program Files (x86)\SupTab\web\img\google_trends.png => Moved successfully.
C:\Program Files (x86)\SupTab\web\img\icon128.png => Moved successfully.
C:\Program Files (x86)\SupTab\web\img\icon16.png => Moved successfully.
C:\Program Files (x86)\SupTab\web\img\icon48.png => Moved successfully.
C:\Program Files (x86)\SupTab\web\img\loading.gif => Moved successfully.
C:\Program Files (x86)\SupTab\web\img\logo32.ico => Moved successfully.
C:\Program Files (x86)\SupTab\skin\bk_shadow.png => Moved successfully.
C:\Program Files (x86)\SupTab\skin\btn.png => Moved successfully.
C:\Program Files (x86)\SupTab\skin\close.png => Moved successfully.
C:\Program Files (x86)\SupTab\skin\main.xml => Moved successfully.
C:\Program Files (x86)\SupTab\skin\main.xml.bak => Moved successfully.
C:\Program Files (x86)\SupTab\skin\image\ck_box.png => Moved successfully.
C:\Program Files (x86)\SupTab\skin\image\ck_check.png => Moved successfully.
C:\Program Files (x86)\SupTab\skin\image\radio_bk.png => Moved successfully.
C:\Program Files (x86)\SupTab\skin\image\radio_check.png => Moved successfully.
Could not move "C:\Program Files (x86)\SupTab" directory. => Scheduled to move on reboot.

"C:\Windows\System32\Tasks\z2pm6raViSbP9Tn" => File/Directory not found.
"C:\Windows\System32\Tasks\uBoYOSvRpYvktLL" => File/Directory not found.
C:\Users\TEMP\AppData\Roaming\YgzuSlg => Moved successfully.
C:\Users\TEMP\AppData\Roaming\uFW53Pv => Moved successfully.
C:\Users\TEMP\AppData\Local\Microsoft\WinU => Moved successfully.
IePluginServices => Service stopped successfully.
IePluginServices => Service deleted successfully.
WindowsMangerProtect => Service stopped successfully.
WindowsMangerProtect => Service deleted successfully.
HKU\TS_KeyLodaded\Software\Microsoft\Windows\CurrentVersion\Run\\Kujytuo => value deleted successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-12-24 16:50:28)<=

C:\Program Files (x86)\SupTab => Is moved successfully.

==== End of Fixlog 16:50:28 ====
Messages postés
180120
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 octobre 2020
22 402
ok,

Fais bien le nettoyage AdwCleaner :)
Messages postés
180120
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
21 octobre 2020
22 402
De rien :)

Quelques conseils :

Installe Malwarebyte's Anti-Malware : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Fais des scans réguliers avec, il est efficace.


Pour prévenir les sites malicieux, tu peux installer Blockulicious : https://forum.malekal.com/viewtopic.php?t=46656&start=


Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/