Probleme avec page de pub intempestive sur internet
Fermé
thibaut3000
-
2 mars 2015 à 15:38
thibaut3000 Messages postés 1 Date d'inscription lundi 2 mars 2015 Statut Membre Dernière intervention 2 mars 2015 - 2 mars 2015 à 18:37
thibaut3000 Messages postés 1 Date d'inscription lundi 2 mars 2015 Statut Membre Dernière intervention 2 mars 2015 - 2 mars 2015 à 18:37
A voir également:
- Probleme avec page de pub intempestive sur internet
- Bloqueur de pub youtube - Guide
- Supprimer une page word - Guide
- Netflix standard avec pub - Guide
- Traduire une page internet - Guide
- YT Siphon : une extension pour contourner la pub sur YouTube - Guide
4 réponses
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
2 mars 2015 à 15:44
2 mars 2015 à 15:44
Bonjour,
[*] Télécharge :Farbar Recovery Scan Tool (FRST) à partir ce lien : https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
[*] Enregistre le sur votre bureau ( Vous devez exécuter la version compatible avec votre système 32 bits ou 64 bits)
==> Comment savoir quelle version 32 bits ou 64 bits est exécutée sur mon système ?
[*] Lance FRST, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
[*] Sur le menu principal, vérifie que la case "Addition.txt" soit cochée puis clique sur "Scan" et patiente le temps de l'analyse
[*] Une fois le scan terminé rends toi sur le bureau, deux rapports FRST.txt et Addition.txt ont été créés.
[*] Héberge les rapports FRST.txt et Addition.txt présent sur ton bureau sur : malekal.com
[*] Fais copier/coller les liens fournis dans ta prochaine réponse.
==> Aide: <<<ICI>>>
@+
[*] Télécharge :Farbar Recovery Scan Tool (FRST) à partir ce lien : https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/
[*] Enregistre le sur votre bureau ( Vous devez exécuter la version compatible avec votre système 32 bits ou 64 bits)
==> Comment savoir quelle version 32 bits ou 64 bits est exécutée sur mon système ?
[*] Lance FRST, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
[*] Sur le menu principal, vérifie que la case "Addition.txt" soit cochée puis clique sur "Scan" et patiente le temps de l'analyse
[*] Une fois le scan terminé rends toi sur le bureau, deux rapports FRST.txt et Addition.txt ont été créés.
[*] Héberge les rapports FRST.txt et Addition.txt présent sur ton bureau sur : malekal.com
[*] Fais copier/coller les liens fournis dans ta prochaine réponse.
==> Aide: <<<ICI>>>
@+
Le lien du Addition.txt: http://pjjoint.malekal.com/files.php?id=20150302_r13j14t11l15i5
Le lien du FRST.txt : http://pjjoint.malekal.com/files.php?id=FRST_20150302_k8z15v9k6x12
Le lien du FRST.txt : http://pjjoint.malekal.com/files.php?id=FRST_20150302_k8z15v9k6x12
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
2 mars 2015 à 16:32
2 mars 2015 à 16:32
Re,
Ton PC est bien infecté! :-), on continue alors :
1/
Désinstalle depuis le panneau de configuration :
- Click Caption 1.10.0.5
- GamesDesktop
- omiga-plus uninstall
- PriceFountain
- Remote Desktop Access
- speed browser
- TV Wizard
- WinCheck
1/
Voici la correction à effectuer avec FRST.
[*] Appuies simultanément sur les touches Windows et R
[*] Une fenêtre va s'ouvrir, tape ceci : notepad
[*] Clic sur OK (Le bloc note va s'ouvrir)
[*] Coller le script en gras ci-dessous dans votre bloc-notes
start
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-18] (SysTool PasSame LIMITED) [File not signed]
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
() C:\Program Files (x86)\PenWes\dnshelper.exe
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1474.0.0.0\jsdrv.exe [3224576 2015-01-16] ()
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe /boot
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1474.0.0.0\jsdrv.exe [3224576 2015-01-16] ()
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe /boot
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\...\Run: [pricefountainw.exe] => E:\Users\TITI\AppData\Local\PriceFountain\pricefountainw.exe HKEY_CURRENT_USER Software\PriceFountain
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://v9search.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&aaa=aaa [Pays US - 50.22.218.160]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://v9search.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&aaa=aaa [Pays US - 50.22.218.160]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 50.22.218.160]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 50.22.218.160]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v9search.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&aaa=aaa [Pays US - 50.22.218.160]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v9search.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&aaa=aaa [Pays US - 50.22.218.160]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 50.22.218.160]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 50.22.218.160]
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://v9search.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&aaa=aaa [Pays US - 50.22.218.160]
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v9search.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&aaa=aaa [Pays US - 50.22.218.160]
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 50.22.218.160]
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 50.22.218.160]
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 50.22.218.160]
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = https://search.safefinder.com/?st=ds&q={searchTerms}&installDate=11/02/2014 [Pays US - 65.52.144.16]
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 50.22.218.160]
SearchScopes: HKU\S-1-5-21-2458395439-3934694091-1758401311-1004 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = https://search.safefinder.com/?st=ds&q={searchTerms} [Pays US - 65.52.144.16]
SearchScopes: HKU\S-1-5-21-2458395439-3934694091-1758401311-1004 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = https://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MCD32A31A-08FE-41AF-B3FE-2E531485B2FE&SearchSource=58&CUI=&UM=6&UP=SP7E1C666E-5A4F-4721-ABAE-BAB3931155B9&q={searchTerms}&SSPV=SE4BROWGB_sp_ie [Pays US - 199.101.113.79]
SearchScopes: HKU\S-1-5-21-2458395439-3934694091-1758401311-1004 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=7402902B343853A9&affID=127101&tsp=5259 [Pays US - 198.20.96.164]
SearchScopes: HKU\S-1-5-21-2458395439-3934694091-1758401311-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 50.22.218.160]
FF Plugin-x32: @tools.Software.com/Software Update;version=3 -> C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll (The Software Group)
FF Plugin-x32: @tools.Software.com/Software Update;version=9 -> C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll (The Software Group)
S2 Software_update; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408 2014-02-11] (The Software Group)
S3 Software_update_m; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408 2014-02-11] (The Software Group)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-18] (SysTool PasSame LIMITED) [File not signed]
R1 ccnfd_1_10_0_5; C:\Windows\System32\drivers\ccnfd_1_10_0_5.sys [58232 2014-12-12] (ClickCaption)
2015-02-27 14:38 - 2015-02-27 14:38 - 00000000 ____D () E:\Users\TITI\AppData\Local\speed browser
2015-02-27 14:38 - 2015-02-27 14:38 - 00000000 ____D () C:\Program Files (x86)\speed browser
2015-03-02 15:46 - 2014-02-11 20:41 - 00000914 _____ () C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job
2015-03-02 15:20 - 2013-12-18 15:20 - 00000288 _____ () C:\Windows\Tasks\MySearchDial.job
2015-03-01 20:46 - 2014-02-11 20:41 - 00000910 _____ () C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job
2013-12-18 15:20 - 2013-12-18 15:20 - 0351124 _____ () E:\Users\TITI\AppData\Local\mysearchdial-speeddial.crx
E:\Users\Public\AlexaNSISPlugin.5684.dll
E:\Users\TITI\worldpainter_1.2.0.exe
E:\Users\TITI\worldpainter_1.2.5.exe
end
[*] Une fois, le texte coller dans le bloc-note.
[*] Cliquez sur "Fichier" puis dans le menu déroulant sur "Enregistrer sous"
[*] A cette fenêtre cliquez sur "Bureau"
[*] Dans la zone de "Nom de fichier" tapez : fixlist puis validez en cliquant sur Enregistrer
[*] Sur votre bureau vous avec le fichier texte (fixlist.txt & FRST.exe)
[*] Lancez FRST, "exécuter en tant qu'administrateur" sous Windows Vista, Windows Seven et Windows 8/8.1
[*] Cliquez sur "Fix"
[*] Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.
[*] Redémarre l'ordinateur.
[*] ===> Aide : <<<ICI>>>
3/
Réinitialiser et refaire le paramétrage de tes navigateurs puis supprimer/désactiver les extensions inutiles/parasites :
* Internet Explorer : modules complémentaires / moteurs de recherche : https://forum.malekal.com/viewtopic.php?t=41399&start=
* Firefox : https://www.malekal.com/reparer-firefox/?t=36057&start=
* Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=
4/
https://www.malwarebytes.com/mwb-download/
=================================
Si tu as besoin d'aide tu peux voir ce tutoriel : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
@+
Ton PC est bien infecté! :-), on continue alors :
1/
Désinstalle depuis le panneau de configuration :
- Click Caption 1.10.0.5
- GamesDesktop
- omiga-plus uninstall
- PriceFountain
- Remote Desktop Access
- speed browser
- TV Wizard
- WinCheck
1/
Voici la correction à effectuer avec FRST.
[*] Appuies simultanément sur les touches Windows et R
[*] Une fenêtre va s'ouvrir, tape ceci : notepad
[*] Clic sur OK (Le bloc note va s'ouvrir)
[*] Coller le script en gras ci-dessous dans votre bloc-notes
start
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-18] (SysTool PasSame LIMITED) [File not signed]
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
() C:\Program Files (x86)\PenWes\dnshelper.exe
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1474.0.0.0\jsdrv.exe [3224576 2015-01-16] ()
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe /boot
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1474.0.0.0\jsdrv.exe [3224576 2015-01-16] ()
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe /boot
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\...\Run: [pricefountainw.exe] => E:\Users\TITI\AppData\Local\PriceFountain\pricefountainw.exe HKEY_CURRENT_USER Software\PriceFountain
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://v9search.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&aaa=aaa [Pays US - 50.22.218.160]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://v9search.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&aaa=aaa [Pays US - 50.22.218.160]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 50.22.218.160]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 50.22.218.160]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v9search.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&aaa=aaa [Pays US - 50.22.218.160]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v9search.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&aaa=aaa [Pays US - 50.22.218.160]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 50.22.218.160]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 50.22.218.160]
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://v9search.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&aaa=aaa [Pays US - 50.22.218.160]
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://v9search.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&aaa=aaa [Pays US - 50.22.218.160]
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 50.22.218.160]
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 50.22.218.160]
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 50.22.218.160]
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = https://search.safefinder.com/?st=ds&q={searchTerms}&installDate=11/02/2014 [Pays US - 65.52.144.16]
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 50.22.218.160]
SearchScopes: HKU\S-1-5-21-2458395439-3934694091-1758401311-1004 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = https://search.safefinder.com/?st=ds&q={searchTerms} [Pays US - 65.52.144.16]
SearchScopes: HKU\S-1-5-21-2458395439-3934694091-1758401311-1004 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = https://www.trovi.com/?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MCD32A31A-08FE-41AF-B3FE-2E531485B2FE&SearchSource=58&CUI=&UM=6&UP=SP7E1C666E-5A4F-4721-ABAE-BAB3931155B9&q={searchTerms}&SSPV=SE4BROWGB_sp_ie [Pays US - 199.101.113.79]
SearchScopes: HKU\S-1-5-21-2458395439-3934694091-1758401311-1004 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=7402902B343853A9&affID=127101&tsp=5259 [Pays US - 198.20.96.164]
SearchScopes: HKU\S-1-5-21-2458395439-3934694091-1758401311-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 50.22.218.160]
FF Plugin-x32: @tools.Software.com/Software Update;version=3 -> C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll (The Software Group)
FF Plugin-x32: @tools.Software.com/Software Update;version=9 -> C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll (The Software Group)
S2 Software_update; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408 2014-02-11] (The Software Group)
S3 Software_update_m; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408 2014-02-11] (The Software Group)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-18] (SysTool PasSame LIMITED) [File not signed]
R1 ccnfd_1_10_0_5; C:\Windows\System32\drivers\ccnfd_1_10_0_5.sys [58232 2014-12-12] (ClickCaption)
2015-02-27 14:38 - 2015-02-27 14:38 - 00000000 ____D () E:\Users\TITI\AppData\Local\speed browser
2015-02-27 14:38 - 2015-02-27 14:38 - 00000000 ____D () C:\Program Files (x86)\speed browser
2015-03-02 15:46 - 2014-02-11 20:41 - 00000914 _____ () C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job
2015-03-02 15:20 - 2013-12-18 15:20 - 00000288 _____ () C:\Windows\Tasks\MySearchDial.job
2015-03-01 20:46 - 2014-02-11 20:41 - 00000910 _____ () C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job
2013-12-18 15:20 - 2013-12-18 15:20 - 0351124 _____ () E:\Users\TITI\AppData\Local\mysearchdial-speeddial.crx
E:\Users\Public\AlexaNSISPlugin.5684.dll
E:\Users\TITI\worldpainter_1.2.0.exe
E:\Users\TITI\worldpainter_1.2.5.exe
end
[*] Une fois, le texte coller dans le bloc-note.
[*] Cliquez sur "Fichier" puis dans le menu déroulant sur "Enregistrer sous"
[*] A cette fenêtre cliquez sur "Bureau"
[*] Dans la zone de "Nom de fichier" tapez : fixlist puis validez en cliquant sur Enregistrer
[*] Sur votre bureau vous avec le fichier texte (fixlist.txt & FRST.exe)
[*] Lancez FRST, "exécuter en tant qu'administrateur" sous Windows Vista, Windows Seven et Windows 8/8.1
[*] Cliquez sur "Fix"
[*] Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.
[*] Redémarre l'ordinateur.
[*] ===> Aide : <<<ICI>>>
3/
Réinitialiser et refaire le paramétrage de tes navigateurs puis supprimer/désactiver les extensions inutiles/parasites :
* Internet Explorer : modules complémentaires / moteurs de recherche : https://forum.malekal.com/viewtopic.php?t=41399&start=
* Firefox : https://www.malekal.com/reparer-firefox/?t=36057&start=
* Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=
4/
- Télécharge MBAM et installe le selon l'emplacement par défaut
https://www.malwarebytes.com/mwb-download/
- Mets le à jour puis lance un examen "Menaces".
- coche "Recherche de rootkits" (Paramètres -> Détection et protection)
- A la fin du scan, clic sur "Mettre tous en quarantaine" en bas à gauche.
- Redémarre l'ordinateur si besoin.
- Après redémarrage, relance Malwarebytes.
- Vas chercher le rapport dans l'onglet "Historique".
- Clic à gauche sur l'onglet Journaux de l'application.
- Double-clic sur le journal d'examen pour l'afficher.
- En bas à gauche choisis "Copier dans le presse papier"
- colle le rapport le contenu du journal ici
=================================
Si tu as besoin d'aide tu peux voir ce tutoriel : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
@+
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
1 318
2 mars 2015 à 16:54
2 mars 2015 à 16:54
Ce n'est pas un problème, tu peux passer aux procédures qui suivent! :-)
thibaut3000
>
Fish66
Messages postés
17505
Date d'inscription
dimanche 24 juillet 2011
Statut
Contributeur sécurité
Dernière intervention
16 juin 2021
2 mars 2015 à 18:26
2 mars 2015 à 18:26
PC planté
thibaut3000
Messages postés
1
Date d'inscription
lundi 2 mars 2015
Statut
Membre
Dernière intervention
2 mars 2015
2 mars 2015 à 18:37
2 mars 2015 à 18:37
PC planté !!
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-03-2015
Ran by TITI at 2015-03-02 16:57:35 Run:1
Running from E:\Users\TITI\Desktop
Loaded Profiles: TITI (Available profiles: TITI)
Boot Mode: Normal
==============================================
Content of fixlist:
start
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-18] (SysTool PasSame LIMITED) [File not signed]
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
() C:\Program Files (x86)\PenWes\dnshelper.exe
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1474.0.0.0\jsdrv.exe [3224576 2015-01-16] ()
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe /boot
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1474.0.0.0\jsdrv.exe [3224576 2015-01-16] ()
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe /boot
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\...\Run: [pricefountainw.exe] => E:\Users\TITI\AppData\Local\PriceFountain\pricefountainw.exe HKEY_CURRENT_USER Software\PriceFountain
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617 [Pays US - 50.22.218.160]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617 [Pays US - 50.22.218.160]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&q={searchTerms} [Pays US - 50.22.218.160]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&q={searchTerms} [Pays US - 50.22.218.160]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617 [Pays US - 50.22.218.160]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617 [Pays US - 50.22.218.160]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&q={searchTerms} [Pays US - 50.22.218.160]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&q={searchTerms} [Pays US - 50.22.218.160]
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617 [Pays US - 50.22.218.160]
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617 [Pays US - 50.22.218.160]
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&q={searchTerms} [Pays US - 50.22.218.160]
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&q={searchTerms} [Pays US - 50.22.218.160]
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&q={searchTerms} [Pays US - 50.22.218.160]
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=FR&userid=a9c17281-6f46-f6a1-5635-9cb33c467e10&searchtype=ds&q={searchTerms}&installDate=11/02/2014 [Pays US - 65.52.144.16]
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&q={searchTerms} [Pays US - 50.22.218.160]
SearchScopes: HKU\S-1-5-21-2458395439-3934694091-1758401311-1004 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/...{searchTerms} [Pays US - 65.52.144.16]
SearchScopes: HKU\S-1-5-21-2458395439-3934694091-1758401311-1004 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MCD32A31A-08FE-41AF-B3FE-2E531485B2FE&SearchSource=58&CUI=&UM=6&UP=SP7E1C666E-5A4F-4721-ABAE-BAB3931155B9&q={searchTerms}&SSPV=SE4BROWGB_sp_ie [Pays US - 199.101.113.79]
SearchScopes: HKU\S-1-5-21-2458395439-3934694091-1758401311-1004 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=7402902B343853A9&affID=127101&tsp=5259 [Pays US - 198.20.96.164]
SearchScopes: HKU\S-1-5-21-2458395439-3934694091-1758401311-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&q={searchTerms} [Pays US - 50.22.218.160]
FF Plugin-x32: @tools.Software.com/Software Update;version=3 -> C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll (The Software Group)
FF Plugin-x32: @tools.Software.com/Software Update;version=9 -> C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll (The Software Group)
S2 Software_update; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408 2014-02-11] (The Software Group)
S3 Software_update_m; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408 2014-02-11] (The Software Group)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-18] (SysTool PasSame LIMITED) [File not signed]
R1 ccnfd_1_10_0_5; C:\Windows\System32\drivers\ccnfd_1_10_0_5.sys [58232 2014-12-12] (ClickCaption)
2015-02-27 14:38 - 2015-02-27 14:38 - 00000000 ____D () E:\Users\TITI\AppData\Local\speed browser
2015-02-27 14:38 - 2015-02-27 14:38 - 00000000 ____D () C:\Program Files (x86)\speed browser
2015-03-02 15:46 - 2014-02-11 20:41 - 00000914 _____ () C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job
2015-03-02 15:20 - 2013-12-18 15:20 - 00000288 _____ () C:\Windows\Tasks\MySearchDial.job
2015-03-01 20:46 - 2014-02-11 20:41 - 00000910 _____ () C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job
2013-12-18 15:20 - 2013-12-18 15:20 - 0351124 _____ () E:\Users\TITI\AppData\Local\mysearchdial-speeddial.crx
E:\Users\Public\AlexaNSISPlugin.5684.dll
E:\Users\TITI\worldpainter_1.2.0.exe
E:\Users\TITI\worldpainter_1.2.5.exe
end
[1516] C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe => Process closed successfully.
WindowsMangerProtect => Service stopped successfully.
WindowsMangerProtect => Service deleted successfully.
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe => Moved successfully.
[2792] C:\Program Files (x86)\PenWes\dnshelper.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SPDriver => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value deleted successfully.
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\Software\Microsoft\Windows\CurrentVersion\Run\\SPDriver => value deleted successfully.
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value deleted successfully.
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\Software\Microsoft\Windows\CurrentVersion\Run\\pricefountainw.exe => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
"HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
"HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
"HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.Software.com/Software Update;version=3" => Key deleted successfully.
C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.Software.com/Software Update;version=9" => Key deleted successfully.
C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll not found.
Software_update => Service deleted successfully.
Software_update_m => Service deleted successfully.
WindowsMangerProtect => Service not found.
ccnfd_1_10_0_5 => Unable to stop service
ccnfd_1_10_0_5 => Service deleted successfully.
"2015-02-27 14:38 - 2015-02-27 14:38 - 00000000 ____D () E:\Users\TITI\AppData\Local\speed browser" => File/Directory not found.
C:\Program Files (x86)\speed browser => Moved successfully.
C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\MySearchDial.job => Moved successfully.
C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job => Moved successfully.
"2013-12-18 15:20 - 2013-12-18 15:20 - 0351124 _____ () E:\Users\TITI\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
E:\Users\Public\AlexaNSISPlugin.5684.dll => Moved successfully.
E:\Users\TITI\worldpainter_1.2.0.exe => Moved successfully.
E:\Users\TITI\worldpainter_1.2.5.exe => Moved successfully.
The system needed a reboot.
Ran by TITI at 2015-03-02 16:57:35 Run:1
Running from E:\Users\TITI\Desktop
Loaded Profiles: TITI (Available profiles: TITI)
Boot Mode: Normal
==============================================
Content of fixlist:
start
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-18] (SysTool PasSame LIMITED) [File not signed]
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
() C:\Program Files (x86)\PenWes\dnshelper.exe
HKLM-x32\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1474.0.0.0\jsdrv.exe [3224576 2015-01-16] ()
HKLM-x32\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe /boot
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\...\Run: [SPDriver] => C:\Program Files (x86)\ShopperPro\JSDriver\1474.0.0.0\jsdrv.exe [3224576 2015-01-16] ()
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\...\Run: [YTDownloader] => C:\Program Files (x86)\YTDownloader\YTDownloader.exe /boot
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\...\Run: [pricefountainw.exe] => E:\Users\TITI\AppData\Local\PriceFountain\pricefountainw.exe HKEY_CURRENT_USER Software\PriceFountain
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617 [Pays US - 50.22.218.160]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617 [Pays US - 50.22.218.160]
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&q={searchTerms} [Pays US - 50.22.218.160]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type=ds&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&q={searchTerms} [Pays US - 50.22.218.160]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617 [Pays US - 50.22.218.160]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617 [Pays US - 50.22.218.160]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&q={searchTerms} [Pays US - 50.22.218.160]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&q={searchTerms} [Pays US - 50.22.218.160]
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617 [Pays US - 50.22.218.160]
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617 [Pays US - 50.22.218.160]
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&q={searchTerms} [Pays US - 50.22.218.160]
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&q={searchTerms} [Pays US - 50.22.218.160]
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&q={searchTerms} [Pays US - 50.22.218.160]
SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuTU&co=FR&userid=a9c17281-6f46-f6a1-5635-9cb33c467e10&searchtype=ds&q={searchTerms}&installDate=11/02/2014 [Pays US - 65.52.144.16]
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&q={searchTerms} [Pays US - 50.22.218.160]
SearchScopes: HKU\S-1-5-21-2458395439-3934694091-1758401311-1004 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/...{searchTerms} [Pays US - 65.52.144.16]
SearchScopes: HKU\S-1-5-21-2458395439-3934694091-1758401311-1004 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3324764&octid=EB_ORIGINAL_CTID&ISID=MCD32A31A-08FE-41AF-B3FE-2E531485B2FE&SearchSource=58&CUI=&UM=6&UP=SP7E1C666E-5A4F-4721-ABAE-BAB3931155B9&q={searchTerms}&SSPV=SE4BROWGB_sp_ie [Pays US - 199.101.113.79]
SearchScopes: HKU\S-1-5-21-2458395439-3934694091-1758401311-1004 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.buenosearch.com/?q={searchTerms}&babsrc=SP_ss&mntrId=7402902B343853A9&affID=127101&tsp=5259 [Pays US - 198.20.96.164]
SearchScopes: HKU\S-1-5-21-2458395439-3934694091-1758401311-1004 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://isearch.omiga-plus.com/web/?type=ds&ts=1421570354&from=tugs&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S373361733617&q={searchTerms} [Pays US - 50.22.218.160]
FF Plugin-x32: @tools.Software.com/Software Update;version=3 -> C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll (The Software Group)
FF Plugin-x32: @tools.Software.com/Software Update;version=9 -> C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll (The Software Group)
S2 Software_update; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408 2014-02-11] (The Software Group)
S3 Software_update_m; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408 2014-02-11] (The Software Group)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-18] (SysTool PasSame LIMITED) [File not signed]
R1 ccnfd_1_10_0_5; C:\Windows\System32\drivers\ccnfd_1_10_0_5.sys [58232 2014-12-12] (ClickCaption)
2015-02-27 14:38 - 2015-02-27 14:38 - 00000000 ____D () E:\Users\TITI\AppData\Local\speed browser
2015-02-27 14:38 - 2015-02-27 14:38 - 00000000 ____D () C:\Program Files (x86)\speed browser
2015-03-02 15:46 - 2014-02-11 20:41 - 00000914 _____ () C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job
2015-03-02 15:20 - 2013-12-18 15:20 - 00000288 _____ () C:\Windows\Tasks\MySearchDial.job
2015-03-01 20:46 - 2014-02-11 20:41 - 00000910 _____ () C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job
2013-12-18 15:20 - 2013-12-18 15:20 - 0351124 _____ () E:\Users\TITI\AppData\Local\mysearchdial-speeddial.crx
E:\Users\Public\AlexaNSISPlugin.5684.dll
E:\Users\TITI\worldpainter_1.2.0.exe
E:\Users\TITI\worldpainter_1.2.5.exe
end
[1516] C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe => Process closed successfully.
WindowsMangerProtect => Service stopped successfully.
WindowsMangerProtect => Service deleted successfully.
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe => Moved successfully.
[2792] C:\Program Files (x86)\PenWes\dnshelper.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SPDriver => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value deleted successfully.
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\Software\Microsoft\Windows\CurrentVersion\Run\\SPDriver => value deleted successfully.
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\Software\Microsoft\Windows\CurrentVersion\Run\\YTDownloader => value deleted successfully.
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\Software\Microsoft\Windows\CurrentVersion\Run\\pricefountainw.exe => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => Key not found.
"HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
"HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}" => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
"HKU\S-1-5-21-2458395439-3934694091-1758401311-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.Software.com/Software Update;version=3" => Key deleted successfully.
C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll => Moved successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.Software.com/Software Update;version=9" => Key deleted successfully.
C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll not found.
Software_update => Service deleted successfully.
Software_update_m => Service deleted successfully.
WindowsMangerProtect => Service not found.
ccnfd_1_10_0_5 => Unable to stop service
ccnfd_1_10_0_5 => Service deleted successfully.
"2015-02-27 14:38 - 2015-02-27 14:38 - 00000000 ____D () E:\Users\TITI\AppData\Local\speed browser" => File/Directory not found.
C:\Program Files (x86)\speed browser => Moved successfully.
C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\MySearchDial.job => Moved successfully.
C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job => Moved successfully.
"2013-12-18 15:20 - 2013-12-18 15:20 - 0351124 _____ () E:\Users\TITI\AppData\Local\mysearchdial-speeddial.crx" => File/Directory not found.
E:\Users\Public\AlexaNSISPlugin.5684.dll => Moved successfully.
E:\Users\TITI\worldpainter_1.2.0.exe => Moved successfully.
E:\Users\TITI\worldpainter_1.2.5.exe => Moved successfully.
The system needed a reboot.
2 mars 2015 à 16:02
du FRST.txt : http://pjjoint.malekal.com/files.php?id=FRST_20150302_k8z15v9k6x12