eDealsPops, ROYaalCoupon, SubTap, daileyPrize etc. Fermé

Question

Bonjour, 

Mon amie voulait télécharger des jeux et a sans le savoir infesté son pc portable (windows 8.1 de 2013) à tel point que toute navigation sur internet est lente ou quasi impossible (des pubs et des pop-ups de partout). D'ailleurs c'est depuis mon ordi, pas le sien, que je vous écris. 

ADW Cleaner ne semble pas aider malheureusement. 

De quelles informations avez-vous besoin pour que nous puissions venir à bout de cette infestation?

Merci d'avance pour votre réponse. 

Lajève

Malekal_morte- · Answer

Salut,

Suis ce tutoriel FRST: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
Télécharge et lance le scan FRST, cela va générer trois rapports FRST :
* FRST.txt
* Shortcut.txt
* Additionnal.txt

Envoie comme expliqué, ces trois rapports sur le site http://pjjoint.malekal.com et donne les trois liens pjjoint de ces rapports afin qu'ils puissent être consultés.

lajeve · Answer

Bonjour,

Pardon je tarde un peu à répondre. Je n'arrive pas à naviguer avec son ordi, j'ai téléchargé frst.exe sur une clé usb puis l'ai transféré sur son ordi (sur le bureau). Le scan est fait et les rapports sont sur son bureau. J'en ai fait une copie sur la même clé usb pour les envoyer depuis mon ordi. J'espère que ça peut marcher comme ça aussi. Voici les liens: 

https://pjjoint.malekal.com/files.php?id=20150211_v15j12w8s7m10

https://pjjoint.malekal.com/files.php?id=FRST_20150211_u7m12s9v6n11

https://pjjoint.malekal.com/files.php?id=20150211_d15l15m10f9p10

Merci pour ton aide.

Lajève

Malekal_morte- · Answer

Les utilisateurs de ce PC installe tout et n'importe quoi :/ ADW Cleaner ne semble pas aider malheureusement. Il ne doit pas être à jour, car la pluspart des adwares présents sur ton rapport sont gérés. Supprime toutes les téléchargements d'AdwCleaner. Suis le tutorial AdwCleaner https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= ( d'Xplode ) Télécharge le sur ton bureau ou dossier de téléchargement. Lance AdwCleaner, clique sur [Scanner]. L'analyse peux durer plusieurs minutes, patiente. Une fois le scan terminé, ne décoche rien, clique sur [Nettoyer] Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller. Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message. Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt Ensuite : Déjà note la procédure pour supprimer les proxys sur Internet Explorer : https://forum.malekal.com/viewtopic.php?t=47404&start= Voici la correction à effectuer avec FRST. Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK. Copie/colle dedans ce qui suit : HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988456 2015-01-20] (YTDownloader) HKLM-x32\...\Run: [eDealPop] => C:\Program Files (x86)\eDealPop\eDealPop.exe HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [148048 2014-11-04] (PC Utilities Software Limited) HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\Run: [GoogleChromeAutoLaunch_9BC5EE769F8395B9E9DEC2F8DCC0D839] => C:\Users\PEINDRE13\AppData\Local\Vosteran\Application\vosteran.exe --auto-launch-at-startup --profile-directory=Default HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\Run: [ChicaPasswordManager] => C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe /autorunned HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988456 2015-01-20] (YTDownloader) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [253200 2015-01-28] (Client Connect LTD) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219408 2015-01-28] (Client Connect LTD) HKLM-x32\...\Run: [mbot_fr_163] => C:\Program Files (x86)\mbot_fr_163\mbot_fr_163.exe Startup: C:\Users\PEINDRE13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\settings manager\smdmf\x64\sysapcrt.dll [669200 2015-01-04] () HKLM\...\AppCertDlls: [x86] -> c:\program files (x86)\settings manager\smdmf\sysapcrt.dll [493584 2015-01-04] () SearchScopes: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = BHO: ROYaalCoupon -> {0257c7a3-51be-49ca-abf9-ce292ff46104} -> C:\ProgramData\ROYaalCoupon\ss2a9Nl775slhQ.x64.dll () BHO: roceckeetsaLe -> {0d1fe3bc-0a7f-4b7f-ac2f-ca5fcca73992} -> C:\ProgramData oceckeetsaLe\6QgEgT1RExApm5.x64.dll () BHO: CinemaHd For Pro 2.4cV07.01 -> {11111111-1111-1111-1111-110611901161} -> C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\CinemaHd For Pro 2.4cV07.01-bho64.dll (Cinema ProV07.01) BHO: TicTaCouppOn -> {48e7a385-fa49-4645-8709-d04540984792} -> C:\ProgramData\TicTaCouppOn\CafNes5AcZz5dB.x64.dll () BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\PEINDRE13\AppData\Local\Linkey\IEExtension\iedll64.dll (Aztec Media Inc) BHO: greatsaVing -> {6f365b43-bc07-49ad-b924-1fef8e000855} -> C:\ProgramData\greatsaVing\2Aj2pYGk6rZz7j.x64.dll No File BHO: deoolllarsaver -> {803c0acc-6ab7-402a-bafa-e72fc2f7dfde} -> C:\ProgramData\deoolllarsaver\fYTtybhev8D8mh.x64.dll () BHO: RoyealCoupOn -> {bea48c8d-90ec-4667-89c9-ed26a24b7069} -> C:\ProgramData\RoyealCoupOn\lf5BlILralCwIk.x64.dll () BHO: WowoCouupon -> {c450a1e7-024e-46d2-ae05-eee1190d0038} -> C:\ProgramData\WowoCouupon\fGYmrw0H99C21X.x64.dll () BHO: tperfectcoupon -> {cfd7b479-37d7-4083-8bf2-a4794e9394a7} -> C:\ProgramData perfectcoupon\1ocj1dWEZOUhh3.x64.dll () BHO: fasetsaler -> {ebb90bba-3fe0-4b1f-b4c9-fe892203af50} -> C:\ProgramData\fasetsaler\LbE3TqUTHAD400.x64.dll () BHO: free22you -> {f355144e-19a2-43cb-a343-aef79667f296} -> C:\ProgramData\free22you\MTFze3Nyp69IZv.x64.dll () BHO: couponpEuaaK -> {f736d76a-9c64-4653-ac21-a129958c55be} -> C:\ProgramData\couponpEuaaK\pKdRUugxYQRjP6.x64.dll () BHO-x32: ROYaalCoupon -> {0257c7a3-51be-49ca-abf9-ce292ff46104} -> C:\ProgramData\ROYaalCoupon\ss2a9Nl775slhQ.dll () BHO-x32: roceckeetsaLe -> {0d1fe3bc-0a7f-4b7f-ac2f-ca5fcca73992} -> C:\ProgramData oceckeetsaLe\6QgEgT1RExApm5.dll No File BHO-x32: CinemaHd For Pro 2.4cV07.01 -> {11111111-1111-1111-1111-110611901161} -> C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\CinemaHd For Pro 2.4cV07.01-bho.dll No File BHO-x32: TicTaCouppOn -> {48e7a385-fa49-4645-8709-d04540984792} -> C:\ProgramData\TicTaCouppOn\CafNes5AcZz5dB.dll No File BHO-x32: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\PEINDRE13\AppData\Local\Linkey\IEExtension\iedll.dll No File BHO-x32: greatsaVing -> {6f365b43-bc07-49ad-b924-1fef8e000855} -> C:\ProgramData\greatsaVing\2Aj2pYGk6rZz7j.dll No File BHO-x32: deoolllarsaver -> {803c0acc-6ab7-402a-bafa-e72fc2f7dfde} -> C:\ProgramData\deoolllarsaver\fYTtybhev8D8mh.dll No File BHO-x32: Faster Light 1.0.0.7 -> {950ef4df-b9dd-4b97-9e34-5c7d25a5eb88} -> C:\Program Files (x86)\Faster Light\FasterLightBHO.dll No File BHO-x32: RoyealCoupOn -> {bea48c8d-90ec-4667-89c9-ed26a24b7069} -> C:\ProgramData\RoyealCoupOn\lf5BlILralCwIk.dll No File BHO-x32: WowoCouupon -> {c450a1e7-024e-46d2-ae05-eee1190d0038} -> C:\ProgramData\WowoCouupon\fGYmrw0H99C21X.dll No File BHO-x32: tperfectcoupon -> {cfd7b479-37d7-4083-8bf2-a4794e9394a7} -> C:\ProgramData perfectcoupon\1ocj1dWEZOUhh3.dll No File BHO-x32: fasetsaler -> {ebb90bba-3fe0-4b1f-b4c9-fe892203af50} -> C:\ProgramData\fasetsaler\LbE3TqUTHAD400.dll No File BHO-x32: free22you -> {f355144e-19a2-43cb-a343-aef79667f296} -> C:\ProgramData\free22you\MTFze3Nyp69IZv.dll No File BHO-x32: couponpEuaaK -> {f736d76a-9c64-4653-ac21-a129958c55be} -> C:\ProgramData\couponpEuaaK\pKdRUugxYQRjP6.dll No File FF Extension: iWebar - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com [2015-01-21] FF Extension: ExtraShOppEr - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\9Nr@DCyst.net [2014-12-16] FF Extension: couponpaeaku - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\a@WTJZxPz5.org [2015-01-07] FF Extension: CinemaHd For Pro 2.4cV07.01 - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\c6d10446ffd84587ac59c8230189@815dffea895e418f9d9fd8cf.com [2015-01-07] FF Extension: Security Protection - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\detgdp@gmail.com [2014-12-17] FF Extension: Linkey for Firefox - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\extension@linkeyproject.com [2015-01-07] FF Extension: sAleprizzes - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\FVwUC@9Xcx.net [2015-01-22] FF Extension: daileyPrize - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\MYUy@MxtVcz.com [2015-01-06] FF Extension: buyyandbrrowse - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\q00nZJm@T.edu [2015-01-22] FF Extension: ooFFeraapopp - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\SX@F.edu [2015-01-06] FF Extension: deaalpeeaakk - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\T@PQ.com [2014-12-17] FF Extension: No Name - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions rash [2015-01-29] FF Extension: useragentrgmozillaorg - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\useragentrg@mozilla.org [2015-01-14] FF Extension: LuucckYSHopper - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\uz203@jas.org [2015-01-04] FF Extension: Yahoo! Toolbar - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-01-29] FF Extension: Faster Light 1.0.1 - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\{5fa86e60-a54d-4e77-b1f1-f7bc1e215749}.xpi [2015-02-09] FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\extensions\detgdp@gmail.com CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Users\PEINDRE13\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx [2015-01-07] R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION R2 commandregister64; C:\windows\SysWOW64\commandregister64\commandregister64.exe [83456 2015-01-16] () [File not signed] R2 CouponarificService64; C:\Program Files (x86)\AC2EE680-7CFE-4839-8B77-84980CFAA6B2\xtloowpkjv64.exe [186368 2014-11-19] () [File not signed] R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-10-15] (Cherished Technololgy LIMITED) R2 kzmhgtoyat32; C:\Program Files\010\kzmhgtoyat32.exe [682992 2014-11-26] () R2 msmpeg2vdecrshx32Provider.exe; C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider\msmpeg2vdecrshx32Provider.exe [211968 2015-02-09] () [File not signed] R2 SmdmFService; C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe [3573264 2015-01-04] (Aztec Media Inc) R2 Util Faster Light; C:\Program Files (x86)\Faster Light\bin\utilFasterLight.exe [394992 2015-02-09] () R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [463872 2015-01-19] (SysTool PasSame LIMITED) [File not signed] S2 4dd8d474; C:\WINDOWS\system32 undll32.exe c:\Program Files (x86)\RelayDouble\RelayDouble.dll,serv S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X] S2 debuggersamba_86.exe; C:\Users\PEINDRE13\AppData\Local\debuggersamba_86\debuggersamba_86.exe [X] S2 functionprocessSched; C:\windows\SysWOW64\functionprocessSched\functionprocessSched.exe [X] S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X] S2 Update Faster Light; C:\Program Files (x86)\Faster Light\updateFasterLight.exe [X] R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2015-01-20] (YTDownloader) 2015-02-09 14:36 - 2015-02-10 09:15 - 00000000 ____D () C:\Program Files (x86)\eDealPop 2015-02-09 14:36 - 2015-02-09 14:39 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider 2015-02-04 18:09 - 2015-02-04 18:09 - 00000000 ____D () C:\ProgramData\salesale 2015-02-03 15:49 - 2015-02-03 15:49 - 00077728 _____ () C:\Users\PEINDRE13\Downloads\FLVPlayer-Chrome (2).exe 2015-02-03 13:24 - 2015-02-06 12:55 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Local\avaxvavya 2015-02-03 13:24 - 2015-02-03 13:24 - 00003482 _____ () C:\WINDOWS\System32\Tasks\avaxvavya 2015-01-22 09:53 - 2015-02-06 09:47 - 00000000 ____D () C:\ProgramData oceckeetsaLe 2015-01-22 09:52 - 2015-02-06 09:47 - 00000000 ____D () C:\ProgramData\free22you 2015-01-22 00:42 - 2015-01-22 00:42 - 00285864 _____ () C:\WINDOWS\Minidump\012215-87437-01.dmp 2015-01-22 00:31 - 2015-01-22 00:31 - 00525855 _____ () C:\Users\PEINDRE13\Downloads\Installation.exe 2015-01-21 21:34 - 2015-01-21 21:34 - 00001144 _____ () C:\Users\PEINDRE13\Desktop\Live PC Help.lnk 2015-01-21 20:53 - 2015-02-06 13:52 - 00000000 ____D () C:\Program Files (x86)\RelayDouble 2015-01-21 20:52 - 2015-01-21 20:52 - 00000000 ____D () C:\ProgramData\2355320829 2015-01-21 19:02 - 2015-01-21 19:02 - 00003588 _____ () C:\WINDOWS\System32\Tasks\YTDownloader 2015-01-21 19:02 - 2015-01-21 19:02 - 00003578 _____ () C:\WINDOWS\System32\Tasks\YTDownloaderUpd 2015-01-21 19:02 - 2015-01-21 19:02 - 00001965 _____ () C:\Users\PEINDRE13\Desktop\YTDownloader.lnk 2015-01-21 19:02 - 2015-01-21 19:02 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader 2015-01-21 19:02 - 2015-01-21 19:02 - 00000000 ____D () C:\Program Files (x86)\YTDownloader 2015-01-21 18:59 - 2015-01-21 19:21 - 00001146 _____ () C:\Users\PEINDRE13\Desktop\Continue Live Installation.lnk 2015-01-21 18:33 - 2015-01-21 18:33 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Roaming\ASP 2015-01-21 18:32 - 2015-01-21 21:34 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Roaming\systweak 2015-01-21 18:30 - 2015-01-21 21:36 - 00000000 ____D () C:\Program Files (x86)\SoftwareUpdater 2015-01-19 17:25 - 2015-01-19 22:02 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier 2015-01-19 17:25 - 2015-01-19 22:02 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier 2015-01-19 14:19 - 2015-02-08 22:21 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Roaming\Compatibility Verifier 2015-02-11 13:42 - 2013-12-18 19:32 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2966991898-3599612516-2177771990-1001 2015-02-11 13:39 - 2015-01-07 19:56 - 00000000 ____D () C:\ProgramData\smdmf 2015-02-11 13:18 - 2014-12-16 00:18 - 00000322 _____ () C:\WINDOWS\Tasks\WSE_Vosteran.job 2015-02-11 13:16 - 2015-01-07 19:58 - 00002482 _____ () C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-5_user.job 2015-02-11 13:16 - 2015-01-07 19:58 - 00002482 _____ () C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-5.job 2015-02-11 13:16 - 2015-01-07 19:57 - 00003514 _____ () C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-1.job 2015-02-11 13:16 - 2015-01-07 19:57 - 00002146 _____ () C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-2.job 2015-02-11 13:16 - 2015-01-07 19:56 - 00004530 _____ () C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-4.job 2015-02-11 13:16 - 2015-01-07 19:56 - 00000988 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-02-11 13:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-10 17:47 - 2014-12-16 00:16 - 00000000 ____D () C:\Program Files (x86)\Faster Light 2015-02-10 13:04 - 2014-12-16 08:55 - 00000000 ____D () C:\Program Files\Couponarific 2015-02-06 13:57 - 2015-01-06 15:30 - 00000000 ____D () C:\ProgramData\greatsaVing 2015-02-06 12:55 - 2014-11-08 20:09 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 2015-02-06 12:04 - 2014-10-15 15:36 - 00000000 ____D () C:\Program Files (x86)\SupTab 2015-02-06 11:10 - 2014-12-16 12:04 - 00000000 ____D () C:\WINDOWS\SysWOW64\functionprocessSched 2015-02-06 09:47 - 2015-01-07 19:56 - 00000000 ____D () C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01 2015-02-06 09:47 - 2015-01-06 15:31 - 00000000 ____D () C:\ProgramData\couponpEuaaK 2015-02-06 09:47 - 2015-01-06 15:30 - 00000000 ____D () C:\ProgramData\fasetsaler 2015-02-06 09:47 - 2015-01-06 15:30 - 00000000 ____D () C:\ProgramData\deoolllarsaver 2015-02-06 09:47 - 2014-12-17 09:49 - 00000000 ____D () C:\ProgramData\WowoCouupon 2015-02-06 09:47 - 2014-12-16 21:58 - 00000000 ____D () C:\ProgramData\RoyealCoupOn 2015-02-06 09:47 - 2014-11-08 21:10 - 00000000 ____D () C:\ProgramData perfectcoupon 2015-02-06 09:28 - 2014-12-16 12:05 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup 2015-02-05 21:05 - 2014-11-08 20:15 - 00003258 _____ () C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule 2015-02-03 13:24 - 2014-12-16 11:21 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2015-01-22 19:52 - 2014-12-16 16:59 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job 2015-01-22 09:53 - 2014-11-08 21:10 - 00000000 ____D () C:\ProgramData\1ac0560aa5647f29 2015-01-21 21:38 - 2014-10-15 15:31 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Roaming\omiga-plus 2015-01-21 21:38 - 2013-12-18 19:26 - 00001450 _____ () C:\Users\PEINDRE13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-21 20:41 - 2014-12-16 16:59 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job 2015-01-21 20:31 - 2014-12-17 09:49 - 00000000 ____D () C:\Program Files (x86)\WinZipper 2015-01-21 20:09 - 2014-12-16 14:35 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job 2015-01-21 19:47 - 2014-12-16 16:59 - 00002814 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP3 2015-01-21 19:47 - 2014-12-16 16:59 - 00002814 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP2 2015-01-21 19:47 - 2014-12-16 14:35 - 00002816 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP1 2015-01-21 19:46 - 2014-12-16 14:35 - 00001061 _____ () C:\Users\PEINDRE13\Desktop\AnyProtect.lnk 2015-01-21 19:33 - 2014-12-16 14:31 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx 2015-01-19 13:38 - 2014-12-16 14:35 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup 2015-01-19 13:38 - 2014-12-16 12:06 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2015-01-19 13:38 - 2014-11-08 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 2015-01-19 10:51 - 2014-10-15 15:30 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Local\mbot_fr_163 2015-01-19 10:43 - 2014-10-15 15:36 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect Task: {01FA3775-093F-4213-BD39-5325B3B10B35} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-21] (AnyProtect.com) <==== ATTENTION Task: {27C77F92-270A-46CD-82E6-66D243F8269A} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [2014-11-04] (PC Utilities Software Limited) <==== ATTENTION Task: {358CE234-7BD2-4C94-BF54-E34F3F4ECAC1} - System32\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-4 => C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\caaaa900-de5e-40ed-99d3-76276812a278-4.exe <==== ATTENTION Task: {390FBF61-4569-4B4D-9A37-D61E2F4D957B} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION Task: {48C26633-6CAD-47B6-8B14-F72FD233EDA4} - System32\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-1 => C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\CinemaHd For Pro 2.4cV07.01-codedownloader.exe <==== ATTENTION Task: {5517D674-DC16-4BBA-B9E0-1584DED3DDB1} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-01-20] (YTDownloader) <==== ATTENTION Task: {574BB242-9D5B-4C98-AF09-16B109000FC7} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION Task: {681779FC-0134-4356-92DF-2ECEA0253E05} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION Task: {84F4E4E1-DCF9-4B95-8A40-79B4DF95420B} - System32\Tasks\WSE_Vosteran => C:\Users\PEINDR~1\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {99F9D9DF-3D1C-45EE-84CB-83BFC2D7592F} - System32\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-2 => C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\caaaa900-de5e-40ed-99d3-76276812a278-2.exe <==== ATTENTION Task: {A15ABBAE-C8F1-4D79-80AE-920549B3F133} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION Task: {A624E31F-FF21-45AE-9606-CF818945648E} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-12-16] () <==== ATTENTION Task: {A97D7F04-4712-4C64-A1A6-184CFA6923F6} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: {BA482E01-6848-4D30-94D9-8BE3DD8E5059} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2015-01-20] (Goobzo) <==== ATTENTION Task: {BE6FDACF-C065-456B-8E89-08C0BF48AC5E} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-21] (AnyProtect.com) <==== ATTENTION Task: {D629AA5D-77B6-49D8-92E7-7A22A21F7734} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-25] (MyPC Backup) <==== ATTENTION Task: {EBE4E555-46EB-4544-91BE-17BC366CA2A0} - \caaaa900-de5e-40ed-99d3-76276812a278-5 No Task File <==== ATTENTION Task: {EE5ECD00-1C89-418D-805D-65624E004A0E} - System32\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-5_user => C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\caaaa900-de5e-40ed-99d3-76276812a278-5.exe <==== ATTENTION Task: {F0C1BDBC-2C4E-482B-BB95-588A2A2B2D69} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: {F6AB15E6-8F9D-4BCF-BA8B-D7511867C070} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-21] (AnyProtect.com) <==== ATTENTION Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-1.job => C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\CinemaHd For Pro 2.4cV07.01-codedownloader.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-2.job => C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\caaaa900-de5e-40ed-99d3-76276812a278-2.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-4.job => C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\caaaa900-de5e-40ed-99d3-76276812a278-4.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-5.job => C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\caaaa900-de5e-40ed-99d3-76276812a278-5.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-5_user.job => C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\caaaa900-de5e-40ed-99d3-76276812a278-5.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\WSE_Vosteran.job => C:\Users\PEINDR~1\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION HKLM-x32\...\Run: [App Client] => C:\Program Files (x86)\App Client\AppHelper.exe [893952 2014-11-17] () HKLM-x32\...\Run: [AppHelper] => C:\Program Files (x86)\App Client\AppHelper.exe [893952 2014-11-17] () Une fois, le texte coller dans le bloc-note. Menu Fichier puis Enregistrer sous. A gauche, place toi sur le bureau. Dans le champs en bas, nom du fichier mets : fixlist.txt Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau. Relance FRST et clic sur le bouton Fix Selon comment un redémarrage est nécessaire (pas obligatoire). Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message. Redémarre l'ordinateur Si internet ne fonctionne pas, suis la procédure notée. puis réinitialise tes navigateurs: ================================== Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites : * Firefox : https://www.malekal.com/reparer-firefox/?t=36057&start= * Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start= * Internet Explorer et modules complémentaires / moteurs de recherche : https://forum.malekal.com/viewtopic.php?t=41399&start= Like the angel you are, you laugh creating a lightness in my chest, Your eyes they penetrate me, (Your answer's always 'maybe') That's when I got up and left

lajeve · Answer

Salut,

J'ai l'impression qu'adwcleaner a cessé de fonctionner plusieurs fois, il n'a fonctionné que jusqu'à un certain stage et après au bout d'une heure toujours rien. Donc j'ai dû tuer le processus pour le relancer à 2 reprises.

Voici le rapport: 

# AdwCleaner v4.110 - Rapport créé le 11/02/2015 à 20:54:28
# Mis à jour le 05/02/2015 par Xplode
# Base de données : 2015-02-05.2 [Locale]
# Système d'exploitation : Windows 8.1  (x64)
# Nom d'utilisateur : PEINDRE13 - PEINDRE
# Exécuté depuis : C:\Users\PEINDRE13\Desktop\AdwCleaner-4.110.exe
# Option : Nettoyer

 [ Services ] *****
 [ Fichiers / Dossiers ] *****

[!] Dossier Supprimé : C:\ProgramData\smdmf
[!] Dossier Supprimé : C:\Program Files (x86)\Settings Manager
[!] Dossier Supprimé : C:\Program Files (x86)\Search Extensions
Dossier Supprimé : C:\Program Files (x86)\Faster Light

 [ Tâches planifiées ] *****

Tâche Supprimée : globalUpdateUpdateTaskMachineUA
Tâche Supprimée : LaunchSignup
Tâche Supprimée : Optimizer Pro Schedule
Tâche Supprimée : RocketTab Update Task
Tâche Supprimée : RocketTab


Je fais les autres manip et t'écris à nouveau.

lajeve · Answer

et voici le rapport FRST: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-02-2015 02 Ran by PEINDRE13 at 2015-02-11 22:15:49 Run:1 Running from C:\Users\PEINDRE13\Desktop Loaded Profiles: PEINDRE13 (Available profiles: PEINDRE13) Boot Mode: Normal ============================================== Content of fixlist: HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988456 2015-01-20] (YTDownloader) HKLM-x32\...\Run: [eDealPop] => C:\Program Files (x86)\eDealPop\eDealPop.exe HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [148048 2014-11-04] (PC Utilities Software Limited) HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\Run: [GoogleChromeAutoLaunch_9BC5EE769F8395B9E9DEC2F8DCC0D839] => C:\Users\PEINDRE13\AppData\Local\Vosteran\Application\vosteran.exe --auto-launch-at-startup --profile-directory=Default HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\Run: [ChicaPasswordManager] => C:\Program Files (x86)\ChicaLogic\Chica Password Manager\stpass.exe /autorunned HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [1988456 2015-01-20] (YTDownloader) AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC64Loader.dll [253200 2015-01-28] (Client Connect LTD) AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [219408 2015-01-28] (Client Connect LTD) HKLM-x32\...\Run: [mbot_fr_163] => C:\Program Files (x86)\mbot_fr_163\mbot_fr_163.exe Startup: C:\Users\PEINDRE13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\settings manager\smdmf\x64\sysapcrt.dll [669200 2015-01-04] () HKLM\...\AppCertDlls: [x86] -> c:\program files (x86)\settings manager\smdmf\sysapcrt.dll [493584 2015-01-04] () SearchScopes: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = BHO: ROYaalCoupon -> {0257c7a3-51be-49ca-abf9-ce292ff46104} -> C:\ProgramData\ROYaalCoupon\ss2a9Nl775slhQ.x64.dll () BHO: roceckeetsaLe -> {0d1fe3bc-0a7f-4b7f-ac2f-ca5fcca73992} -> C:\ProgramData oceckeetsaLe\6QgEgT1RExApm5.x64.dll () BHO: CinemaHd For Pro 2.4cV07.01 -> {11111111-1111-1111-1111-110611901161} -> C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\CinemaHd For Pro 2.4cV07.01-bho64.dll (Cinema ProV07.01) BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft) BHO: TicTaCouppOn -> {48e7a385-fa49-4645-8709-d04540984792} -> C:\ProgramData\TicTaCouppOn\CafNes5AcZz5dB.x64.dll () BHO: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\PEINDRE13\AppData\Local\Linkey\IEExtension\iedll64.dll (Aztec Media Inc) BHO: greatsaVing -> {6f365b43-bc07-49ad-b924-1fef8e000855} -> C:\ProgramData\greatsaVing\2Aj2pYGk6rZz7j.x64.dll No File BHO: deoolllarsaver -> {803c0acc-6ab7-402a-bafa-e72fc2f7dfde} -> C:\ProgramData\deoolllarsaver\fYTtybhev8D8mh.x64.dll () BHO: RoyealCoupOn -> {bea48c8d-90ec-4667-89c9-ed26a24b7069} -> C:\ProgramData\RoyealCoupOn\lf5BlILralCwIk.x64.dll () BHO: WowoCouupon -> {c450a1e7-024e-46d2-ae05-eee1190d0038} -> C:\ProgramData\WowoCouupon\fGYmrw0H99C21X.x64.dll () BHO: tperfectcoupon -> {cfd7b479-37d7-4083-8bf2-a4794e9394a7} -> C:\ProgramData perfectcoupon\1ocj1dWEZOUhh3.x64.dll () BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft) BHO: fasetsaler -> {ebb90bba-3fe0-4b1f-b4c9-fe892203af50} -> C:\ProgramData\fasetsaler\LbE3TqUTHAD400.x64.dll () BHO: free22you -> {f355144e-19a2-43cb-a343-aef79667f296} -> C:\ProgramData\free22you\MTFze3Nyp69IZv.x64.dll () BHO: couponpEuaaK -> {f736d76a-9c64-4653-ac21-a129958c55be} -> C:\ProgramData\couponpEuaaK\pKdRUugxYQRjP6.x64.dll () BHO-x32: ROYaalCoupon -> {0257c7a3-51be-49ca-abf9-ce292ff46104} -> C:\ProgramData\ROYaalCoupon\ss2a9Nl775slhQ.dll () BHO-x32: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO-x32: roceckeetsaLe -> {0d1fe3bc-0a7f-4b7f-ac2f-ca5fcca73992} -> C:\ProgramData oceckeetsaLe\6QgEgT1RExApm5.dll No File BHO-x32: CinemaHd For Pro 2.4cV07.01 -> {11111111-1111-1111-1111-110611901161} -> C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\CinemaHd For Pro 2.4cV07.01-bho.dll No File BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll No File BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft) BHO-x32: TicTaCouppOn -> {48e7a385-fa49-4645-8709-d04540984792} -> C:\ProgramData\TicTaCouppOn\CafNes5AcZz5dB.dll No File BHO-x32: Linkey -> {4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} -> C:\Users\PEINDRE13\AppData\Local\Linkey\IEExtension\iedll.dll No File BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.6.0.27\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: greatsaVing -> {6f365b43-bc07-49ad-b924-1fef8e000855} -> C:\ProgramData\greatsaVing\2Aj2pYGk6rZz7j.dll No File BHO-x32: deoolllarsaver -> {803c0acc-6ab7-402a-bafa-e72fc2f7dfde} -> C:\ProgramData\deoolllarsaver\fYTtybhev8D8mh.dll No File BHO-x32: Faster Light 1.0.0.7 -> {950ef4df-b9dd-4b97-9e34-5c7d25a5eb88} -> C:\Program Files (x86)\Faster Light\FasterLightBHO.dll No File BHO-x32: RoyealCoupOn -> {bea48c8d-90ec-4667-89c9-ed26a24b7069} -> C:\ProgramData\RoyealCoupOn\lf5BlILralCwIk.dll No File BHO-x32: WowoCouupon -> {c450a1e7-024e-46d2-ae05-eee1190d0038} -> C:\ProgramData\WowoCouupon\fGYmrw0H99C21X.dll No File BHO-x32: tperfectcoupon -> {cfd7b479-37d7-4083-8bf2-a4794e9394a7} -> C:\ProgramData perfectcoupon\1ocj1dWEZOUhh3.dll No File BHO-x32: fasetsaler -> {ebb90bba-3fe0-4b1f-b4c9-fe892203af50} -> C:\ProgramData\fasetsaler\LbE3TqUTHAD400.dll No File BHO-x32: free22you -> {f355144e-19a2-43cb-a343-aef79667f296} -> C:\ProgramData\free22you\MTFze3Nyp69IZv.dll No File BHO-x32: couponpEuaaK -> {f736d76a-9c64-4653-ac21-a129958c55be} -> C:\ProgramData\couponpEuaaK\pKdRUugxYQRjP6.dll No File FF Extension: iWebar - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com [2015-01-21] FF Extension: ExtraShOppEr - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\9Nr@DCyst.net [2014-12-16] FF Extension: couponpaeaku - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\a@WTJZxPz5.org [2015-01-07] FF Extension: CinemaHd For Pro 2.4cV07.01 - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\c6d10446ffd84587ac59c8230189@815dffea895e418f9d9fd8cf.com [2015-01-07] FF Extension: Security Protection - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\detgdp@gmail.com [2014-12-17] FF Extension: Linkey for Firefox - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\extension@linkeyproject.com [2015-01-07] FF Extension: sAleprizzes - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\FVwUC@9Xcx.net [2015-01-22] FF Extension: daileyPrize - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\MYUy@MxtVcz.com [2015-01-06] FF Extension: buyyandbrrowse - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\q00nZJm@T.edu [2015-01-22] FF Extension: ooFFeraapopp - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\SX@F.edu [2015-01-06] FF Extension: deaalpeeaakk - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\T@PQ.com [2014-12-17] FF Extension: No Name - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions rash [2015-01-29] FF Extension: useragentrgmozillaorg - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\useragentrg@mozilla.org [2015-01-14] FF Extension: LuucckYSHopper - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\uz203@jas.org [2015-01-04] FF Extension: Yahoo! Toolbar - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2015-01-29] FF Extension: Faster Light 1.0.1 - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\{5fa86e60-a54d-4e77-b1f1-f7bc1e215749}.xpi [2015-02-09] FF HKLM-x32\...\Firefox\Extensions: [detgdp@gmail.com] - C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\extensions\detgdp@gmail.com CHR HKLM-x32\...\Chrome\Extension: [fpmeembnagmagppkgghhfjfdfajdfcah] - C:\Users\PEINDRE13\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx [2015-01-07] R2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION R2 commandregister64; C:\windows\SysWOW64\commandregister64\commandregister64.exe [83456 2015-01-16] () [File not signed] R2 CouponarificService64; C:\Program Files (x86)\AC2EE680-7CFE-4839-8B77-84980CFAA6B2\xtloowpkjv64.exe [186368 2014-11-19] () [File not signed] R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-10-15] (Cherished Technololgy LIMITED) R2 kzmhgtoyat32; C:\Program Files\010\kzmhgtoyat32.exe [682992 2014-11-26] () R2 msmpeg2vdecrshx32Provider.exe; C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider\msmpeg2vdecrshx32Provider.exe [211968 2015-02-09] () [File not signed] R2 SmdmFService; C:\Program Files (x86)\Settings Manager\smdmf\SmdmFService.exe [3573264 2015-01-04] (Aztec Media Inc) R2 Util Faster Light; C:\Program Files (x86)\Faster Light\bin\utilFasterLight.exe [394992 2015-02-09] () R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [463872 2015-01-19] (SysTool PasSame LIMITED) [File not signed] S2 4dd8d474; C:\WINDOWS\system32 undll32.exe c:\Program Files (x86)\RelayDouble\RelayDouble.dll,serv S2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [X] S2 debuggersamba_86.exe; C:\Users\PEINDRE13\AppData\Local\debuggersamba_86\debuggersamba_86.exe [X] S2 functionprocessSched; C:\windows\SysWOW64\functionprocessSched\functionprocessSched.exe [X] S2 globalUpdate; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc [X] S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X] S2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [X] S2 Update Faster Light; C:\Program Files (x86)\Faster Light\updateFasterLight.exe [X] R2 sbmntr; C:\Program Files (x86)\YTDownloader\sbmntr.sys [58728 2015-01-20] (YTDownloader) 2015-02-09 14:36 - 2015-02-10 09:15 - 00000000 ____D () C:\Program Files (x86)\eDealPop 2015-02-09 14:36 - 2015-02-09 14:39 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider 2015-02-04 18:09 - 2015-02-04 18:09 - 00000000 ____D () C:\ProgramData\salesale 2015-02-03 15:49 - 2015-02-03 15:49 - 00077728 _____ () C:\Users\PEINDRE13\Downloads\FLVPlayer-Chrome (2).exe 2015-02-03 13:24 - 2015-02-06 12:55 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Local\avaxvavya 2015-02-03 13:24 - 2015-02-03 13:24 - 00003482 _____ () C:\WINDOWS\System32\Tasks\avaxvavya 2015-01-22 09:53 - 2015-02-06 09:47 - 00000000 ____D () C:\ProgramData oceckeetsaLe 2015-01-22 09:52 - 2015-02-06 09:47 - 00000000 ____D () C:\ProgramData\free22you 2015-01-22 00:42 - 2015-01-22 00:42 - 00285864 _____ () C:\WINDOWS\Minidump\012215-87437-01.dmp 2015-01-22 00:31 - 2015-01-22 00:31 - 00525855 _____ () C:\Users\PEINDRE13\Downloads\Installation.exe 2015-01-21 21:34 - 2015-01-21 21:34 - 00001144 _____ () C:\Users\PEINDRE13\Desktop\Live PC Help.lnk 2015-01-21 20:53 - 2015-02-06 13:52 - 00000000 ____D () C:\Program Files (x86)\RelayDouble 2015-01-21 20:52 - 2015-01-21 20:52 - 00000000 ____D () C:\ProgramData\2355320829 2015-01-21 19:02 - 2015-01-21 19:02 - 00003588 _____ () C:\WINDOWS\System32\Tasks\YTDownloader 2015-01-21 19:02 - 2015-01-21 19:02 - 00003578 _____ () C:\WINDOWS\System32\Tasks\YTDownloaderUpd 2015-01-21 19:02 - 2015-01-21 19:02 - 00001965 _____ () C:\Users\PEINDRE13\Desktop\YTDownloader.lnk 2015-01-21 19:02 - 2015-01-21 19:02 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader 2015-01-21 19:02 - 2015-01-21 19:02 - 00000000 ____D () C:\Program Files (x86)\YTDownloader 2015-01-21 18:59 - 2015-01-21 19:21 - 00001146 _____ () C:\Users\PEINDRE13\Desktop\Continue Live Installation.lnk 2015-01-21 18:33 - 2015-01-21 18:33 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Roaming\ASP 2015-01-21 18:32 - 2015-01-21 21:34 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Roaming\systweak 2015-01-21 18:30 - 2015-01-21 21:36 - 00000000 ____D () C:\Program Files (x86)\SoftwareUpdater 2015-01-19 17:25 - 2015-01-19 22:02 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Compatibility Verifier 2015-01-19 17:25 - 2015-01-19 22:02 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Compatibility Verifier 2015-01-19 14:19 - 2015-02-08 22:21 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Roaming\Compatibility Verifier 2015-02-11 13:42 - 2013-12-18 19:32 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2966991898-3599612516-2177771990-1001 2015-02-11 13:39 - 2015-01-07 19:56 - 00000000 ____D () C:\ProgramData\smdmf 2015-02-11 13:18 - 2014-12-16 00:18 - 00000322 _____ () C:\WINDOWS\Tasks\WSE_Vosteran.job 2015-02-11 13:16 - 2015-01-07 19:58 - 00002482 _____ () C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-5_user.job 2015-02-11 13:16 - 2015-01-07 19:58 - 00002482 _____ () C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-5.job 2015-02-11 13:16 - 2015-01-07 19:57 - 00003514 _____ () C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-1.job 2015-02-11 13:16 - 2015-01-07 19:57 - 00002146 _____ () C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-2.job 2015-02-11 13:16 - 2015-01-07 19:56 - 00004530 _____ () C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-4.job 2015-02-11 13:16 - 2015-01-07 19:56 - 00000988 _____ () C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job 2015-02-11 13:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2015-02-10 17:47 - 2014-12-16 00:16 - 00000000 ____D () C:\Program Files (x86)\Faster Light 2015-02-10 13:04 - 2014-12-16 08:55 - 00000000 ____D () C:\Program Files\Couponarific 2015-02-06 13:57 - 2015-01-06 15:30 - 00000000 ____D () C:\ProgramData\greatsaVing 2015-02-06 12:55 - 2014-11-08 20:09 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 2015-02-06 12:04 - 2014-10-15 15:36 - 00000000 ____D () C:\Program Files (x86)\SupTab 2015-02-06 11:10 - 2014-12-16 12:04 - 00000000 ____D () C:\WINDOWS\SysWOW64\functionprocessSched 2015-02-06 09:47 - 2015-01-07 19:56 - 00000000 ____D () C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01 2015-02-06 09:47 - 2015-01-06 15:31 - 00000000 ____D () C:\ProgramData\couponpEuaaK 2015-02-06 09:47 - 2015-01-06 15:30 - 00000000 ____D () C:\ProgramData\fasetsaler 2015-02-06 09:47 - 2015-01-06 15:30 - 00000000 ____D () C:\ProgramData\deoolllarsaver 2015-02-06 09:47 - 2014-12-17 09:49 - 00000000 ____D () C:\ProgramData\WowoCouupon 2015-02-06 09:47 - 2014-12-16 21:58 - 00000000 ____D () C:\ProgramData\RoyealCoupOn 2015-02-06 09:47 - 2014-11-08 21:10 - 00000000 ____D () C:\ProgramData perfectcoupon 2015-02-06 09:28 - 2014-12-16 12:05 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup 2015-02-05 21:05 - 2014-11-08 20:15 - 00003258 _____ () C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule 2015-02-03 13:24 - 2014-12-16 11:21 - 00000000 ____D () C:\Program Files (x86)\SearchProtect 2015-01-22 19:52 - 2014-12-16 16:59 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP2.job 2015-01-22 09:53 - 2014-11-08 21:10 - 00000000 ____D () C:\ProgramData\1ac0560aa5647f29 2015-01-21 21:38 - 2014-10-15 15:31 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Roaming\omiga-plus 2015-01-21 21:38 - 2013-12-18 19:26 - 00001450 _____ () C:\Users\PEINDRE13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-21 20:41 - 2014-12-16 16:59 - 00000376 _____ () C:\WINDOWS\Tasks\APSnotifierPP3.job 2015-01-21 20:31 - 2014-12-17 09:49 - 00000000 ____D () C:\Program Files (x86)\WinZipper 2015-01-21 20:09 - 2014-12-16 14:35 - 00000378 _____ () C:\WINDOWS\Tasks\APSnotifierPP1.job 2015-01-21 19:47 - 2014-12-16 16:59 - 00002814 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP3 2015-01-21 19:47 - 2014-12-16 16:59 - 00002814 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP2 2015-01-21 19:47 - 2014-12-16 14:35 - 00002816 _____ () C:\WINDOWS\System32\Tasks\APSnotifierPP1 2015-01-21 19:46 - 2014-12-16 14:35 - 00001061 _____ () C:\Users\PEINDRE13\Desktop\AnyProtect.lnk 2015-01-21 19:33 - 2014-12-16 14:31 - 00000000 ____D () C:\Program Files (x86)\AnyProtectEx 2015-01-19 13:38 - 2014-12-16 14:35 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup 2015-01-19 13:38 - 2014-12-16 12:06 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup 2015-01-19 13:38 - 2014-11-08 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 2015-01-19 10:51 - 2014-10-15 15:30 - 00000000 ____D () C:\Users\PEINDRE13\AppData\Local\mbot_fr_163 2015-01-19 10:43 - 2014-10-15 15:36 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect Task: {01FA3775-093F-4213-BD39-5325B3B10B35} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-21] (AnyProtect.com) <==== ATTENTION Task: {27C77F92-270A-46CD-82E6-66D243F8269A} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [2014-11-04] (PC Utilities Software Limited) <==== ATTENTION Task: {358CE234-7BD2-4C94-BF54-E34F3F4ECAC1} - System32\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-4 => C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\caaaa900-de5e-40ed-99d3-76276812a278-4.exe <==== ATTENTION Task: {390FBF61-4569-4B4D-9A37-D61E2F4D957B} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION Task: {48C26633-6CAD-47B6-8B14-F72FD233EDA4} - System32\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-1 => C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\CinemaHd For Pro 2.4cV07.01-codedownloader.exe <==== ATTENTION Task: {5517D674-DC16-4BBA-B9E0-1584DED3DDB1} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe [2015-01-20] (YTDownloader) <==== ATTENTION Task: {574BB242-9D5B-4C98-AF09-16B109000FC7} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION Task: {681779FC-0134-4356-92DF-2ECEA0253E05} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION Task: {84F4E4E1-DCF9-4B95-8A40-79B4DF95420B} - System32\Tasks\WSE_Vosteran => C:\Users\PEINDR~1\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION Task: {99F9D9DF-3D1C-45EE-84CB-83BFC2D7592F} - System32\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-2 => C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\caaaa900-de5e-40ed-99d3-76276812a278-2.exe <==== ATTENTION Task: {A15ABBAE-C8F1-4D79-80AE-920549B3F133} - System32\Tasks\SMupdate1 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1 <==== ATTENTION Task: {A624E31F-FF21-45AE-9606-CF818945648E} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-12-16] () <==== ATTENTION Task: {A97D7F04-4712-4C64-A1A6-184CFA6923F6} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: {BA482E01-6848-4D30-94D9-8BE3DD8E5059} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe [2015-01-20] (Goobzo) <==== ATTENTION Task: {BE6FDACF-C065-456B-8E89-08C0BF48AC5E} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-21] (AnyProtect.com) <==== ATTENTION Task: {D629AA5D-77B6-49D8-92E7-7A22A21F7734} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-25] (MyPC Backup) <==== ATTENTION Task: {EBE4E555-46EB-4544-91BE-17BC366CA2A0} - \caaaa900-de5e-40ed-99d3-76276812a278-5 No Task File <==== ATTENTION Task: {EE5ECD00-1C89-418D-805D-65624E004A0E} - System32\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-5_user => C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\caaaa900-de5e-40ed-99d3-76276812a278-5.exe <==== ATTENTION Task: {F0C1BDBC-2C4E-482B-BB95-588A2A2B2D69} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: {F6AB15E6-8F9D-4BCF-BA8B-D7511867C070} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2015-01-21] (AnyProtect.com) <==== ATTENTION Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-1.job => C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\CinemaHd For Pro 2.4cV07.01-codedownloader.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-2.job => C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\caaaa900-de5e-40ed-99d3-76276812a278-2.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-4.job => C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\caaaa900-de5e-40ed-99d3-76276812a278-4.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-5.job => C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\caaaa900-de5e-40ed-99d3-76276812a278-5.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-5_user.job => C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01\caaaa900-de5e-40ed-99d3-76276812a278-5.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION Task: C:\WINDOWS\Tasks\WSE_Vosteran.job => C:\Users\PEINDR~1\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION malekalmorte@Mak-tux:/tmp$ HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\YTDownloader => Value not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\eDealPop => Value not found. HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Windows\CurrentVersion\Run\Optimizer Pro => Value not found. HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Windows\CurrentVersion\Run\GoogleChromeAutoLaunch_9BC5EE769F8395B9E9DEC2F8DCC0D839 => value deleted successfully. HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Windows\CurrentVersion\Run\ChicaPasswordManager => value deleted successfully. HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Windows\CurrentVersion\Run\YTDownloader => Value not found. "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll" => Value Data not found. "C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC32Loader.dll" => Value Data not found. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mbot_fr_163 => value deleted successfully. C:\Users\PEINDRE13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk not found. C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe not found. HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\EldosMountNotificator => value deleted successfully. "HKLM\Software\Wow6432Node\Classes\CLSID\{5FF49FE8-B332-4CB9-B102-FB6951629E55}" => Key deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\x64 => value deleted successfully. HKLM\System\CurrentControlSet\Control\Session Manager\AppCertDlls\x86 => value deleted successfully. "HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77}" => Key deleted successfully. HKCR\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0257c7a3-51be-49ca-abf9-ce292ff46104} => Key not found. HKCR\CLSID\{0257c7a3-51be-49ca-abf9-ce292ff46104} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d1fe3bc-0a7f-4b7f-ac2f-ca5fcca73992}" => Key deleted successfully. "HKCR\CLSID\{0d1fe3bc-0a7f-4b7f-ac2f-ca5fcca73992}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901161} => Key not found. HKCR\CLSID\{11111111-1111-1111-1111-110611901161} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}" => Key deleted successfully. "HKCR\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48e7a385-fa49-4645-8709-d04540984792} => Key not found. HKCR\CLSID\{48e7a385-fa49-4645-8709-d04540984792} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key not found. HKCR\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f365b43-bc07-49ad-b924-1fef8e000855} => Key not found. HKCR\CLSID\{6f365b43-bc07-49ad-b924-1fef8e000855} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{803c0acc-6ab7-402a-bafa-e72fc2f7dfde} => Key not found. HKCR\CLSID\{803c0acc-6ab7-402a-bafa-e72fc2f7dfde} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bea48c8d-90ec-4667-89c9-ed26a24b7069} => Key not found. HKCR\CLSID\{bea48c8d-90ec-4667-89c9-ed26a24b7069} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c450a1e7-024e-46d2-ae05-eee1190d0038} => Key not found. HKCR\CLSID\{c450a1e7-024e-46d2-ae05-eee1190d0038} => Key not found. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cfd7b479-37d7-4083-8bf2-a4794e9394a7} => Key not found. HKCR\CLSID\{cfd7b479-37d7-4083-8bf2-a4794e9394a7} => Key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}" => Key deleted successfully. "HKCR\CLSID\{EA801577-E6AD-4BD5-8F71-4BE0154331A4}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebb90bba-3fe0-4b1f-b4c9-fe892203af50}" => Key deleted successfully. "HKCR\CLSID\{ebb90bba-3fe0-4b1f-b4c9-fe892203af50}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f355144e-19a2-43cb-a343-aef79667f296}" => Key deleted successfully. "HKCR\CLSID\{f355144e-19a2-43cb-a343-aef79667f296}" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f736d76a-9c64-4653-ac21-a129958c55be} => Key not found. HKCR\CLSID\{f736d76a-9c64-4653-ac21-a129958c55be} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0257c7a3-51be-49ca-abf9-ce292ff46104} => Key not found. HKCR\Wow6432Node\CLSID\{0257c7a3-51be-49ca-abf9-ce292ff46104} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}" => Key Deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0d1fe3bc-0a7f-4b7f-ac2f-ca5fcca73992}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{0d1fe3bc-0a7f-4b7f-ac2f-ca5fcca73992}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611901161} => Key not found. HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611901161} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key not found. HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{449D0D6E-2412-4E61-B68F-1CB625CD9E52}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{48e7a385-fa49-4645-8709-d04540984792} => Key not found. HKCR\Wow6432Node\CLSID\{48e7a385-fa49-4645-8709-d04540984792} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key not found. HKCR\Wow6432Node\CLSID\{4D9101D6-5BA0-4048-BDDE-7E2DF54C8C47} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6f365b43-bc07-49ad-b924-1fef8e000855} => Key not found. HKCR\Wow6432Node\CLSID\{6f365b43-bc07-49ad-b924-1fef8e000855} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{803c0acc-6ab7-402a-bafa-e72fc2f7dfde} => Key not found. HKCR\Wow6432Node\CLSID\{803c0acc-6ab7-402a-bafa-e72fc2f7dfde} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{950ef4df-b9dd-4b97-9e34-5c7d25a5eb88} => Key not found. HKCR\Wow6432Node\CLSID\{950ef4df-b9dd-4b97-9e34-5c7d25a5eb88} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bea48c8d-90ec-4667-89c9-ed26a24b7069} => Key not found. HKCR\Wow6432Node\CLSID\{bea48c8d-90ec-4667-89c9-ed26a24b7069} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c450a1e7-024e-46d2-ae05-eee1190d0038} => Key not found. HKCR\Wow6432Node\CLSID\{c450a1e7-024e-46d2-ae05-eee1190d0038} => Key not found. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cfd7b479-37d7-4083-8bf2-a4794e9394a7} => Key not found. HKCR\Wow6432Node\CLSID\{cfd7b479-37d7-4083-8bf2-a4794e9394a7} => Key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebb90bba-3fe0-4b1f-b4c9-fe892203af50}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{ebb90bba-3fe0-4b1f-b4c9-fe892203af50}" => Key deleted successfully. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f355144e-19a2-43cb-a343-aef79667f296}" => Key deleted successfully. "HKCR\Wow6432Node\CLSID\{f355144e-19a2-43cb-a343-aef79667f296}" => Key deleted successfully. HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f736d76a-9c64-4653-ac21-a129958c55be} => Key not found. HKCR\Wow6432Node\CLSID\{f736d76a-9c64-4653-ac21-a129958c55be} => Key not found. C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\14fef81ee28d4335a493c2d@6383fd42ff9b4872bccb5b.com => Moved successfully. C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\9Nr@DCyst.net not found. C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\a@WTJZxPz5.org not found. C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\c6d10446ffd84587ac59c8230189@815dffea895e418f9d9fd8cf.com not found. C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\detgdp@gmail.com not found. C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\extension@linkeyproject.com not found. C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\FVwUC@9Xcx.net => Moved successfully. C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\MYUy@MxtVcz.com not found. C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\q00nZJm@T.edu => Moved successfully. C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\SX@F.edu => Moved successfully. C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\T@PQ.com not found. C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions rash => Moved successfully. C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\useragentrg@mozilla.org => Moved successfully. C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\uz203@jas.org not found. C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} not found. C:\Users\PEINDRE13\AppData\Roaming\Mozilla\Firefox\Profiles\5jyjlbz3.default-1418747929868\Extensions\{5fa86e60-a54d-4e77-b1f1-f7bc1e215749}.xpi not found. HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\detgdp@gmail.com => Value not found. "HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fpmeembnagmagppkgghhfjfdfajdfcah" => Key deleted successfully. "C:\Users\PEINDRE13\AppData\Local\Linkey\ChromeExtension\ChromeExtension.crx" => File/Directory not found. BackupStack => Service not found. commandregister64 => Unable to stop service commandregister64 => Service deleted successfully. CouponarificService64 => Service not found. IePluginServices => Service not found. kzmhgtoyat32 => Service not found. msmpeg2vdecrshx32Provider.exe => Unable to stop service msmpeg2vdecrshx32Provider.exe => Service deleted successfully. SmdmFService => Service not found. Util Faster Light => Service deleted successfully. WindowsMangerProtect => Service not found. 4dd8d474 => Service not found. CltMngSvc => Service not found. debuggersamba_86.exe => Service deleted successfully. functionprocessSched => Service deleted successfully. globalUpdate => Service not found. globalUpdatem => Service not found. iSafeService => Service not found. Update Faster Light => Service deleted successfully. sbmntr => Service not found. "C:\Program Files (x86)\eDealPop" => File/Directory not found. "C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider" directory move: C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider\msmpeg2vdecrshx32Provider.exe => Moved successfully. C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider\msvcp100.dll => Moved successfully. C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider\msvcr100.dll => Moved successfully. C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider\qjson0.dll => Moved successfully. C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider\QtCore4.dll => Moved successfully. C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider\QtNetwork4.dll => Moved successfully. C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider\SrDt.exe => Moved successfully. C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider\win32dimsjobBckp.exe => Moved successfully. C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider\service\msmpeg2vdecrshx32Provider.exe-(PID-1968)-118711765\AdwCleaner-4.110.exe-(PID-2636).dmp => Moved successfully. C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider\service\msmpeg2vdecrshx32Provider.exe-(PID-1968)-118711765\msmpeg2vdecrshx32Provider.exe-(PID-1968).dmp => Moved successfully. C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider\desktop\win32dimsjobBckp.exe-(PID-4716)-12056078\adwcleaner-1.606-en.exe-(PID-8112).dmp_PROCESS_SUBMITTED => Moved successfully. C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider\desktop\win32dimsjobBckp.exe-(PID-4716)-12056078\win32dimsjobBckp.exe-(PID-4716).dmp => Moved successfully. Could not move "C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider" directory. => Scheduled to move on reboot. C:\ProgramData\salesale => Moved successfully. C:\Users\PEINDRE13\Downloads\FLVPlayer-Chrome (2).exe => Moved successfully. C:\Users\PEINDRE13\AppData\Local\avaxvavya => Moved successfully. C:\WINDOWS\System32\Tasks\avaxvavya => Moved successfully. C:\ProgramData oceckeetsaLe => Moved successfully. C:\ProgramData\free22you => Moved successfully. C:\WINDOWS\Minidump\012215-87437-01.dmp => Moved successfully. C:\Users\PEINDRE13\Downloads\Installation.exe => Moved successfully. "C:\Users\PEINDRE13\Desktop\Live PC Help.lnk" => File/Directory not found. "C:\Program Files (x86)\RelayDouble" => File/Directory not found. C:\ProgramData\2355320829 => Moved successfully. "C:\WINDOWS\System32\Tasks\YTDownloader" => File/Directory not found. "C:\WINDOWS\System32\Tasks\YTDownloaderUpd" => File/Directory not found. "C:\Users\PEINDRE13\Desktop\YTDownloader.lnk" => File/Directory not found. "C:\Users\PEINDRE13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\YTDownloader" => File/Directory not found. "C:\Program Files (x86)\YTDownloader" => File/Directory not found. "C:\Users\PEINDRE13\Desktop\Continue Live Installation.lnk" => File/Directory not found. "C:\Users\PEINDRE13\AppData\Roaming\ASP" => File/Directory not found. "C:\Users\PEINDRE13\AppData\Roaming\systweak" => File/Directory not found. "C:\Program Files (x86)\SoftwareUpdater" => File/Directory not found. C:\Users\Default\AppData\Roaming\Compatibility Verifier => Moved successfully. "C:\Users\Default User\AppData\Roaming\Compatibility Verifier" => File/Directory not found. "C:\Users\PEINDRE13\AppData\Roaming\Compatibility Verifier" => File/Directory not found. C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2966991898-3599612516-2177771990-1001 => Moved successfully. "C:\ProgramData\smdmf" => File/Directory not found. "C:\WINDOWS\Tasks\WSE_Vosteran.job" => File/Directory not found. "C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-5_user.job" => File/Directory not found. "C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-5.job" => File/Directory not found. "C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-1.job" => File/Directory not found. "C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-2.job" => File/Directory not found. "C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-4.job" => File/Directory not found. "C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job" => File/Directory not found. C:\WINDOWS\system32\sru => Moved successfully. "C:\Program Files (x86)\Faster Light" => File/Directory not found. "C:\Program Files\Couponarific" => File/Directory not found. "C:\ProgramData\greatsaVing" => File/Directory not found. "C:\Program Files (x86)\Optimizer Pro" => File/Directory not found. "C:\Program Files (x86)\SupTab" => File/Directory not found. C:\WINDOWS\SysWOW64\functionprocessSched => Moved successfully. "C:\Program Files (x86)\CinemaHd For Pro 2.4cV07.01" => File/Directory not found. "C:\ProgramData\couponpEuaaK" => File/Directory not found. C:\ProgramData\fasetsaler => Moved successfully. "C:\ProgramData\deoolllarsaver" => File/Directory not found. "C:\ProgramData\WowoCouupon" => File/Directory not found. "C:\ProgramData\RoyealCoupOn" => File/Directory not found. "C:\ProgramData perfectcoupon" => File/Directory not found. "C:\Program Files (x86)\MyPC Backup" => File/Directory not found. "C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule" => File/Directory not found. "C:\Program Files (x86)\SearchProtect" => File/Directory not found. "C:\WINDOWS\Tasks\APSnotifierPP2.job" => File/Directory not found. "C:\ProgramData\1ac0560aa5647f29" => File/Directory not found. "C:\Users\PEINDRE13\AppData\Roaming\omiga-plus" => File/Directory not found. C:\Users\PEINDRE13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Moved successfully. "C:\WINDOWS\Tasks\APSnotifierPP3.job" => File/Directory not found. "C:\Program Files (x86)\WinZipper" => File/Directory not found. "C:\WINDOWS\Tasks\APSnotifierPP1.job" => File/Directory not found. "C:\WINDOWS\System32\Tasks\APSnotifierPP3" => File/Directory not found. "C:\WINDOWS\System32\Tasks\APSnotifierPP2" => File/Directory not found. "C:\WINDOWS\System32\Tasks\APSnotifierPP1" => File/Directory not found. "C:\Users\PEINDRE13\Desktop\AnyProtect.lnk" => File/Directory not found. "C:\Program Files (x86)\AnyProtectEx" => File/Directory not found. "C:\Users\PEINDRE13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup" => File/Directory not found. "C:\Users\PEINDRE13\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup" => File/Directory not found. "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2" => File/Directory not found. "C:\Users\PEINDRE13\AppData\Local\mbot_fr_163" => File/Directory not found. "C:\ProgramData\WindowsMangerProtect" => File/Directory not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01FA3775-093F-4213-BD39-5325B3B10B35} => Key not found. C:\Windows\System32\Tasks\APSnotifierPP1 not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{27C77F92-270A-46CD-82E6-66D243F8269A} => Key not found. C:\Windows\System32\Tasks\Optimizer Pro Schedule not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{358CE234-7BD2-4C94-BF54-E34F3F4ECAC1} => Key not found. C:\Windows\System32\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-4 not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\caaaa900-de5e-40ed-99d3-76276812a278-4 => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{390FBF61-4569-4B4D-9A37-D61E2F4D957B}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{390FBF61-4569-4B4D-9A37-D61E2F4D957B}" => Key deleted successfully. C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Maintenance\SMupdate2" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48C26633-6CAD-47B6-8B14-F72FD233EDA4} => Key not found. C:\Windows\System32\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-1 not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\caaaa900-de5e-40ed-99d3-76276812a278-1 => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5517D674-DC16-4BBA-B9E0-1584DED3DDB1} => Key not found. C:\Windows\System32\Tasks\YTDownloader not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader => Key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{574BB242-9D5B-4C98-AF09-16B109000FC7}" => Key deleted successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{574BB242-9D5B-4C98-AF09-16B109000FC7}" => Key deleted successfully. C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Moved successfully. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Multimedia\SMupdate3" => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{681779FC-0134-4356-92DF-2ECEA0253E05} => Key not found. C:\Windows\System32\Tasks\RocketTab not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84F4E4E1-DCF9-4B95-8A40-79B4DF95420B} => Key not found. C:\Windows\System32\Tasks\WSE_Vosteran not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WSE_Vosteran => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99F9D9DF-3D1C-45EE-84CB-83BFC2D7592F} => Key not found. C:\Windows\System32\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-2 not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\caaaa900-de5e-40ed-99d3-76276812a278-2 => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A15ABBAE-C8F1-4D79-80AE-920549B3F133} => Key not found. C:\Windows\System32\Tasks\SMupdate1 not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMupdate1 => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A624E31F-FF21-45AE-9606-CF818945648E} => Key not found. C:\Windows\System32\Tasks\RocketTab Update Task not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RocketTab Update Task => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A97D7F04-4712-4C64-A1A6-184CFA6923F6} => Key not found. C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BA482E01-6848-4D30-94D9-8BE3DD8E5059} => Key not found. C:\Windows\System32\Tasks\YTDownloaderUpd not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE6FDACF-C065-456B-8E89-08C0BF48AC5E} => Key not found. C:\Windows\System32\Tasks\APSnotifierPP2 not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D629AA5D-77B6-49D8-92E7-7A22A21F7734} => Key not found. C:\Windows\System32\Tasks\LaunchSignup not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EBE4E555-46EB-4544-91BE-17BC366CA2A0} => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\caaaa900-de5e-40ed-99d3-76276812a278-5 => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE5ECD00-1C89-418D-805D-65624E004A0E} => Key not found. C:\Windows\System32\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-5_user not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\caaaa900-de5e-40ed-99d3-76276812a278-5_user => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0C1BDBC-2C4E-482B-BB95-588A2A2B2D69} => Key not found. C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineUA => Key not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6AB15E6-8F9D-4BCF-BA8B-D7511867C070} => Key not found. C:\Windows\System32\Tasks\APSnotifierPP3 not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => Key not found. C:\WINDOWS\Tasks\APSnotifierPP1.job not found. C:\WINDOWS\Tasks\APSnotifierPP2.job not found. C:\WINDOWS\Tasks\APSnotifierPP3.job not found. C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-1.job not found. C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-2.job not found. C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-4.job not found. C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-5.job not found. C:\WINDOWS\Tasks\caaaa900-de5e-40ed-99d3-76276812a278-5_user.job not found. C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineCore.job not found. C:\WINDOWS\Tasks\globalUpdateUpdateTaskMachineUA.job not found. C:\WINDOWS\Tasks\WSE_Vosteran.job not found. malekalmorte@Mak-tux:/tmp$ => Error: No automatic fix found for this entry. > Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-11 22:17:33)< C:\Users\PEINDRE13\AppData\Local\msmpeg2vdecrshx32Provider => Is moved successfully. End of Fixlog 22:17:33

Malekal_morte- · Answer

ok le PC devrait être plus rapide.
Refais une analyse FRST et fais passer les rapports par pjjoint comme la première fois.

lajeve · Answer

Salut,

voilà les liens:
https://pjjoint.malekal.com/files.php?id=20150214_r10z9g10x12f15
https://pjjoint.malekal.com/files.php?id=20150214_d9n10x6e10y14
https://pjjoint.malekal.com/files.php?id=20150214_p15l6u15o8h11

Désolé pour le délais, l-ordinateur fonctionne depuis et j'espère qu'il est finalement propre.
Merci pour ton aide

Malekal_morte- · Answer

ok,

Tu peux scanner C:\Windows\wauctla.exe
sur https://www.virustotal.com/gui/ et donner le lien ici.

lajeve · Answer

Salut,

Voici le lien:

https://www.virustotal.com/gui/file/f75f4facf1375ca77e28ce6173e2411b23c0fb894acba45b210b3130e604efae

Il semble qu'il reste encore quelques fichiers suspicieux non?

Merci pour ton aide

Malekal_morte- · Answer

ok je vois...
C'est ce qui a permis son retour.



 
 Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit : 
 
R2 wauctla Service; C:\WINDOWS\wauctla.exe [188928 2015-02-06] () [File not signed]
C:\WINDOWS\wauctla.exe
   
 Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message. 

Redémarre l'ordinateur


 
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left

lajeve · Answer

Salut,
voilà le lien:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-02-2015
Ran by PEINDRE13 at 2015-02-16 13:42:43 Run:2
Running from C:\Users\PEINDRE13\Desktop
Loaded Profiles: PEINDRE13 (Available profiles: PEINDRE13)
Boot Mode: Normal
==============================================

Content of fixlist:


R2 wauctla Service; C:\WINDOWS\wauctla.exe [188928 2015-02-06] () [File not signed]
C:\WINDOWS\wauctla.exe 



wauctla Service => Unable to stop service
wauctla Service => Service deleted successfully.
C:\WINDOWS\wauctla.exe => Moved successfully.


The system needed a reboot. 
 End of Fixlog 13:42:49

Malekal_morte- · Answer

Plus de publicités intempestives ?

lajeve · Answer

En effet, je n'ai plus de publicité.
Est ce que c'est terminé ou il y a autre chose à faire?

EDealsPops, ROYaalCoupon, SubTap, daileyPrize etc.

13 réponses

> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-02-11 22:17:33)<

End of Fixlog 22:17:33

End of Fixlog 13:42:49

Discussions similaires

Newsletters