Trojan : fausse page mise à jour flash, speed PC

Résolu/Fermé
Signaler
Messages postés
146
Date d'inscription
jeudi 31 janvier 2013
Statut
Membre
Dernière intervention
15 mai 2018
-
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
-
Bonjour, ce matin a l'ouverture de mon pc fix j'ai une page adobe qui me demande la mise à jour . pas l'écran habituelle mais une page mozilla et moi gentiment je mets à jour.
misére misère une demi douzaine de logiciels s'installent (opera, speec pc, truc game) .

j'essaie de désinstaller un logiciel deux apparaissent. je fais un scan malware bytes qui me trouvent 250 objets dont 25 trojans. après mise en quarantaine je supprime les fichiers infectés et supprime les logiciels qui restent. je fais un petit cout de ccleaner mais mon pc rame alors j'essaye malware eraser qui plante avec ce message
acces violation at adress 0052c2bc in modul "malware eraser. ex" read of address 000000

je refais un malwarebytes du coup qui trouve encore 100 fichiers douteux qui partent en quarantaine puis supprimés;
j'ai dans le journal d'examen la mention "échec".
bref comment nettoyer mon pc??? j'y suis depuis ce matin et il y a toujours plein de pages pub qui s'affichent , mozzilla rame.
merci beaucoup de votre aide
carine

6 réponses

Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 507
Salut,

Tu as installé des adwares et programmes parasites sur ton PC qui ouvrent des publicités et ralentissent l'ordinateur et les navigateurs WEB.
Voici la procédure à suivre pour les supprimer :

Commence par ceci :

Suis le tutorial AdwCleaner https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= ( d'Xplode )
Télécharge le sur ton bureau ou dossier de téléchargement.
Lance AdwCleaner, clique sur [Scanner].
L'analyse peux durer plusieurs minutes, patiente.
Une fois le scan terminé, ne décoche rien, clique sur [Nettoyer]

Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt


puis :

Suis ce tutoriel FRST: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
Cela va générer trois rapports FRST :
* FRST.txt
* Shortcut.txt
* Additionnal.txt

Envoie comme expliqué, ces trois rapports sur le site pjjoint et donne les trois liens pjjoint de ces rapports afin qu'ils puissent être consultés.


0
Messages postés
146
Date d'inscription
jeudi 31 janvier 2013
Statut
Membre
Dernière intervention
15 mai 2018
7
merci
je suis allée travailler entre temps.
j'ai suivi les deux tuto

; adw cleaner a d'abord planter aux nettoyage
voici le rapport :

# AdwCleaner v4.108 - Rapport créé le 21/01/2015 à 13:20:28
# Mis à jour le 17/01/2015 par Xplode
# Database : 2015-01-18.1 [Live]
# Système d'exploitation : Windows Vista (TM) Business Service Pack 2 (32 bits)
# Nom d'utilisateur : ec - CARINE
# Exécuté depuis : C:\Users\ec\Downloads\adwcleaner_4.108(1).exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\Users\ec\AppData\Roaming\Nosibay
Dossier Supprimé : C:\Users\ec\AppData\Roaming\Store
Dossier Supprimé : C:\Users\ec\AppData\Roaming\WTools
Dossier Supprimé : C:\Users\ec\Documents\Optimizer Pro
Dossier Supprimé : C:\Users\ec\AppData\Local\Google\Chrome\User Data\Default\Extensions\biahaobfpkgeiomkihcdgknebbhadonc
Dossier Supprimé : C:\Users\ec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgbgllicdnedniokaclojpoklkgoencp
Fichier Supprimé : C:\END
Fichier Supprimé : C:\Windows\rcore.exe
Fichier Supprimé : C:\Windows\system32\abengine.dll
Fichier Supprimé : C:\Users\ec\AppData\Local\Temp\Uninstall.exe
Fichier Supprimé : C:\Users\ec\AppData\Roaming\Selection Tools.installation.log
Fichier Supprimé : C:\Users\Administrateur\AppData\Roaming\Mozilla\Firefox\Profiles\5suv8gli.default\user.js
Fichier Supprimé : C:\Users\ec\AppData\Roaming\Mozilla\Firefox\Profiles\lqtmmn0g.default-1394219063415\user.js
Fichier Supprimé : C:\Users\ec\AppData\Roaming\Mozilla\Firefox\Profiles\stde32zl.default-1392202323543\user.js

***** [ Tâches planifiées ] *****

Tâche Supprimée : APSnotifierPP1
Tâche Supprimée : APSnotifierPP2
Tâche Supprimée : APSnotifierPP3
Tâche Supprimée : FoxTab
Tâche Supprimée : globalUpdateUpdateTaskMachineCore
Tâche Supprimée : globalUpdateUpdateTaskMachineUA
Tâche Supprimée : LaunchSignup
Tâche Supprimée : SpeedChecker Update
Tâche Supprimée : WindApp Update
Tâche Supprimée : Selection Tools Update

***** [ Raccourcis ] *****

Raccourci Désinfecté : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

***** [ Registre ] *****

Valeur Supprimée : HKCU\Software\Mozilla\Firefox\Extensions [{6E1ACA7A-6778-D4C9-7F6E-48112245ACC7}]
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\speedupmypc
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [CrashMon]
Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Clé Supprimée : HKCU\Software\Mozilla\Extends
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{533403E2-6E21-4615-9E28-43F4E97E977B}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{32CF6D04-FCCD-4029-F459-6CEF7C49A62F}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{55009AD9-6D15-4E09-BA25-04E665DDD885}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Clé Supprimée : HKCU\Software\AnyProtect
Clé Supprimée : HKCU\Software\GlobalUpdate
Clé Supprimée : HKCU\Software\InstalledBrowserExtensions
Clé Supprimée : HKCU\Software\Optimizer Pro
Clé Supprimée : HKCU\Software\Store
Clé Supprimée : HKCU\Software\Wnkey
Clé Supprimée : HKCU\Software\WTools
Clé Supprimée : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clé Supprimée : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clé Supprimée : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Clé Supprimée : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Clé Supprimée : HKLM\SOFTWARE\GlobalUpdate
Clé Supprimée : HKLM\SOFTWARE\InstalledBrowserExtensions
Clé Supprimée : HKLM\SOFTWARE\SupDp
Clé Supprimée : HKLM\SOFTWARE\Tutorials
Clé Supprimée : HKLM\SOFTWARE\Uniblue
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bubble Dock
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\windapp
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ConvertAd
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Selection Tools

***** [ Navigateurs ] *****

-\\ Internet Explorer v9.0.8112.16599


-\\ Mozilla Firefox v35.0 (x86 fr)

[5suv8gli.default\prefs.js] - Ligne Supprimée : user_pref("extensions.irmysearch.aflt", "airmsd");
[5suv8gli.default\prefs.js] - Ligne Supprimée : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzutDtDtD0AyBzz0A0FyBtBzzyB0D0AtCyEtN0D0Tzu0CyDtAtCtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1T1L1C1H1B1Q");
[5suv8gli.default\prefs.js] - Ligne Supprimée : user_pref("extensions.irmysearch.cr", "389752742");
[5suv8gli.default\prefs.js] - Ligne Supprimée : user_pref("extensions.irmysearch.instlRef", "");
[lqtmmn0g.default-1394219063415\prefs.js] - Ligne Supprimée : user_pref("browser.search.searchengine.alias", "omiga-plus");
[lqtmmn0g.default-1394219063415\prefs.js] - Ligne Supprimée : user_pref("browser.search.searchengine.iconURL", "hxxp://isearch.omiga-plus.com/web/favicon.ico");
[lqtmmn0g.default-1394219063415\prefs.js] - Ligne Supprimée : user_pref("browser.search.searchengine.name", "omiga-plus");
[lqtmmn0g.default-1394219063415\prefs.js] - Ligne Supprimée : user_pref("browser.search.searchengine.url", "hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1421826819&from=tugs&uid=ST380819AS_4MR5KWM9XXXX4MR5KWM9&q={searchTerms}");

-\\ Google Chrome v

[C:\Users\ec\AppData\Local\Google\Chrome\User Data\Default\preferences] - Supprimée [Extension] : pgbgllicdnedniokaclojpoklkgoencp

-\\ Comodo Dragon v


-\\ Opera v0.0.0.0


*************************

AdwCleaner[R3].txt - [10297 octets] - [21/01/2015 12:45:04]
AdwCleaner[R4].txt - [9708 octets] - [21/01/2015 13:18:17]
AdwCleaner[S3].txt - [1130 octets] - [21/01/2015 12:50:51]
AdwCleaner[S4].txt - [9918 octets] - [21/01/2015 13:20:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [9978 octets] ##########


Ensuite j'ai supprimer les proxi
ensuite j'ai fait un scan avec frst
voici les rapport
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2015
Ran by ec (administrator) on CARINE on 21-01-2015 15:44:49
Running from C:\Users\ec\Downloads
Loaded Profiles: ec (Available profiles: ec & Administrateur)
Platform: Microsoft® Windows Vista(TM) Professionnel Service Pack 2 (X86) OS Language: Français (France)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Lexmark International, Inc.) C:\Windows\System32\LEXBCES.EXE
(Lexmark International, Inc.) C:\Windows\System32\LEXPPS.EXE
(Teruten) C:\Windows\System32\FsUsbExService.Exe
( ) C:\Windows\System32\lxbvcoms.exe
(CybelSoft) C:\Program Files\ma-config.com\MaConfigAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Windows\System32\qttask.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Users\ec\AppData\Local\WahOO\Wahoo.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_257.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7858720 2009-10-21] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [505720 2011-07-20] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Windows\System32\qttask.exe [28672 2013-05-26] ()
HKLM\...\Run: [NPSStartup] => [X]
HKLM\...\Run: [Lexmark 2200 Series] => "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
HKLM\...\Run: [UnlockerAssistant] => "C:\Program Files\Unlocker\UnlockerAssistant.exe"
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2169863762-3314931148-3351663341-1000\...\Run: [Wahoo] => C:\Users\ec\AppData\Local\WahOO\Wahoo.exe [4062960 2014-09-16] ()
HKU\S-1-5-21-2169863762-3314931148-3351663341-1000\...\Run: [AutoStartNPSAgent] => C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe [102400 2009-04-02] (Samsung Electronics Co., Ltd.)
HKU\S-1-5-21-2169863762-3314931148-3351663341-1000\...\Run: [EPSON Stylus DX4400 Series] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [180736 2007-03-01] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2169863762-3314931148-3351663341-1000\...\MountPoints2: D - D:\Install.exe
HKU\S-1-5-21-2169863762-3314931148-3351663341-1000\...\MountPoints2: {c81856fd-8fa8-11e2-850e-806e6f6e6963} - D:\Install.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppppp
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = web/?type=dspp&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = ?type=hppppp
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = web/?type=dspp&q={searchTerms}
HKU\S-1-5-21-2169863762-3314931148-3351663341-1000\Software\Microsoft\Internet Explorer\Main,Start Page = ?type=hppppp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000 -> {7FE4A37C-AA7D-4C1E-B8CB-F9154FAD9003} URL = https://fr.search.yahoo.com/web?fr=chr-greentree_ie{searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 212.27.40.241 212.27.40.240

FireFox:
========
FF ProfilePath: C:\Users\ec\AppData\Roaming\Mozilla\Firefox\Profiles\lqtmmn0g.default-1394219063415
FF Homepage: ?type=hppppp
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: 097d3191e6fa47289826b533d755359d - C:\Users\ec\AppData\Roaming\Mozilla\Firefox\Profiles\lqtmmn0g.default-1394219063415\Extensions\{097d3191-e6fa-4728-9826-b533d755359d} [2015-01-21]
FF Extension: Adblock Plus - C:\Users\ec\AppData\Roaming\Mozilla\Firefox\Profiles\lqtmmn0g.default-1394219063415\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-03-08]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-04-12]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Profile: C:\Users\ec\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\ec\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-03]
CHR Extension: (No Name) - C:\Users\ec\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckbphnbhccijhhmlfaojlomohcijeaam [2014-04-26]
CHR Extension: (No Name) - C:\Users\ec\AppData\Local\Google\Chrome\User Data\Default\Extensions\clfmonkalkkicnpfdkdcfabegffinhpn [2014-04-26]
CHR Extension: (Google Search) - C:\Users\ec\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-03]
CHR Extension: (Clear Cache) - C:\Users\ec\AppData\Local\Google\Chrome\User Data\Default\Extensions\cppjkneekbjaeellbfkmgnhonkkjfpdn [2014-04-26]
CHR Extension: (gjnmclkoadjdljnfmbnnhaahilafoeji) - C:\Users\ec\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjnmclkoadjdljnfmbnnhaahilafoeji [2015-01-21]
CHR Extension: (Chrome In-App Payments service) - C:\Users\ec\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-04]
CHR Extension: (Gmail) - C:\Users\ec\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-04-03]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2009-03-31] (Teruten) [File not signed]
R2 LexBceS; C:\Windows\System32\LEXBCES.EXE [311296 2004-01-14] (Lexmark International, Inc.) [File not signed]
R2 lxbv_device; C:\Windows\system32\lxbvcoms.exe [537520 2007-04-25] ( )
R2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2117960 2014-02-25] (CybelSoft)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-18] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36608 2009-03-31] () [File not signed]
S3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2005-01-19] (Labtec Inc.)
S3 ma-config_x86; C:\Program Files\ma-config.com\Drivers\ma-config_x86.sys [16160 2014-02-24] (CybelSoft)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 PID_0928; C:\Windows\System32\DRIVERS\LV561AV.SYS [211712 2005-01-19] (Labtec Inc.)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [602216 2010-06-15] (Realtek Semiconductor Corporation )
S3 ss_bbus; C:\Windows\System32\DRIVERS\ss_bbus.sys [90112 2009-03-20] (MCCI)
S3 ss_bmdfl; C:\Windows\System32\DRIVERS\ss_bmdfl.sys [14976 2009-03-20] (MCCI Corporation)
S3 ss_bmdm; C:\Windows\System32\DRIVERS\ss_bmdm.sys [121856 2009-03-20] (MCCI Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S1 nmjin2i4yzyxymr; system32\drivers\nmjin2i4yzyxymr.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 15:44 - 2015-01-21 15:45 - 00013186 _____ () C:\Users\ec\Downloads\FRST.txt
2015-01-21 15:44 - 2015-01-21 15:44 - 01118208 _____ (Farbar) C:\Users\ec\Downloads\FRST.exe
2015-01-21 15:44 - 2015-01-21 15:44 - 00000000 ___DC () C:\FRST
2015-01-21 13:18 - 2015-01-21 13:18 - 02186752 _____ () C:\Users\ec\Downloads\adwcleaner_4.108(1).exe
2015-01-21 12:45 - 2015-01-21 13:31 - 00000000 ___DC () C:\AdwCleaner
2015-01-21 12:44 - 2015-01-21 12:44 - 02186752 _____ () C:\Users\ec\Downloads\adwcleaner_4.108.exe
2015-01-21 12:38 - 2015-01-21 12:38 - 00001281 ____C () C:\mbam.txt
2015-01-21 11:52 - 2015-01-21 13:33 - 00005786 _____ () C:\Windows\PFRO.log
2015-01-21 10:53 - 2015-01-21 10:53 - 00000836 _____ () C:\Users\Public\Desktop\Malware Eraser.lnk
2015-01-21 10:53 - 2015-01-21 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malware Eraser
2015-01-21 10:53 - 2015-01-21 10:53 - 00000000 ____D () C:\Program Files\Malware Eraser
2015-01-21 10:52 - 2015-01-21 10:52 - 01214902 _____ (TCPmonitor.altervista.org ) C:\Users\ec\Downloads\Malware_Eraser_Setup1.2(1).exe
2015-01-21 10:50 - 2015-01-21 10:50 - 00236392 _____ () C:\Users\ec\Downloads\Malware_Eraser_Setup1.2.exe
2015-01-21 10:34 - 2015-01-21 11:47 - 00000000 ____D () C:\Users\ec\AppData\Local\13308
2015-01-21 10:11 - 2015-01-21 15:34 - 00001324 _____ () C:\Windows\Tasks\DCAPE.job
2015-01-21 10:11 - 2015-01-21 10:36 - 00000000 ____D () C:\ProgramData\oWFbSw
2015-01-21 10:10 - 2015-01-21 15:34 - 00001322 _____ () C:\Windows\Tasks\ZCJC.job
2015-01-21 10:10 - 2015-01-21 11:47 - 00000000 ____D () C:\Program Files\CinemaHd For Pro 2.4cV21.01
2015-01-21 09:30 - 2015-01-21 11:53 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2015-01-21 09:30 - 2015-01-21 11:53 - 00000364 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2015-01-21 09:30 - 2015-01-21 09:50 - 00000366 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2015-01-21 09:26 - 2015-01-21 09:26 - 00613057 _____ (CMI Limited) C:\Users\ec\AppData\Local\nskDB4D.tmp
2015-01-21 09:22 - 2015-01-21 09:22 - 00000000 ____D () C:\Users\ec\AppData\Roaming\Opera Software
2015-01-21 09:22 - 2015-01-21 09:22 - 00000000 ____D () C:\Users\ec\AppData\Local\Opera Software
2015-01-21 09:11 - 2015-01-21 09:11 - 00000496 __RSH () C:\ProgramData\ntuser.pol
2015-01-21 09:08 - 2015-01-21 15:08 - 00000276 _____ () C:\Windows\Tasks\Foxtab.job
2015-01-21 09:07 - 2015-01-21 09:46 - 00000000 ____D () C:\Program Files\Opera
2015-01-21 08:56 - 2015-01-21 15:34 - 00001328 _____ () C:\Windows\Tasks\CEFDUET.job
2015-01-21 08:54 - 2015-01-21 10:10 - 00000000 ___HD () C:\Users\Public\Temp
2015-01-21 08:53 - 2015-01-21 08:55 - 00000000 ____D () C:\Program Files\Unjbiy2jhyzqxnwr
2015-01-21 08:52 - 2015-01-21 15:34 - 00001326 _____ () C:\Windows\Tasks\MLKPFB.job
2015-01-17 19:29 - 2015-01-17 21:30 - 733687808 _____ () C:\Users\ec\Desktop\Allen Carr - La methode simple pour en finir avec la cigaret.avi
2015-01-17 18:25 - 2015-01-21 12:18 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 18:25 - 2015-01-17 18:25 - 00000859 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-17 18:24 - 2015-01-17 18:24 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-17 18:24 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-17 18:24 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-17 18:24 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-17 18:21 - 2015-01-17 18:24 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\ec\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-17 18:06 - 2015-01-17 18:06 - 01547744 _____ (Cinema PlusV17.01) C:\Users\ec\AppData\Roaming\YUSOTKW.exe
2015-01-17 18:05 - 2015-01-17 18:05 - 02040288 _____ (Cinema PlusV17.01) C:\Users\ec\AppData\Roaming\ICUDU.exe
2015-01-16 14:06 - 2014-12-19 01:25 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 13:47 - 2014-12-06 04:14 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 13:47 - 2014-12-06 04:14 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-16 13:47 - 2014-12-06 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-16 13:46 - 2014-12-06 04:14 - 00153600 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:36 - 2015-01-14 16:37 - 00000000 ____D () C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-21 15:33 - 2006-11-02 13:47 - 00004128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-21 15:33 - 2006-11-02 13:47 - 00004128 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-21 15:28 - 2013-04-03 11:05 - 00001002 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-21 15:25 - 2006-11-02 13:52 - 01185380 _____ () C:\Windows\WindowsUpdate.log
2015-01-21 13:33 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-21 13:32 - 2006-11-02 14:01 - 00032614 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-21 13:31 - 2013-04-11 15:18 - 00000818 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-21 11:48 - 2013-05-08 18:54 - 00000000 ____D () C:\Users\ec\Desktop\video issa
2015-01-21 10:11 - 2013-04-03 11:05 - 00000000 ____D () C:\Program Files\Google
2015-01-21 09:46 - 2013-03-18 10:02 - 00000909 _____ () C:\Users\ec\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-21 09:11 - 2006-11-02 12:18 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-01-21 09:07 - 2014-06-15 15:47 - 00000846 _____ () C:\Users\ec\Desktop\Mozilla Firefox.lnk
2015-01-21 08:54 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2015-01-18 01:45 - 2013-03-18 10:58 - 00000000 ____D () C:\Users\ec\AppData\Roaming\vlc
2015-01-17 18:44 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Provisioning
2015-01-16 14:29 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-16 14:06 - 2013-08-17 10:51 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 14:01 - 2006-11-02 11:24 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-01-16 13:17 - 2013-04-11 15:18 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-13 22:28 - 2014-02-21 13:28 - 04376752 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-01-13 22:28 - 2013-04-03 11:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-13 22:28 - 2013-04-03 11:05 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-13 21:46 - 2014-09-02 14:12 - 00000000 ____D () C:\Users\ec\AppData\Local\Adobe
2014-12-31 12:13 - 2013-04-03 10:29 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-25 20:59 - 2006-11-02 11:33 - 00006822 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-25 19:52 - 2013-05-02 20:36 - 00113152 _____ () C:\Users\ec\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-25 18:34 - 2013-12-19 14:23 - 00000000 ___RD () C:\Users\ec\Desktop\portable
2014-12-24 23:01 - 2013-08-08 15:04 - 00000000 ____D () C:\Users\ec\Desktop\mm
2014-12-24 22:07 - 2014-07-03 17:20 - 00000000 ____D () C:\Users\ec\Desktop\photos

==================== Files in the root of some directories =======
2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\ec\AppData\Roaming\CEFDUET
2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\ec\AppData\Roaming\DCAPE
2015-01-17 18:05 - 2015-01-17 18:05 - 2040288 _____ (Cinema PlusV17.01) C:\Users\ec\AppData\Roaming\ICUDU.exe
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\ec\AppData\Roaming\MLKPFB
2013-04-11 13:54 - 2013-04-11 13:54 - 0024206 _____ () C:\Users\ec\AppData\Roaming\UserTile.png
2015-01-17 18:06 - 2015-01-17 18:06 - 1547744 _____ (Cinema PlusV17.01) C:\Users\ec\AppData\Roaming\YUSOTKW.exe
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\ec\AppData\Roaming\ZCJC
2013-12-22 09:23 - 2013-12-22 10:16 - 0000788 _____ () C:\Users\ec\AppData\Local\cookies.ini
2013-03-18 10:01 - 2013-03-18 10:02 - 0000680 _____ () C:\Users\ec\AppData\Local\d3d9caps.dat
2013-05-02 20:36 - 2014-12-25 19:52 - 0113152 _____ () C:\Users\ec\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-21 09:26 - 2015-01-21 09:26 - 0613057 _____ (CMI Limited) C:\Users\ec\AppData\Local\nskDB4D.tmp

Files to move or delete:
====================
C:\Users\ec\eBayISAPI.dll
C:\Users\ec\vlc-2.0.3-win32.exe


Some content of TEMP:
====================
C:\Users\ec\AppData\Local\Temp\73E932B3-E3A2-8804-05FB-BF64C99852C9.dll
C:\Users\ec\AppData\Local\Temp\73E932B3-E3A2-8804-05FB-BF64C99852C9.exe
C:\Users\ec\AppData\Local\Temp\BackupSetup.exe
C:\Users\ec\AppData\Local\Temp\C4869FAD-D076-FDB2-1CFF-8F36E858EC0F.exe
C:\Users\ec\AppData\Local\Temp\Launcher__10272.exe
C:\Users\ec\AppData\Local\Temp\optprosetup.exe
C:\Users\ec\AppData\Local\Temp\Quarantine.exe
C:\Users\ec\AppData\Local\Temp\SpOrder.dll
C:\Users\ec\AppData\Local\Temp\sqlite3.dll
C:\Users\ec\AppData\Local\Temp\uobnyv04ydl6.exe
C:\Users\ec\AppData\Local\Temp\vcredist_x86.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-21 13:48

==================== End Of Log ============================


////////////////////////////////////////////////////////////////////////////////


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2015
Ran by ec at 2015-01-21 15:45:55
Running from C:\Users\ec\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 - Français (HKLM\...\{AC76BA86-7AD7-1036-7B44-A95000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Clic d'Api N°18 (HKLM\...\clicApi18) (Version: - )
Clic d'Api N°19 (HKLM\...\clicApi19) (Version: - )
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1208.101.124 - ALPS ELECTRIC CO., LTD.)
Digimax Master (HKLM\...\{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}) (Version: 1.0.35 - Samsung)
EPSON Logiciel imprimante (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
Freeplayer (HKLM\...\Freeplayer) (Version: 20070531 - Free)
Galerie de photos Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Intel(R) TV Wizard (HKLM\...\TVWiz) (Version: - Intel Corporation)
Java 7 Update 71 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kafeo V6.3.8 (HKLM\...\Kafeo_is1) (Version: 6.3.8 - Apiris)
LibreOffice 4.3.4.1 (HKLM\...\{7D983A32-F645-48AB-8E38-4ACD234F40BC}) (Version: 4.3.4.1 - The Document Foundation)
Ma-Config.com (HKLM\...\{7B6780CE-CADD-48DE-8CC2-CB168E07885A}) (Version: 7.1.3.0 - Cybelsoft)
Malware Eraser version 1.2 (HKLM\...\{D382E642-7EA5-4754-8DEB-1F9E931FF85F}_is1) (Version: 1.2 - TCPmonitor.altervista.org)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Module linguistique Microsoft .NET Framework 3.5 SP1- fra (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - fra) (Version: - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 fr) (HKLM\...\Mozilla Firefox 35.0 (x86 fr)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5964 - Realtek Semiconductor Corp.)
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version: - )
Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version: - )
SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung New PC Studio (HKLM\...\InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}) (Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung USB Driver (HKLM\...\{86D6A20D-3910-4441-A3E5-EB6977251C86}) (Version: - )
SAMSUNG USB Mobile Device Software (HKLM\...\SAMSUNG USB Mobile Device) (Version: - )
SamsungConnectivityCableDriver (HKLM\...\{7E84FAC8-C518-40F9-9807-7455301D6D25}) (Version: 6.83.6.2.1 - Samsung)
Segoe UI (Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Shareaza 2.7.1.0 (HKLM\...\Shareaza_is1) (Version: 2.7.1.0 - Shareaza Development Team)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VTech Download Agent Library (Version: 1.00.0000 - VTech) Hidden
WahOO (HKLM\...\{0271A4CB-D48C-4CDF-826F-62EE8D91663F}_is1) (Version: 0.9.8 - Kow Media)
Windows Live (HKLM\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{117270FA-48AC-45BB-9171-B63D1B42A910}\localserver32 -> "C:\Users\ec\AppData\Local\13308\Updater.exe" No File
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{18D11ED9-1264-48A1-9E14-20F2C633242B}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{30FC662A-D72A-4F79-B63A-ACD4FBFE68A3}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{34791E02-51DC-4CF4-9E34-018166D91D0E}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{D73ABD28-3A2A-4E36-AD6F-2AA8F011FBE3}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{E1A67AE5-7041-4AE1-94F7-DE03EF759E27}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)
CustomCLSID: HKU\S-1-5-21-2169863762-3314931148-3351663341-1000_Classes\CLSID\{E9B2EF9B-4A0C-451E-801F-257861B87FAD}\localserver32 -> C:\Program Files\Shareaza\Shareaza.exe (Shareaza Development Team)

==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0299F236-158C-42F5-AC3D-B2F19818CEAA} - \0e18a4cf-685e-464b-a8ab-c4bf0db471b7-2 No Task File <==== ATTENTION
Task: {12B17B21-0B3B-4C95-B996-B1361CA18C61} - System32\Tasks\MLKPFB => C:\Users\ec\AppData\Roaming\MLKPFB.exe <==== ATTENTION
Task: {25D5D68B-EBB8-4A29-B6D8-5A4B6940F228} - System32\Tasks\CEFDUET => C:\Users\ec\AppData\Roaming\CEFDUET.exe <==== ATTENTION
Task: {30364B72-045A-46F2-B146-E9B4C2D1E643} - \WindApp Update No Task File <==== ATTENTION
Task: {35805B25-8686-44B0-BAF6-CA25E9249A85} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION
Task: {3EBD5D80-B609-4D80-B6EE-0D05A7FA6DF9} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\VistaSP1CEIP => C:\Windows\servicing\vsp1ceip.exe [2008-01-18] (Microsoft Corporation)
Task: {40204EA8-9358-403A-8781-0FCE770A69CB} - System32\Tasks\{1B232B6F-D032-4E8B-90E1-ECCE65576C92} => pcalua.exe -a C:\Windows\system32\spool\drivers\w32x86\3\LXBVUN5C.EXE -c -dLexmark 2200 Series
Task: {422A3031-3A8C-4974-865F-6ADE35CDACFE} - System32\Tasks\{3312E512-E25A-41FF-B049-907219512443} => pcalua.exe -a C:\Users\ec\Downloads\epson317832eu.exe -d C:\Users\ec\Downloads
Task: {48C93D5C-122D-41E2-818F-F0FEB8E0607F} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {4ABDCFE8-360B-4AD9-9F7A-09FD21B0AAE1} - \0e18a4cf-685e-464b-a8ab-c4bf0db471b7-5 No Task File <==== ATTENTION
Task: {4BB5C126-8DA4-4801-9CB9-97E65BAF41AA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {532F2870-81EA-4D52-B571-4D536DD5DDC5} - \SpeedChecker Update No Task File <==== ATTENTION
Task: {6117A9E0-350F-489B-A9C9-B1ADA5D7A884} - \0e18a4cf-685e-464b-a8ab-c4bf0db471b7-1 No Task File <==== ATTENTION
Task: {6945E1E8-F899-49A5-8FAF-6C2F03436475} - System32\Tasks\4381 => Wscript.exe C:\Users\ec\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {7745C91E-9F7C-4DE1-90A0-2F9C340B9868} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION
Task: {7F743C26-45D8-41A8-BF69-0932A2507C41} - System32\Tasks\{2F184358-A90F-4B0F-AB35-3883851043F5} => pcalua.exe -a C:\Users\ec\Downloads\epson375127eu.exe -d C:\Users\ec\Downloads
Task: {809E006F-3AD1-4952-B660-482CA132C520} - System32\Tasks\{93F8EF3C-4DE7-4DDC-ABD5-FE57C44DBD38} => pcalua.exe -a C:\Users\ec\Downloads\epson317830eu.exe -d C:\Users\ec\Downloads
Task: {82F697AD-A1EC-4178-8E16-C81119D2CE91} - System32\Tasks\{AC2C85CD-4D68-49E9-AC1C-3DE9ADFB981E} => pcalua.exe -a C:\Users\ec\Downloads\epson373260eu.exe -d C:\Users\ec\Downloads
Task: {8DA9D314-5F62-44CC-B51D-8EAD1B9926A5} - \0e18a4cf-685e-464b-a8ab-c4bf0db471b7-10_user No Task File <==== ATTENTION
Task: {8F147AF0-3BED-4AF8-894A-4A43E4778094} - System32\Tasks\LaunchSignup => C:\Program Files\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {8FBE89B9-FF33-45BC-9397-95976FA7F902} - System32\Tasks\{4C350862-9F03-4C55-92FF-397808A36252} => pcalua.exe -a C:\Users\ec\Downloads\epson325645eu.exe -d C:\Users\ec\Downloads
Task: {90CF6B80-DD7C-4ED1-9ED3-4BEBEE1E882B} - \Selection Tools Update No Task File <==== ATTENTION
Task: {9C030BB5-BFB1-4253-8A36-459CF5C52888} - System32\Tasks\{6EB33ECE-BFAF-45EA-AE9E-C7388D97C05F} => pcalua.exe -a C:\Users\ec\Downloads\epson375130eu.exe -d C:\Users\ec\Downloads
Task: {9D18BAAD-DB41-4529-BD43-30828DCC4531} - System32\Tasks\ZCJC => C:\Users\ec\AppData\Roaming\ZCJC.exe <==== ATTENTION
Task: {9EAC6C5C-1F74-415A-9AFE-892BC2E72F94} - \0e18a4cf-685e-464b-a8ab-c4bf0db471b7-5_user No Task File <==== ATTENTION
Task: {AB127E97-289B-4F1A-BBC2-5E5E1FF1B0A8} - System32\Tasks\{48D3ACFC-CF66-465D-95A0-4B057FE7192F} => pcalua.exe -a C:\Users\ec\Downloads\epson320698eu.exe -d C:\Users\ec\Downloads
Task: {B3E96EA0-0B5D-4957-BD3C-512A8ACF325A} - System32\Tasks\{D4E6B3ED-B62D-4838-B343-20CDF43815E3} => pcalua.exe -a C:\Users\ec\Downloads\epson317832eu(1).exe -d C:\Users\ec\Downloads
Task: {B53BF26A-7029-4A3D-89DA-B18AD1E0D5F6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {B856D2B5-3059-4175-AE6D-73F8CCD3FD77} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {CAA35C0D-8799-432F-BB66-F86E46468729} - \0e18a4cf-685e-464b-a8ab-c4bf0db471b7-4 No Task File <==== ATTENTION
Task: {CBD4879E-4870-4DCB-9EB0-6DC2481C040E} - \upfs7235 No Task File <==== ATTENTION
Task: {CEF17281-3DFE-4550-BE59-E37C3CF31398} - System32\Tasks\DCAPE => C:\Users\ec\AppData\Roaming\DCAPE.exe <==== ATTENTION
Task: {D8D993DB-974A-4768-A240-2A888969191D} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {ED100B33-274E-41E0-A359-2F2868251119} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {ED910EA1-D750-461F-A9B0-3B3FCD812703} - System32\Tasks\{315C2FA4-F1D3-473E-84E8-E06E1AC5051D} => pcalua.exe -a C:\Users\ec\Downloads\epson324571eu.exe -d C:\Users\ec\Downloads
Task: {F7AA8046-D514-4DC8-B85E-2D12F6AD00AA} - System32\Tasks\{2A9D036C-142B-4DDE-B0B1-9A3B155E51D6} => pcalua.exe -a C:\Users\ec\Downloads\epson317832eu(2).exe -d C:\Users\ec\Downloads
Task: {FBFEA409-11C6-47E3-B888-E8F12C85731C} - System32\Tasks\Foxtab => C:\Users\ec\AppData\Roaming\Foxtab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\CEFDUET.job => C:\Users\ec\AppData\Roaming\CEFDUET.exe <==== ATTENTION
Task: C:\Windows\Tasks\DCAPE.job => C:\Users\ec\AppData\Roaming\DCAPE.exe <==== ATTENTION
Task: C:\Windows\Tasks\Foxtab.job => C:\Users\ec\AppData\Roaming\Foxtab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\MLKPFB.job => C:\Users\ec\AppData\Roaming\MLKPFB.exe <==== ATTENTION
Task: C:\Windows\Tasks\ZCJC.job => C:\Users\ec\AppData\Roaming\ZCJC.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-05-26 12:07 - 2013-05-26 12:07 - 00028672 _____ () C:\Windows\System32\qttask.exe
2013-09-27 18:30 - 2014-09-16 11:12 - 04062960 _____ () C:\Users\ec\AppData\Local\WahOO\Wahoo.exe
2013-09-27 18:30 - 2014-03-07 19:56 - 00117262 _____ () C:\Users\ec\AppData\Local\WahOO\libgcc_s_dw2-1.dll
2014-02-04 09:49 - 2014-03-07 19:56 - 00970766 _____ () C:\Users\ec\AppData\Local\WahOO\libstdc++-6.dll
2014-09-13 09:13 - 2014-01-15 09:36 - 03347428 _____ () C:\Users\ec\AppData\Local\WahOO\icuin52.dll
2014-09-13 09:13 - 2014-01-15 09:36 - 01992280 _____ () C:\Users\ec\AppData\Local\WahOO\icuuc52.dll
2014-09-13 09:13 - 2014-01-15 09:36 - 23544786 _____ () C:\Users\ec\AppData\Local\WahOO\icudt52.dll
2014-02-04 09:49 - 2014-06-19 12:08 - 01276416 _____ () C:\Users\ec\AppData\Local\WahOO\platforms\qwindows.dll
2014-02-04 09:49 - 2014-06-19 12:05 - 00053760 _____ () C:\Users\ec\AppData\Local\WahOO\bearer\qgenericbearer.dll
2014-02-04 09:49 - 2014-06-19 12:05 - 00058368 _____ () C:\Users\ec\AppData\Local\WahOO\bearer\qnativewifibearer.dll
2014-02-04 09:49 - 2014-06-19 12:05 - 00031744 _____ () C:\Users\ec\AppData\Local\WahOO\imageformats\qico.dll
2014-09-13 09:13 - 2014-06-19 12:24 - 00051200 _____ () C:\Users\ec\AppData\Local\WahOO\imageformats\qdds.dll
2014-02-04 09:49 - 2014-06-19 12:05 - 00031232 _____ () C:\Users\ec\AppData\Local\WahOO\imageformats\qgif.dll
2014-09-13 09:13 - 2014-06-19 12:24 - 00042496 _____ () C:\Users\ec\AppData\Local\WahOO\imageformats\qicns.dll
2014-09-13 09:13 - 2014-06-19 12:25 - 00509440 _____ () C:\Users\ec\AppData\Local\WahOO\imageformats\qjp2.dll
2014-02-04 09:49 - 2014-06-19 12:06 - 00242176 _____ () C:\Users\ec\AppData\Local\WahOO\imageformats\qjpeg.dll
2014-02-04 09:49 - 2014-06-19 12:24 - 00363008 _____ () C:\Users\ec\AppData\Local\WahOO\imageformats\qmng.dll
2014-02-04 09:49 - 2014-06-19 12:11 - 00027136 _____ () C:\Users\ec\AppData\Local\WahOO\imageformats\qsvg.dll
2014-02-04 09:49 - 2014-06-19 12:25 - 00027136 _____ () C:\Users\ec\AppData\Local\WahOO\imageformats\qtga.dll
2014-02-04 09:49 - 2014-06-19 12:25 - 00423936 _____ () C:\Users\ec\AppData\Local\WahOO\imageformats\qtiff.dll
2014-02-04 09:49 - 2014-06-19 12:25 - 00026112 _____ () C:\Users\ec\AppData\Local\WahOO\imageformats\qwbmp.dll
2014-09-13 09:13 - 2014-06-19 12:26 - 00341504 _____ () C:\Users\ec\AppData\Local\WahOO\imageformats\qwebp.dll
2014-02-04 09:49 - 2014-06-19 13:09 - 00026112 _____ () C:\Users\ec\AppData\Local\WahOO\sensors\qtsensors_dummy.dll
2014-02-04 09:49 - 2014-06-19 13:09 - 00038400 _____ () C:\Users\ec\AppData\Local\WahOO\sensors\qtsensors_generic.dll
2015-01-14 16:37 - 2015-01-14 16:37 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2015-01-13 21:46 - 2015-01-13 21:46 - 16844464 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\!KillBox:Shareaza.GUID
AlternateDataStreams: C:\Users\Administrateur\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\ec\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\ec\Desktop\Nouveau dossier:Shareaza.GUID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\abengine => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrateur (S-1-5-21-2169863762-3314931148-3351663341-500 - Administrator - Enabled) => C:\Users\Administrateur
ec (S-1-5-21-2169863762-3314931148-3351663341-1000 - Administrator - Enabled) => C:\Users\ec
Invité (S-1-5-21-2169863762-3314931148-3351663341-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: isatap.{3FAACF22-C81C-4F10-A153-CBC711058A5C}
Description: Carte Microsoft ISATAP
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/21/2015 01:16:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Le programme adwcleaner_4.108.exe version 4.1.0.8 a cessé d'interagir avec Windows et a été fermé. Pour déterminer si des informations supplémentaires sont disponibles, consultez l'historique du problème dans l'application Rapports et solutions aux problèmes du Panneau de configuration.
ID de processus : 350
Heure de début : 01d0356fa987dea5
Heure de fin : 0

Error: (01/21/2015 11:13:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Application défaillante plugin-container.exe, version 35.0.0.5486, horodatage 0x54af7153, module défaillant mozalloc.dll, version 35.0.0.5486, horodatage 0x54af69d4, code d'exception 0x80000003, décalage d'erreur 0x00001425,
ID du processus 0xf48, heure de début de l'application 0xplugin-container.exe0.

Error: (01/21/2015 11:11:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Application défaillante l9SpeedCheckern00.exe, version 0.0.0.0, horodatage 0x00000000, module défaillant ntdll.dll, version 6.0.6002.18881, horodatage 0x51da3e27, code d'exception 0xc0000005, décalage d'erreur 0x000289c9,
ID du processus 0x560, heure de début de l'application 0xl9SpeedCheckern00.exe0.

Error: (01/21/2015 11:11:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Application défaillante plugin-container.exe, version 35.0.0.5486, horodatage 0x54af7153, module défaillant mozalloc.dll, version 35.0.0.5486, horodatage 0x54af69d4, code d'exception 0x80000003, décalage d'erreur 0x00001425,
ID du processus 0x1ebc, heure de début de l'application 0xplugin-container.exe0.

Error: (01/21/2015 10:53:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Application défaillante plugin-container.exe, version 35.0.0.5486, horodatage 0x54af7153, module défaillant mozalloc.dll, version 35.0.0.5486, horodatage 0x54af69d4, code d'exception 0x80000003, décalage d'erreur 0x00001425,
ID du processus 0x136c, heure de début de l'application 0xplugin-container.exe0.

Error: (01/21/2015 10:53:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Application défaillante SP.EXE, version 10.8.0.1, horodatage 0x54b8da20, module défaillant SP.EXE, version 10.8.0.1, horodatage 0x54b8da20, code d'exception 0xc0000005, décalage d'erreur 0x00069578,
ID du processus 0x17ac, heure de début de l'application 0xSP.EXE0.

Error: (01/21/2015 10:44:58 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Application défaillante plugin-container.exe, version 35.0.0.5486, horodatage 0x54af7153, module défaillant mozalloc.dll, version 35.0.0.5486, horodatage 0x54af69d4, code d'exception 0x80000003, décalage d'erreur 0x00001425,
ID du processus 0x370, heure de début de l'application 0xplugin-container.exe0.

Error: (01/21/2015 10:36:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Application défaillante plugin-container.exe, version 35.0.0.5486, horodatage 0x54af7153, module défaillant mozalloc.dll, version 35.0.0.5486, horodata
0
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 507
Les rapports FRST sont à donner via pjjoint.
0
Messages postés
146
Date d'inscription
jeudi 31 janvier 2013
Statut
Membre
Dernière intervention
15 mai 2018
7
seulement l'ouverture des pages de pub ont rendu l'exercice difficile. désolée . j'ai refait un scan avec malware byte il restait une fichier à supprimer. je redonne les rapport frst par pjjoint???
0
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 507
oui.
0
Messages postés
146
Date d'inscription
jeudi 31 janvier 2013
Statut
Membre
Dernière intervention
15 mai 2018
7
tout est rentre dans l'ordre.
j'ai reinitialiser mozilla et scanner encore et tout est ok.
merci beaucoup de votre aide.
je garde vos tuto sous le coude!!!!
0
Messages postés
180254
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 507
ok :)


Voila, c'est terminé, tu peux supprimer les programmes utilisés.

Quelques conseils :


Installe Malwarebyte's Anti-Malware : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Fais des scans réguliers avec, il est efficace.
(sauf si tu es sur un netbook)

Pour prévenir les sites malicieux, tu peux installer Blockulicious : https://forum.malekal.com/viewtopic.php?t=46656&start=


Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/


Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html


0