Supprimer définitivement eDeals de Chrome (Windows 8.1) Résolu/Fermé

Question

Bonjour, 

Je souhaite supprimer eDeals qui ne cesse de revenir après nettoyage avec AdwCleaner, et reset du navigateur web (et désinstallation dans le panneau de configutation). J'ai vu qu'il fallait copier/coller le rapport donc je vais le faire...mais juste par curiosité, à quoi cela sert-il ? Je suis sous Windows 8.1, merci d'avance. :) 

https://pjjoint.malekal.com/files.php?id=20150201_y13j5h13i10i11 (AdwCleaner [R9])

https://pjjoint.malekal.com/files.php?id=20150201_c14y11k11n8e9 (AdwCleaner [S9])

Malekal_morte- · Answer

Salut,


Suis ce tutoriel FRST: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
Télécharge et lance le scan FRST, cela va générer trois rapports FRST :
* FRST.txt
* Shortcut.txt
* Additionnal.txt

Envoie comme expliqué, ces trois rapports sur le site http://pjjoint.malekal.com et donne les trois liens pjjoint de ces rapports afin qu'ils puissent être consultés.

Harley972 · Answer

Merci d'avoir répondu si rapidement! FRST est meilleur que AdwCleaner ? J'ai envoyé les deux rapports de ce programme. Merci ! :)

Harley972 · Answer

Merci pour les précisions! Voici les trois rapports FRST:

 https://pjjoint.malekal.com/files.php?id=20150201_w10t13b14z14r14 (FRST.txt)

https://pjjoint.malekal.com/files.php?id=20150201_c14o5h7q13w6 (Shortcut.txt)

https://pjjoint.malekal.com/files.php?id=20150201_m13h5t12p10q10 (Additionnal.txt)

Merci d'avance!

Malekal_morte- · Answer

Déjà note la procédure pour supprimer les proxys sur Internet Explorer : https://forum.malekal.com/viewtopic.php?t=47404&start=


Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit : 


 HKLM-x32\...\Run: [eDealPop] => C:\Program Files (x86)\eDealPop\eDealPop.exe [6144 2014-12-03] () 
HKLM-x32\...\Run: [fst_fr_326] => [X] 
ProxyEnable: [S-1-5-21-2426850744-507640390-4260415313-1007] => Internet Explorer proxy is enabled. 
ProxyServer: [S-1-5-21-2426850744-507640390-4260415313-1007] => http=127.0.0.1:12994 [Attention - Possible Proxy Malicieux]
 FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\gaeta_000\AppData\Roaming\Mozilla\Firefox\Profiles\ynvey3dj.default\extensions\detgdp@gmail.com  
 R2 applicationcodecRecovery.exe; C:\Users\gaeta_000\AppData\Local\applicationcodecRecovery\applicationcodecRecovery.exe [209408 2015-02-01] () [File not signed] 
 R2 compilethumbnail_64; C:\WINDOWS\SysWOW64\compilethumbnail_64\compilethumbnail_64.exe [83456 2015-01-16] () [File not signed] 
 R2 DatabaseRemoteSoftware; C:\WINDOWS\SysWOW64\DatabaseRemoteSoftware\DatabaseRemoteSoftware.exe [60965 2014-07-30] () [File not signed] 
R2 DLCOCRPublic; C:\WINDOWS\SysWOW64\DLCOCRPublic\DLCOCRPublic.exe [68096 2014-10-13] () [File not signed] 
S2 archiveguiapi.exe; C:\Users\gaeta_000\AppData\Local\archiveguiapi\archiveguiapi.exe [X] 
 S2 biosqcapRec.exe; C:\Users\gaeta_000\AppData\Local\biosqcapRec\biosqcapRec.exe [X]  
 S2 CursorFAT32Register.exe; C:\Users\gaeta_000\AppData\Local\CursorFAT32Register\CursorFAT32Register.exe [X] 
 S2 desktopfrozenUI.exe; C:\Users\gaeta_000\AppData\Local\desktopfrozenUI\desktopfrozenUI.exe [X] 
 S2 dosmscoreeGUI.exe; C:\Users\gaeta_000\AppData\Local\dosmscoreeGUI\dosmscoreeGUI.exe [X] 
 S2 ehdrminitshdocvwProvider.exe; C:\Users\gaeta_000\AppData\Local\ehdrminitshdocvwProvider\ehdrminitshdocvwProvider.exe [X] 
 S2 folderofficeRecovery.exe; C:\Users\gaeta_000\AppData\Local\folderofficeRecovery\folderofficeRecovery.exe [X] 
 S2 formatfirmwareapi.exe; C:\Users\gaeta_000\AppData\Local\formatfirmwareapi\formatfirmwareapi.exe [X] 
 S2 mysqlwebcheckUI.exe; C:\Users\gaeta_000\AppData\Local\mysqlwebcheckUI\mysqlwebcheckUI.exe [X] 
 S2 scrollingquartzProt.exe; C:\Users\gaeta_000\AppData\Local\scrollingquartzProt\scrollingquartzProt.exe [X] 
 S2 utilitymscoreeSched.exe; C:\Users\gaeta_000\AppData\Local\utilitymscoreeSched\utilitymscoreeSched.exe [X] 
R2 ocrshdocvwapi; C:\WINDOWS\SysWOW64\ocrshdocvwapi\ocrshdocvwapi.exe [83456 2015-01-16] () [File not signed] 
 2015-02-01 22:53 - 2015-02-01 22:53 - 00000000 ____D () C:\Users\gaeta_000\AppData\Local\applicationcodecRecovery 
 2015-02-01 22:53 - 2015-02-01 22:53 - 00000000 ____D () C:\Program Files (x86)\eDealPop  
 2015-01-16 23:10 - 2015-01-16 23:10 - 00000000 ____D () C:\WINDOWS\SysWOW64\ocrshdocvwapi 
 2015-01-16 23:10 - 2015-01-16 23:10 - 00000000 ____D () C:\WINDOWS\SysWOW64\compilethumbnail_64 

Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message. 

Redémarre l'ordinateur


Si internet ne fonctionne pas, suis la procédure notée.

Harley972 · Answer

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2015
Ran by gaeta_000 at 2015-02-01 23:26:27 Run:1
Running from C:\Users\gaeta_000\Desktop
Loaded Profiles: gaeta_000 (Available profiles: gaeta_000 & Administrateur)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [eDealPop] => C:\Program Files (x86)\eDealPop\eDealPop.exe [6144 2014-12-03] () 
HKLM-x32\...\Run: [fst_fr_326] => [X] 
ProxyEnable: [S-1-5-21-2426850744-507640390-4260415313-1007] => Internet Explorer proxy is enabled. 
ProxyServer: [S-1-5-21-2426850744-507640390-4260415313-1007] => http=127.0.0.1:12994 [Attention - Possible Proxy Malicieux] 
FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\gaeta_000\AppData\Roaming\Mozilla\Firefox\Profiles\ynvey3dj.default\extensions\detgdp@gmail.com 
R2 applicationcodecRecovery.exe; C:\Users\gaeta_000\AppData\Local\applicationcodecRecovery\applicationcodecRecovery.exe [209408 2015-02-01] () [File not signed] 
R2 compilethumbnail_64; C:\WINDOWS\SysWOW64\compilethumbnail_64\compilethumbnail_64.exe [83456 2015-01-16] () [File not signed] 
R2 DatabaseRemoteSoftware; C:\WINDOWS\SysWOW64\DatabaseRemoteSoftware\DatabaseRemoteSoftware.exe [60965 2014-07-30] () [File not signed] 
R2 DLCOCRPublic; C:\WINDOWS\SysWOW64\DLCOCRPublic\DLCOCRPublic.exe [68096 2014-10-13] () [File not signed] 
S2 archiveguiapi.exe; C:\Users\gaeta_000\AppData\Local\archiveguiapi\archiveguiapi.exe [X] 
S2 biosqcapRec.exe; C:\Users\gaeta_000\AppData\Local\biosqcapRec\biosqcapRec.exe [X] 
S2 CursorFAT32Register.exe; C:\Users\gaeta_000\AppData\Local\CursorFAT32Register\CursorFAT32Register.exe [X] 
S2 desktopfrozenUI.exe; C:\Users\gaeta_000\AppData\Local\desktopfrozenUI\desktopfrozenUI.exe [X] 
S2 dosmscoreeGUI.exe; C:\Users\gaeta_000\AppData\Local\dosmscoreeGUI\dosmscoreeGUI.exe [X] 
S2 ehdrminitshdocvwProvider.exe; C:\Users\gaeta_000\AppData\Local\ehdrminitshdocvwProvider\ehdrminitshdocvwProvider.exe [X] 
S2 folderofficeRecovery.exe; C:\Users\gaeta_000\AppData\Local\folderofficeRecovery\folderofficeRecovery.exe [X] 
S2 formatfirmwareapi.exe; C:\Users\gaeta_000\AppData\Local\formatfirmwareapi\formatfirmwareapi.exe [X] 
S2 mysqlwebcheckUI.exe; C:\Users\gaeta_000\AppData\Local\mysqlwebcheckUI\mysqlwebcheckUI.exe [X] 
S2 scrollingquartzProt.exe; C:\Users\gaeta_000\AppData\Local\scrollingquartzProt\scrollingquartzProt.exe [X] 
S2 utilitymscoreeSched.exe; C:\Users\gaeta_000\AppData\Local\utilitymscoreeSched\utilitymscoreeSched.exe [X] 
R2 ocrshdocvwapi; C:\WINDOWS\SysWOW64\ocrshdocvwapi\ocrshdocvwapi.exe [83456 2015-01-16] () [File not signed] 
2015-02-01 22:53 - 2015-02-01 22:53 - 00000000 ____D () C:\Users\gaeta_000\AppData\Local\applicationcodecRecovery 
2015-02-01 22:53 - 2015-02-01 22:53 - 00000000 ____D () C:\Program Files (x86)\eDealPop 
2015-01-16 23:10 - 2015-01-16 23:10 - 00000000 ____D () C:\WINDOWS\SysWOW64\ocrshdocvwapi 
2015-01-16 23:10 - 2015-01-16 23:10 - 00000000 ____D () C:\WINDOWS\SysWOW64\compilethumbnail_64 
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eDealPop => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\fst_fr_326 => value deleted successfully.
HKU\S-1-5-21-2426850744-507640390-4260415313-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-2426850744-507640390-4260415313-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\detgdp@gmail.com => value deleted successfully.
applicationcodecRecovery.exe => Unable to stop service
applicationcodecRecovery.exe => Service deleted successfully.
compilethumbnail_64 => Unable to stop service
compilethumbnail_64 => Service deleted successfully.
DatabaseRemoteSoftware => Unable to stop service
DatabaseRemoteSoftware => Service deleted successfully.
DLCOCRPublic => Unable to stop service
DLCOCRPublic => Service deleted successfully.
archiveguiapi.exe => Service deleted successfully.
biosqcapRec.exe => Service deleted successfully.
CursorFAT32Register.exe => Service deleted successfully.
desktopfrozenUI.exe => Service deleted successfully.
dosmscoreeGUI.exe => Service deleted successfully.
ehdrminitshdocvwProvider.exe => Service deleted successfully.
folderofficeRecovery.exe => Service deleted successfully.
formatfirmwareapi.exe => Service deleted successfully.
mysqlwebcheckUI.exe => Service deleted successfully.
scrollingquartzProt.exe => Service deleted successfully.
utilitymscoreeSched.exe => Service deleted successfully.
ocrshdocvwapi => Unable to stop service
ocrshdocvwapi => Service deleted successfully.
C:\Users\gaeta_000\AppData\Local\applicationcodecRecovery => Moved successfully.

"C:\Program Files (x86)\eDealPop" directory move:

C:\Program Files (x86)\eDealPop\eDealPop.exe => Moved successfully.
C:\Program Files (x86)\eDealPop\msvcp100.dll => Moved successfully.
C:\Program Files (x86)\eDealPop\msvcr100.dll => Moved successfully.
C:\Program Files (x86)\eDealPop\unins000.dat => Moved successfully.
C:\Program Files (x86)\eDealPop\unins000.exe => Moved successfully.
Could not move "C:\Program Files (x86)\eDealPop" directory. => Scheduled to move on reboot.

C:\WINDOWS\SysWOW64\ocrshdocvwapi => Moved successfully.
C:\WINDOWS\SysWOW64\compilethumbnail_64 => Moved successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-01 23:27:59)<=

C:\Program Files (x86)\eDealPop => Is moved successfully.

==== End of Fixlog 23:27:59 ====

Malekal_morte- · Answer

Ca donne quoi les publicités?

harley972 · Answer

Merci beaucoup elles ont disparu ! Donc je suppose que c'est résolu haha :)

Malekal_morte- · Answer

=)

Voila, c'est terminé, tu peux supprimer les programmes utilisés. 

Quelques conseils : 



Pour prévenir les sites malicieux, tu peux installer Blockulicious : https://forum.malekal.com/viewtopic.php?t=46656&start= 


Pour ne plus te faire avoir. 
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/ 


Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html

harley972 · Answer

Un grand merci encore, je vais tout de même garder les programmes au cas où, ça peut être utile ! Je vais installer Blockulicious :) Mon ordi est tout propre !