Sujet Précédent Sujet Suivant

Logiciel qui s'installent en boucle

Fermé
gregoroux - 9 avril 2015 à 22:29
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 10 avril 2015 à 12:05
Bonjour à tous,

d'abord merci à ceux qui voudront bien m'aider à ce sujet.
J'ai des logiciels hyper chiants qui s'installent en permanence sur mon ordinateur.
Après quelques recherche sur forum j'ai donc tenté adw cleaner, malware et j'ai un rapport ZHP diag joint: http://cjoint.com/?EDjwKUDbPPU
Ces solutions fonctionnent pendant 5 minutes avant une nouvelle vague d'installation.

Merci de votre aide.
A voir également:

4 réponses

Réponse 1 / 4
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
9 avril 2015 à 22:32
Salut,

Tu as installé des adwares et programmes parasites sur ton PC qui ouvrent des publicités et ralentissent l'ordinateur et les navigateurs WEB.
Voici la procédure à suivre pour les supprimer :

Commence par ceci :

Suis le tutorial AdwCleaner https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= ( d'Xplode )
Télécharge le sur ton bureau ou dossier de téléchargement.
Lance AdwCleaner, clique sur [Scanner].
L'analyse peux durer plusieurs minutes, patiente.
Une fois le scan terminé, ne décoche rien, clique sur [Nettoyer]

Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt


puis :

Suis ce tutoriel FRST: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
(et bien prendre le temps de lire afin d'appliquer correctement - tout y est expliqué).
Télécharge et lance le scan FRST, cela va générer trois rapports FRST :
  • FRST.txt
  • Shortcut.txt
  • Additionnal.txt


Envoie, comme expliqué, ces trois rapports sur le site http://pjjoint.malekal.com et en retour donne les trois liens pjjoint qui mènent à ses rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.


0
gregoroux
10 avril 2015 à 11:10
# AdwCleaner v4.201 - Rapport créé le 10/04/2015 à 10:55:16
# Mis à jour le 08/04/2015 par Xplode
# Base de données : 2015-04-08.1 [Serveur]
# Système d'exploitation : Windows 7 Enterprise Service Pack 1 (x86)
# Nom d'utilisateur : leman124228 - ESC-121178
# Exécuté depuis : D:\Downloads\adwcleaner_4.201.exe
# Option : Nettoyer
          • [ Services ] *****


[#] Service Supprimé : globalUpdate
[#] Service Supprimé : globalUpdatem
[#] Service Supprimé : IHProtect Service
[#] Service Supprimé : WindowsMangerProtect
[#] Service Supprimé : 9e9a4942
[#] Service Supprimé : innfd_1_10_0_13
          • [ Fichiers / Dossiers ] *****


Dossier Supprimé : C:\ProgramData\WindowsMangerProtect
Dossier Supprimé : C:\ProgramData\IHProtectUpDate
Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Dossier Supprimé : C:\Program Files\globalUpdate
Dossier Supprimé : C:\Program Files\XTab
Dossier Supprimé : C:\Program Files\igs
Dossier Supprimé : C:\Program Files\gmsd_fr_407
Dossier Supprimé : C:\Program Files\Optimizer Pro 3.79
Dossier Supprimé : C:\Windows\system32\config\systemprofile\AppData\Local\StormWatch
Dossier Supprimé : C:\Windows\system32\config\systemprofile\AppData\Local\VCL
Dossier Supprimé : C:\Users\leman124228\AppData\Local\globalUpdate
Dossier Supprimé : C:\Users\leman124228\AppData\Local\SmartWeb
Dossier Supprimé : C:\Users\leman124228\AppData\Local\gmsd_fr_407
Dossier Supprimé : C:\Users\leman124228\AppData\LocalLow\SmartWeb
Dossier Supprimé : C:\Users\leman124228\AppData\Roaming\istartsurf
Dossier Supprimé : C:\Users\leman124228\AppData\Roaming\Nosibay
Dossier Supprimé : C:\Users\leman124228\AppData\Roaming\Store
Dossier Supprimé : C:\Users\leman124228\AppData\Roaming\WTools
Dossier Supprimé : C:\Users\leman124228\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bubble Dock
Dossier Supprimé : C:\Users\leman124228\AppData\Local\Google\Chrome\User Data\Default\Extensions\papbadoldddalgcjcicnikcfenodpghp
Fichier Supprimé : C:\Users\leman124228\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0.localstorage
Fichier Supprimé : C:\Users\leman124228\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0.localstorage-journal
Fichier Supprimé : C:\Users\leman124228\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_papbadoldddalgcjcicnikcfenodpghp_0
Fichier Supprimé : C:\Users\leman124228\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\papbadoldddalgcjcicnikcfenodpghp
Fichier Supprimé : C:\END
Fichier Supprimé : C:\Users\Public\Desktop\crossbrowse.lnk
Fichier Supprimé : C:\Users\LEMAN1~1\AppData\Local\Temp\Uninstall.exe
Fichier Supprimé : d:\Desktop\Optimizer Pro.lnk
Fichier Supprimé : C:\Users\leman124228\AppData\Roaming\Bubble Dock.boostrap.log
Fichier Supprimé : C:\Users\leman124228\AppData\Roaming\Bubble Dock.installation.log
Fichier Supprimé : C:\Users\leman124228\AppData\Roaming\Selection Tools.installation.log
Fichier Supprimé : C:\Users\leman124228\AppData\Roaming\WindApp.boostrap.log
Fichier Supprimé : C:\Users\leman124228\AppData\Roaming\WindApp.installation.log
Fichier Supprimé : C:\Users\leman124228\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\crossbrowse.lnk
Fichier Supprimé : C:\Users\leman124228\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\crossbrowse.lnk
Fichier Supprimé : C:\Users\leman124228\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk
Fichier Supprimé : C:\Users\leman124228\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
Fichier Supprimé : C:\Users\leman124228\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.webssearches.com_0.localstorage
Fichier Supprimé : C:\Users\leman124228\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.webssearches.com_0.localstorage-journal
Fichier Supprimé : C:\Users\leman124228\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage
Fichier Supprimé : C:\Users\leman124228\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.istartsurf.com_0.localstorage-journal
          • [ Tâches planifiées ] *****


Tâche Supprimée : Crossbrowse
Tâche Supprimée : globalUpdateUpdateTaskMachineCore
Tâche Supprimée : globalUpdateUpdateTaskMachineUA
Tâche Supprimée : SmartWeb Upgrade Trigger Task
Tâche Supprimée : 2e766f80-4cec-4ea5-9a8e-81abb36d6dff-1-6
Tâche Supprimée : 2e766f80-4cec-4ea5-9a8e-81abb36d6dff-1-7
Tâche Supprimée : 2e766f80-4cec-4ea5-9a8e-81abb36d6dff-10_user
Tâche Supprimée : 2e766f80-4cec-4ea5-9a8e-81abb36d6dff-3
Tâche Supprimée : 2e766f80-4cec-4ea5-9a8e-81abb36d6dff-5
Tâche Supprimée : 2e766f80-4cec-4ea5-9a8e-81abb36d6dff-5_user
Tâche Supprimée : 2e766f80-4cec-4ea5-9a8e-81abb36d6dff-6
Tâche Supprimée : 2e766f80-4cec-4ea5-9a8e-81abb36d6dff-7
          • [ Raccourcis ] *****


Raccourci Désinfecté : d:\Desktop\chrome.lnk
Raccourci Désinfecté : d:\Desktop\Internet Explorer.lnk
Raccourci Désinfecté : d:\Desktop\Lanceur d'applications Google Chrome.lnk
Raccourci Désinfecté : C:\Users\leman124228\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Raccourci Désinfecté : C:\Users\leman124228\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Lanceur d'applications Google Chrome.lnk
Raccourci Désinfecté : C:\Users\leman124228\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Applications Chrome\Adblock Plus.lnk
Raccourci Désinfecté : C:\Users\leman124228\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Raccourci Désinfecté : C:\Users\leman124228\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
          • [ Registre ] *****


Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Bubble Dock]
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [WindApp]
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Selection Tools]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SmartWeb]
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_fr_407]
Clé Supprimée : HKLM\SOFTWARE\86411c07-1dc1-c4e3-55f6-76f04663b8d0
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Donnée Restaurée : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Clé Supprimée : HKCU\Software\GlobalUpdate
Clé Supprimée : HKCU\Software\InstalledBrowserExtensions
Clé Supprimée : HKCU\Software\Nosibay
Clé Supprimée : HKCU\Software\Optimizer Pro
Clé Supprimée : HKCU\Software\Store
Clé Supprimée : HKCU\Software\Tutorials
Clé Supprimée : HKCU\Software\TutoTag
Clé Supprimée : HKCU\Software\GAMESDESKTOP
Clé Supprimée : HKCU\Software\WTools
Clé Supprimée : HKCU\Software\CrossBrowser
Clé Supprimée : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartWeb
Clé Supprimée : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Clé Supprimée : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Clé Supprimée : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Clé Supprimée : HKLM\SOFTWARE\GlobalUpdate
Clé Supprimée : HKLM\SOFTWARE\InstalledBrowserExtensions
Clé Supprimée : HKLM\SOFTWARE\istartsurfSoftware
Clé Supprimée : HKLM\SOFTWARE\SupDp
Clé Supprimée : HKLM\SOFTWARE\SupTab
Clé Supprimée : HKLM\SOFTWARE\Tutorials
Clé Supprimée : HKLM\SOFTWARE\GAMESDESKTOP
Clé Supprimée : HKLM\SOFTWARE\IHProtect
Clé Supprimée : HKLM\SOFTWARE\IGS
Clé Supprimée : HKLM\SOFTWARE\Crossbrowse
Clé Supprimée : HKU\.DEFAULT\Software\Boxore
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Bubble Dock
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\windapp
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Selection Tools
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\igsc
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IGS
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossbrowse
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_fr_407_is1
          • [ Navigateurs ] *****


-\\ Internet Explorer v11.0.9600.17689

Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v38.0.2125.111

[C:\Users\leman124228\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Supprimée [Homepage] : hxxp://www.istartsurf.com/?type=hp&ts=1428655576&from=brd&uid=HitachiXHTS723232A7A364_E3834563E68RRME68RRMX
[C:\Users\leman124228\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Supprimée [Startup_URLs] : hxxp://www.istartsurf.com/?type=hp&ts=1428655576&from=brd&uid=HitachiXHTS723232A7A364_E3834563E68RRME68RRMX
[C:\Users\leman124228\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Supprimée [Default_Search_Provider_Data] : hxxp://www.istartsurf.com/web/?type=ds&ts=1428655576&from=brd&uid=HitachiXHTS723232A7A364_E3834563E68RRME68RRMX&q={searchTerms}

-\\ Chromium v


-\\ Opera v0.0.0.0


AdwCleaner[R0].txt - [55599 octets] - [06/04/2015 20:20:24]
AdwCleaner[R10].txt - [12373 octets] - [08/04/2015 21:44:28]
AdwCleaner[R11].txt - [18748 octets] - [08/04/2015 23:02:54]
AdwCleaner[R12].txt - [9753 octets] - [08/04/2015 23:58:13]
AdwCleaner[R13].txt - [9480 octets] - [09/04/2015 00:02:32]
AdwCleaner[R14].txt - [6081 octets] - [09/04/2015 20:57:04]
AdwCleaner[R15].txt - [20877 octets] - [09/04/2015 22:31:52]
AdwCleaner[R16].txt - [19025 octets] - [10/04/2015 10:49:29]
AdwCleaner[R1].txt - [15018 octets] - [06/04/2015 23:33:38]
AdwCleaner[R2].txt - [15765 octets] - [06/04/2015 23:45:05]
AdwCleaner[R3].txt - [9898 octets] - [07/04/2015 00:35:39]
AdwCleaner[R4].txt - [1519 octets] - [07/04/2015 08:43:11]
AdwCleaner[R5].txt - [1414 octets] - [07/04/2015 08:52:09]
AdwCleaner[R6].txt - [13870 octets] - [04/07/2015 17:34:20]
AdwCleaner[R7].txt - [1620 octets] - [04/07/2015 17:57:05]
AdwCleaner[R8].txt - [10995 octets] - [04/07/2015 19:32:50]
AdwCleaner[R9].txt - [4604 octets] - [04/07/2015 23:25:32]
AdwCleaner[S0].txt - [16479 octets] - [06/04/2015 20:22:24]
AdwCleaner[S10].txt - [1034 octets] - [09/04/2015 00:00:31]
AdwCleaner[S11].txt - [9153 octets] - [09/04/2015 00:03:55]
AdwCleaner[S12].txt - [6040 octets] - [09/04/2015 20:58:04]
AdwCleaner[S13].txt - [19892 octets] - [09/04/2015 22:33:11]
AdwCleaner[S14].txt - [17481 octets] - [10/04/2015 10:55:16]
AdwCleaner[S1].txt - [14786 octets] - [06/04/2015 23:48:34]
AdwCleaner[S2].txt - [8961 octets] - [07/04/2015 00:37:26]
AdwCleaner[S3].txt - [1409 octets] - [07/04/2015 08:44:47]
AdwCleaner[S4].txt - [1482 octets] - [07/04/2015 08:54:45]
AdwCleaner[S5].txt - [13917 octets] - [04/07/2015 17:35:52]
AdwCleaner[S6].txt - [10362 octets] - [04/07/2015 19:34:43]
AdwCleaner[S7].txt - [4766 octets] - [04/07/2015 23:29:30]
AdwCleaner[S8].txt - [11787 octets] - [08/04/2015 21:46:16]
AdwCleaner[S9].txt - [17881 octets] - [08/04/2015 23:04:10]

########## EOF - C:\AdwCleaner\AdwCleaner[S14].txt - [18088 octets] ##########
0
gregoroux
10 avril 2015 à 11:21
Shortcut : http://pjjoint.malekal.com/files.php?id=20150410_u9m5u8o12q11
FRST : http://pjjoint.malekal.com/files.php?id=20150410_s11g9v14z6n15
Addition : http://pjjoint.malekal.com/files.php?id=20150410_y9c7b7r11s7
Voilà tous les rapports merci de ton aide.
0
Réponse 2 / 4
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
10 avril 2015 à 11:42
Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :

R2 beviwojy; C:\Users\leman124228\AppData\Local\C7986848-1428362604-11E1-A422-66C45900006B\snswA29A.tmp [227328 2015-04-06] () [File not signed]
R2 durowigy; C:\Users\leman124228\AppData\Local\C7986848-1428453131-11E1-A422-66C45900006B\insb724.tmp [115712 2015-04-08] () [File not signed]
R2 fenesufi; C:\Users\leman124228\AppData\Local\C7986848-1428616706-11E1-A422-66C45900006B\insm9C61.tmp [115712 2015-04-09] () [File not signed]
R2 gekofyze; C:\Users\leman124228\AppData\Local\C7986848-1428536252-11E1-A422-66C45900006B\insr9F2.tmp [115712 2015-04-08] () [File not signed]
R2 konureno; C:\Users\leman124228\AppData\Local\C7986848-1428362582-11E1-A422-66C45900006B\cnsw5BEC.tmp [163328 2015-04-06] () [File not signed]
R2 myxoqure; C:\Users\leman124228\AppData\Local\C7986848-1428605760-11E1-A422-66C45900006B\insb3304.tmp [115200 2015-04-09] () [File not signed]
R2 pylywusy; C:\Users\leman124228\AppData\Roaming\C7986848-1428355145-11E1-A422-66C45900006B\jnsaFE6D.tmp [131584 2015-04-06] () [File not signed]
R2 qynolozo; C:\Users\leman124228\AppData\Local\C7986848-1428366144-11E1-A422-66C45900006B\inshD4A0.tmp [156672 2015-04-07] () [File not signed]
R2 remezyru; C:\Users\leman124228\AppData\Roaming\C7986848-1428355145-11E1-A422-66C45900006B\nsw3EEF.tmp [296960 2015-04-09] () [File not signed]
R2 tudonyru; C:\Users\leman124228\AppData\Local\C7986848-1433421607-11E1-A422-66C45900006B\insyA3FF.tmp [115200 2015-06-04] () [File not signed]
2015-07-04 20:11 - 2015-07-04 20:11 - 00613255 _____ (CMI Limited) C:\Users\leman124228\AppData\Local\nsi3B8B.tmp
2015-07-04 19:04 - 2015-07-04 19:04 - 00613255 _____ (CMI Limited) C:\Users\leman124228\AppData\Local\nsx9678.tmp
2015-07-04 19:03 - 2015-07-04 19:03 - 00000000 _____ () C:\Windows\system32\Number of results
2015-07-04 18:12 - 2015-04-09 22:40 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-07-04 18:10 - 2015-07-04 18:10 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1436033410-11E1-A422-66C45900006B
2015-06-04 12:51 - 2015-06-04 16:51 - 00000000 ____D () C:\ProgramData\T122078ED
2015-06-04 12:47 - 2015-07-04 20:10 - 00000000 ____D () C:\Program Files\e96b562f-b6b9-4ec7-a3bb-493ec1af3248
2015-06-04 12:47 - 2015-04-10 11:07 - 00001710 _____ () C:\Windows\Tasks\TNMHRMOH.job
2015-06-04 12:40 - 2015-07-04 20:10 - 00000000 ____D () C:\Program Files\2e31ee0d-6429-42b4-8129-7539b907feff
2015-06-04 12:40 - 2015-06-04 12:40 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1433421607-11E1-A422-66C45900006B
2015-06-04 12:40 - 2015-04-10 11:07 - 00001360 _____ () C:\Windows\Tasks\GXALK.job
2015-04-10 10:46 - 2015-04-10 11:07 - 00000000 ____D () C:\ProgramData\{52093ed3-ae81-68f7-5209-93ed3ae8fb4e}
2015-04-09 23:06 - 2015-04-09 23:08 - 00000000 ____D () C:\Program Files\Cinema PlusV09.04
2015-04-09 23:06 - 2015-04-09 23:06 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1428620778-11E1-A422-66C45900006B
2015-04-09 22:20 - 2015-04-09 22:20 - 00000000 ____D () C:\Users\leman124228\AppData\Roaming\Optimizer Pro
2015-04-09 22:14 - 2015-04-10 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2015-04-09 22:14 - 2015-04-09 22:34 - 00000000 ____D () C:\ProgramData\{39876f9c-e763-b50a-3987-76f9ce76be73}
2015-04-09 22:00 - 2015-04-09 22:00 - 00613255 _____ (CMI Limited) C:\Users\leman124228\AppData\Local\nsc7AA3.tmp
2015-04-09 21:59 - 2015-04-10 11:07 - 00001710 _____ () C:\Windows\Tasks\RRUHLZSQ.job
2015-04-09 21:59 - 2015-04-09 23:08 - 00000000 ____D () C:\Program Files\dce1daef-773c-4fec-8b3d-ab6fa4f14565
2015-04-09 21:58 - 2015-04-09 21:58 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1428616706-11E1-A422-66C45900006B
2015-04-09 21:40 - 2015-04-09 22:19 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2015-04-09 18:56 - 2015-04-09 18:56 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1428605760-11E1-A422-66C45900006B
2015-04-08 23:57 - 2015-04-08 23:57 - 00613255 _____ (CMI Limited) C:\Users\leman124228\AppData\Local\nse97AF.tmp
2015-04-08 23:43 - 2015-04-09 09:13 - 00000000 ____D () C:\ProgramData\{dd0d2e6e-df20-1760-dd0d-d2e6edf2b9bb}
2015-04-08 23:42 - 2015-04-09 18:34 - 00000000 ____D () C:\Users\leman124228\AppData\Local\avaavaxvyy
2015-04-08 23:38 - 2015-04-08 23:38 - 00000000 ____D () C:\Users\leman124228\AppData\Local\CCL
2015-04-08 23:37 - 2015-04-08 23:37 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1428536252-11E1-A422-66C45900006B
2015-04-08 23:02 - 2015-04-10 11:07 - 00001360 _____ () C:\Windows\Tasks\OVMMP.job
2015-04-08 23:02 - 2015-04-08 23:02 - 01844224 _____ (CrossBrowse-1.4V08.04) C:\Users\leman124228\AppData\Roaming\OVMMP.exe
2015-04-08 23:02 - 2015-04-08 23:02 - 00000000 ____D () C:\Program Files\e78aac73-f6dc-4579-892f-6c2e2754f91c
2015-04-08 22:49 - 2015-04-08 22:49 - 00613255 _____ (CMI Limited) C:\Users\leman124228\AppData\Local\nsiAF05.tmp
2015-04-08 00:37 - 2015-04-08 20:52 - 00000000 ____D () C:\ProgramData\{fada103f-f012-d380-fada-a103ff0140ff}
2015-04-08 00:32 - 2015-04-10 10:41 - 00008784 _____ () C:\Windows\system32\CCLOff.ini
2015-04-08 00:32 - 2015-04-08 00:32 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1428453131-11E1-A422-66C45900006B
2015-04-08 00:32 - 2015-04-07 17:43 - 00341696 _____ (CC Corporation) C:\Windows\system32\CCL.dll
2015-04-07 00:27 - 2015-04-07 00:27 - 00613255 _____ (CMI Limited) C:\Users\leman124228\AppData\Local\nso286C.tmp
2015-04-07 00:22 - 2015-04-07 00:22 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1428366144-11E1-A422-66C45900006B
2015-04-06 23:33 - 2015-07-04 20:10 - 00000000 ____D () C:\Program Files\ff574e4d-24e8-45a9-8e49-b4019fd716e5
2015-04-06 23:23 - 2015-04-10 11:12 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1428362604-11E1-A422-66C45900006B
2015-04-06 23:23 - 2015-04-06 23:23 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1428362582-11E1-A422-66C45900006B
2015-04-06 23:20 - 2015-07-04 20:10 - 00000000 ____D () C:\ProgramData\{41507b56-e3ed-bde5-4150-07b56e3eed5b}
2015-04-06 23:19 - 2015-04-10 05:09 - 00000000 ____D () C:\Users\leman124228\AppData\Roaming\C7986848-1428355145-11E1-A422-66C45900006B
2015-04-02 15:16 - 2015-04-08 20:52 - 00000004 _____ () C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-04-02 12:30 - 2015-04-02 12:33 - 00000000 ____D () C:\Program Files\NZBPlayer
2015-04-02 12:30 - 2015-04-02 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NZBPlayer
2015-03-31 17:13 - 2015-03-31 17:13 - 00000000 ____D () C:\ProgramData\dfca264ad1814250892971385366e121
2015-03-31 17:11 - 2015-07-04 19:03 - 00000000 ____D () C:\Program Files\Software
2015-03-31 17:11 - 2015-04-01 09:21 - 00000000 ____D () C:\ProgramData\LolyKey
2015-03-31 17:11 - 2015-03-31 17:11 - 00000000 ____D () C:\ProgramData\05cff463f47148ac829393babaf6c06d
2015-03-26 21:14 - 2015-03-26 21:14 - 00005542 _____ () C:\Users\leman124228\AppData\Roaming\TNMHRMOH
2015-03-26 21:14 - 2015-03-26 21:14 - 00005542 _____ () C:\Users\leman124228\AppData\Roaming\RRUHLZSQ
2015-03-26 21:14 - 2015-03-26 21:14 - 00005542 _____ () C:\Users\leman124228\AppData\Roaming\OVMMP
2015-03-26 21:14 - 2015-03-26 21:14 - 00005542 _____ () C:\Users\leman124228\AppData\Roaming\GXALK
Task: {13960C68-F103-473E-AA7B-1E81810D9655} - System32\Tasks\OVMMP => C:\Users\leman124228\AppData\Roaming\OVMMP.exe [2015-04-08] (CrossBrowse-1.4V08.04) <==== ATTENTION
Task: {25263D8F-F1AA-45A6-AD2B-9943B9C2BFFB} - System32\Tasks\TNMHRMOH => C:\Users\leman124228\AppData\Roaming\TNMHRMOH.exe <==== ATTENTION
Task: {33E9A9B3-72ED-4B17-BD93-63D31056D7F4} - System32\Tasks\JNNBDSK => C:\ProgramData\dfca264ad1814250892971385366e121\dfca264ad1814250892971385366e121.exe [2015-03-31] ()
Task: {38073D4B-CC44-4AC9-A45F-BE2327CF03EA} - System32\Tasks\RRUHLZSQ => C:\Users\leman124228\AppData\Roaming\RRUHLZSQ.exe <==== ATTENTION
Task: {7B6F1A82-5CA6-4A78-9104-969CA2714484} - System32\Tasks\PenWes => C:\Program Files\PenWes\dnshelper.exe <==== ATTENTION
Task: {800531BE-E952-4CAD-BAD5-FD5995F0BC5A} - System32\Tasks\{F0CCA5E3-5120-4014-A554-83897A4D25CA} => pcalua.exe -a C:\Users\leman124228\AppData\Roaming\luckysearches\UninstallManager.exe -c -ptid=buzz
Task: {9478E81C-EF2A-4198-9DDF-093FD6F28206} - System32\Tasks\avaavaxvyy => C:\Users\leman124228\AppData\Local\avaavaxvyy\avaavaxvyy.exe [2015-03-31] () <==== ATTENTION
Task: {D019546D-0064-4CE7-BC98-33B13DBA1751} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files\Optimizer Pro 3.79\OptProLauncher.exe <==== ATTENTION
Task: {D3372049-CDBE-442D-BDCD-2A9E6156B1A8} - System32\Tasks\{7F79953E-B3A5-4AAE-97D6-5FAD1C89A90C} => pcalua.exe -a C:\Users\leman124228\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=smt -simple=0
Task: {F89F23D5-56A8-4245-9368-82438AABA2C5} - System32\Tasks\GXALK => C:\Users\leman124228\AppData\Roaming\GXALK.exe <==== ATTENTION
Task: C:\Windows\Tasks\GXALK.job => C:\Users\leman124228\AppData\Roaming\GXALK.exe <==== ATTENTION
Task: C:\Windows\Tasks\OVMMP.job => C:\Users\leman124228\AppData\Roaming\OVMMP.exe <==== ATTENTION
Task: C:\Windows\Tasks\RRUHLZSQ.job => C:\Users\leman124228\AppData\Roaming\RRUHLZSQ.exe <==== ATTENTION
Task: C:\Windows\Tasks\TNMHRMOH.job => C:\Users\leman124228\AppData\Roaming\TNMHRMOH.exe <==== ATTENTION

Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur


puis réinitialise tes navigateurs:
==================================
Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :



0
Réponse 3 / 4
gregoroux
10 avril 2015 à 12:01
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by leman124228 at 2015-04-10 11:58:44 Run:1
Running from d:\Desktop
Loaded Profiles: leman124228 (Available profiles: ecenter & leman124228)
Boot Mode: Normal

==============================================

Content of fixlist:

R2 beviwojy; C:\Users\leman124228\AppData\Local\C7986848-1428362604-11E1-A422-66C45900006B\snswA29A.tmp [227328 2015-04-06] () [File not signed]

R2 durowigy; C:\Users\leman124228\AppData\Local\C7986848-1428453131-11E1-A422-66C45900006B\insb724.tmp [115712 2015-04-08] () [File not signed]

R2 fenesufi; C:\Users\leman124228\AppData\Local\C7986848-1428616706-11E1-A422-66C45900006B\insm9C61.tmp [115712 2015-04-09] () [File not signed]

R2 gekofyze; C:\Users\leman124228\AppData\Local\C7986848-1428536252-11E1-A422-66C45900006B\insr9F2.tmp [115712 2015-04-08] () [File not signed]

R2 konureno; C:\Users\leman124228\AppData\Local\C7986848-1428362582-11E1-A422-66C45900006B\cnsw5BEC.tmp [163328 2015-04-06] () [File not signed]

R2 myxoqure; C:\Users\leman124228\AppData\Local\C7986848-1428605760-11E1-A422-66C45900006B\insb3304.tmp [115200 2015-04-09] () [File not signed]

R2 pylywusy; C:\Users\leman124228\AppData\Roaming\C7986848-1428355145-11E1-A422-66C45900006B\jnsaFE6D.tmp [131584 2015-04-06] () [File not signed]

R2 qynolozo; C:\Users\leman124228\AppData\Local\C7986848-1428366144-11E1-A422-66C45900006B\inshD4A0.tmp [156672 2015-04-07] () [File not signed]

R2 remezyru; C:\Users\leman124228\AppData\Roaming\C7986848-1428355145-11E1-A422-66C45900006B\nsw3EEF.tmp [296960 2015-04-09] () [File not signed]

R2 tudonyru; C:\Users\leman124228\AppData\Local\C7986848-1433421607-11E1-A422-66C45900006B\insyA3FF.tmp [115200 2015-06-04] () [File not signed]

2015-07-04 20:11 - 2015-07-04 20:11 - 00613255 _____ (CMI Limited) C:\Users\leman124228\AppData\Local\nsi3B8B.tmp

2015-07-04 19:04 - 2015-07-04 19:04 - 00613255 _____ (CMI Limited) C:\Users\leman124228\AppData\Local\nsx9678.tmp

2015-07-04 19:03 - 2015-07-04 19:03 - 00000000 _____ () C:\Windows\system32\Number of results

2015-07-04 18:12 - 2015-04-09 22:40 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB

2015-07-04 18:10 - 2015-07-04 18:10 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1436033410-11E1-A422-66C45900006B

2015-06-04 12:51 - 2015-06-04 16:51 - 00000000 ____D () C:\ProgramData\T122078ED

2015-06-04 12:47 - 2015-07-04 20:10 - 00000000 ____D () C:\Program Files\e96b562f-b6b9-4ec7-a3bb-493ec1af3248

2015-06-04 12:47 - 2015-04-10 11:07 - 00001710 _____ () C:\Windows\Tasks\TNMHRMOH.job

2015-06-04 12:40 - 2015-07-04 20:10 - 00000000 ____D () C:\Program Files\2e31ee0d-6429-42b4-8129-7539b907feff

2015-06-04 12:40 - 2015-06-04 12:40 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1433421607-11E1-A422-66C45900006B

2015-06-04 12:40 - 2015-04-10 11:07 - 00001360 _____ () C:\Windows\Tasks\GXALK.job

2015-04-10 10:46 - 2015-04-10 11:07 - 00000000 ____D () C:\ProgramData\{52093ed3-ae81-68f7-5209-93ed3ae8fb4e}

2015-04-09 23:06 - 2015-04-09 23:08 - 00000000 ____D () C:\Program Files\Cinema PlusV09.04

2015-04-09 23:06 - 2015-04-09 23:06 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1428620778-11E1-A422-66C45900006B

2015-04-09 22:20 - 2015-04-09 22:20 - 00000000 ____D () C:\Users\leman124228\AppData\Roaming\Optimizer Pro

2015-04-09 22:14 - 2015-04-10 10:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2

2015-04-09 22:14 - 2015-04-09 22:34 - 00000000 ____D () C:\ProgramData\{39876f9c-e763-b50a-3987-76f9ce76be73}

2015-04-09 22:00 - 2015-04-09 22:00 - 00613255 _____ (CMI Limited) C:\Users\leman124228\AppData\Local\nsc7AA3.tmp

2015-04-09 21:59 - 2015-04-10 11:07 - 00001710 _____ () C:\Windows\Tasks\RRUHLZSQ.job

2015-04-09 21:59 - 2015-04-09 23:08 - 00000000 ____D () C:\Program Files\dce1daef-773c-4fec-8b3d-ab6fa4f14565

2015-04-09 21:58 - 2015-04-09 21:58 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1428616706-11E1-A422-66C45900006B

2015-04-09 21:40 - 2015-04-09 22:19 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin

2015-04-09 18:56 - 2015-04-09 18:56 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1428605760-11E1-A422-66C45900006B

2015-04-08 23:57 - 2015-04-08 23:57 - 00613255 _____ (CMI Limited) C:\Users\leman124228\AppData\Local\nse97AF.tmp

2015-04-08 23:43 - 2015-04-09 09:13 - 00000000 ____D () C:\ProgramData\{dd0d2e6e-df20-1760-dd0d-d2e6edf2b9bb}

2015-04-08 23:42 - 2015-04-09 18:34 - 00000000 ____D () C:\Users\leman124228\AppData\Local\avaavaxvyy

2015-04-08 23:38 - 2015-04-08 23:38 - 00000000 ____D () C:\Users\leman124228\AppData\Local\CCL

2015-04-08 23:37 - 2015-04-08 23:37 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1428536252-11E1-A422-66C45900006B

2015-04-08 23:02 - 2015-04-10 11:07 - 00001360 _____ () C:\Windows\Tasks\OVMMP.job

2015-04-08 23:02 - 2015-04-08 23:02 - 01844224 _____ (CrossBrowse-1.4V08.04) C:\Users\leman124228\AppData\Roaming\OVMMP.exe

2015-04-08 23:02 - 2015-04-08 23:02 - 00000000 ____D () C:\Program Files\e78aac73-f6dc-4579-892f-6c2e2754f91c

2015-04-08 22:49 - 2015-04-08 22:49 - 00613255 _____ (CMI Limited) C:\Users\leman124228\AppData\Local\nsiAF05.tmp

2015-04-08 00:37 - 2015-04-08 20:52 - 00000000 ____D () C:\ProgramData\{fada103f-f012-d380-fada-a103ff0140ff}

2015-04-08 00:32 - 2015-04-10 10:41 - 00008784 _____ () C:\Windows\system32\CCLOff.ini

2015-04-08 00:32 - 2015-04-08 00:32 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1428453131-11E1-A422-66C45900006B

2015-04-08 00:32 - 2015-04-07 17:43 - 00341696 _____ (CC Corporation) C:\Windows\system32\CCL.dll

2015-04-07 00:27 - 2015-04-07 00:27 - 00613255 _____ (CMI Limited) C:\Users\leman124228\AppData\Local\nso286C.tmp

2015-04-07 00:22 - 2015-04-07 00:22 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1428366144-11E1-A422-66C45900006B

2015-04-06 23:33 - 2015-07-04 20:10 - 00000000 ____D () C:\Program Files\ff574e4d-24e8-45a9-8e49-b4019fd716e5

2015-04-06 23:23 - 2015-04-10 11:12 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1428362604-11E1-A422-66C45900006B

2015-04-06 23:23 - 2015-04-06 23:23 - 00000000 ____D () C:\Users\leman124228\AppData\Local\C7986848-1428362582-11E1-A422-66C45900006B

2015-04-06 23:20 - 2015-07-04 20:10 - 00000000 ____D () C:\ProgramData\{41507b56-e3ed-bde5-4150-07b56e3eed5b}

2015-04-06 23:19 - 2015-04-10 05:09 - 00000000 ____D () C:\Users\leman124228\AppData\Roaming\C7986848-1428355145-11E1-A422-66C45900006B

2015-04-02 15:16 - 2015-04-08 20:52 - 00000004 _____ () C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7

2015-04-02 12:30 - 2015-04-02 12:33 - 00000000 ____D () C:\Program Files\NZBPlayer

2015-04-02 12:30 - 2015-04-02 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NZBPlayer

2015-03-31 17:13 - 2015-03-31 17:13 - 00000000 ____D () C:\ProgramData\dfca264ad1814250892971385366e121

2015-03-31 17:11 - 2015-07-04 19:03 - 00000000 ____D () C:\Program Files\Software

2015-03-31 17:11 - 2015-04-01 09:21 - 00000000 ____D () C:\ProgramData\LolyKey

2015-03-31 17:11 - 2015-03-31 17:11 - 00000000 ____D () C:\ProgramData\05cff463f47148ac829393babaf6c06d

2015-03-26 21:14 - 2015-03-26 21:14 - 00005542 _____ () C:\Users\leman124228\AppData\Roaming\TNMHRMOH

2015-03-26 21:14 - 2015-03-26 21:14 - 00005542 _____ () C:\Users\leman124228\AppData\Roaming\RRUHLZSQ

2015-03-26 21:14 - 2015-03-26 21:14 - 00005542 _____ () C:\Users\leman124228\AppData\Roaming\OVMMP

2015-03-26 21:14 - 2015-03-26 21:14 - 00005542 _____ () C:\Users\leman124228\AppData\Roaming\GXALK

Task: {13960C68-F103-473E-AA7B-1E81810D9655} - System32\Tasks\OVMMP => C:\Users\leman124228\AppData\Roaming\OVMMP.exe [2015-04-08] (CrossBrowse-1.4V08.04) <==== ATTENTION

Task: {25263D8F-F1AA-45A6-AD2B-9943B9C2BFFB} - System32\Tasks\TNMHRMOH => C:\Users\leman124228\AppData\Roaming\TNMHRMOH.exe <==== ATTENTION

Task: {33E9A9B3-72ED-4B17-BD93-63D31056D7F4} - System32\Tasks\JNNBDSK => C:\ProgramData\dfca264ad1814250892971385366e121\dfca264ad1814250892971385366e121.exe [2015-03-31] ()

Task: {38073D4B-CC44-4AC9-A45F-BE2327CF03EA} - System32\Tasks\RRUHLZSQ => C:\Users\leman124228\AppData\Roaming\RRUHLZSQ.exe <==== ATTENTION

Task: {7B6F1A82-5CA6-4A78-9104-969CA2714484} - System32\Tasks\PenWes => C:\Program Files\PenWes\dnshelper.exe <==== ATTENTION

Task: {800531BE-E952-4CAD-BAD5-FD5995F0BC5A} - System32\Tasks\{F0CCA5E3-5120-4014-A554-83897A4D25CA} => pcalua.exe -a C:\Users\leman124228\AppData\Roaming\luckysearches\UninstallManager.exe -c -ptid=buzz

Task: {9478E81C-EF2A-4198-9DDF-093FD6F28206} - System32\Tasks\avaavaxvyy => C:\Users\leman124228\AppData\Local\avaavaxvyy\avaavaxvyy.exe [2015-03-31] () <==== ATTENTION

Task: {D019546D-0064-4CE7-BC98-33B13DBA1751} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files\Optimizer Pro 3.79\OptProLauncher.exe <==== ATTENTION

Task: {D3372049-CDBE-442D-BDCD-2A9E6156B1A8} - System32\Tasks\{7F79953E-B3A5-4AAE-97D6-5FAD1C89A90C} => pcalua.exe -a C:\Users\leman124228\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=smt -simple=0

Task: {F89F23D5-56A8-4245-9368-82438AABA2C5} - System32\Tasks\GXALK => C:\Users\leman124228\AppData\Roaming\GXALK.exe <==== ATTENTION

Task: C:\Windows\Tasks\GXALK.job => C:\Users\leman124228\AppData\Roaming\GXALK.exe <==== ATTENTION

Task: C:\Windows\Tasks\OVMMP.job => C:\Users\leman124228\AppData\Roaming\OVMMP.exe <==== ATTENTION

Task: C:\Windows\Tasks\RRUHLZSQ.job => C:\Users\leman124228\AppData\Roaming\RRUHLZSQ.exe <==== ATTENTION

Task: C:\Windows\Tasks\TNMHRMOH.job => C:\Users\leman124228\AppData\Roaming\TNMHRMOH.exe <==== ATTENTION


beviwojy => Service stopped successfully.
beviwojy => Service deleted successfully.
durowigy => Service stopped successfully.
durowigy => Service deleted successfully.
fenesufi => Service stopped successfully.
fenesufi => Service deleted successfully.
gekofyze => Service stopped successfully.
gekofyze => Service deleted successfully.
konureno => Service stopped successfully.
konureno => Service deleted successfully.
myxoqure => Service stopped successfully.
myxoqure => Service deleted successfully.
pylywusy => Service stopped successfully.
pylywusy => Service deleted successfully.
qynolozo => Service stopped successfully.
qynolozo => Service deleted successfully.
remezyru => Service stopped successfully.
remezyru => Service deleted successfully.
tudonyru => Service stopped successfully.
tudonyru => Service deleted successfully.
C:\Users\leman124228\AppData\Local\nsi3B8B.tmp => Moved successfully.
C:\Users\leman124228\AppData\Local\nsx9678.tmp => Moved successfully.
C:\Windows\system32\Number of results => Moved successfully.
C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB => Moved successfully.
C:\Users\leman124228\AppData\Local\C7986848-1436033410-11E1-A422-66C45900006B => Moved successfully.
C:\ProgramData\T122078ED => Moved successfully.
C:\Program Files\e96b562f-b6b9-4ec7-a3bb-493ec1af3248 => Moved successfully.
C:\Windows\Tasks\TNMHRMOH.job => Moved successfully.
C:\Program Files\2e31ee0d-6429-42b4-8129-7539b907feff => Moved successfully.
C:\Users\leman124228\AppData\Local\C7986848-1433421607-11E1-A422-66C45900006B => Moved successfully.
C:\Windows\Tasks\GXALK.job => Moved successfully.
C:\ProgramData\{52093ed3-ae81-68f7-5209-93ed3ae8fb4e} => Moved successfully.
C:\Program Files\Cinema PlusV09.04 => Moved successfully.
C:\Users\leman124228\AppData\Local\C7986848-1428620778-11E1-A422-66C45900006B => Moved successfully.
C:\Users\leman124228\AppData\Roaming\Optimizer Pro => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2 => Moved successfully.
C:\ProgramData\{39876f9c-e763-b50a-3987-76f9ce76be73} => Moved successfully.
C:\Users\leman124228\AppData\Local\nsc7AA3.tmp => Moved successfully.
C:\Windows\Tasks\RRUHLZSQ.job => Moved successfully.
C:\Program Files\dce1daef-773c-4fec-8b3d-ab6fa4f14565 => Moved successfully.
C:\Users\leman124228\AppData\Local\C7986848-1428616706-11E1-A422-66C45900006B => Moved successfully.
C:\PhysicalDisk0_MBR.bin => Moved successfully.
C:\Users\leman124228\AppData\Local\C7986848-1428605760-11E1-A422-66C45900006B => Moved successfully.
C:\Users\leman124228\AppData\Local\nse97AF.tmp => Moved successfully.
C:\ProgramData\{dd0d2e6e-df20-1760-dd0d-d2e6edf2b9bb} => Moved successfully.
C:\Users\leman124228\AppData\Local\avaavaxvyy => Moved successfully.
C:\Users\leman124228\AppData\Local\CCL => Moved successfully.
C:\Users\leman124228\AppData\Local\C7986848-1428536252-11E1-A422-66C45900006B => Moved successfully.
C:\Windows\Tasks\OVMMP.job => Moved successfully.
C:\Users\leman124228\AppData\Roaming\OVMMP.exe => Moved successfully.
C:\Program Files\e78aac73-f6dc-4579-892f-6c2e2754f91c => Moved successfully.
C:\Users\leman124228\AppData\Local\nsiAF05.tmp => Moved successfully.
C:\ProgramData\{fada103f-f012-d380-fada-a103ff0140ff} => Moved successfully.
C:\Windows\system32\CCLOff.ini => Moved successfully.
C:\Users\leman124228\AppData\Local\C7986848-1428453131-11E1-A422-66C45900006B => Moved successfully.
C:\Windows\system32\CCL.dll => Moved successfully.
C:\Users\leman124228\AppData\Local\nso286C.tmp => Moved successfully.
C:\Users\leman124228\AppData\Local\C7986848-1428366144-11E1-A422-66C45900006B => Moved successfully.
C:\Program Files\ff574e4d-24e8-45a9-8e49-b4019fd716e5 => Moved successfully.
C:\Users\leman124228\AppData\Local\C7986848-1428362604-11E1-A422-66C45900006B => Moved successfully.
C:\Users\leman124228\AppData\Local\C7986848-1428362582-11E1-A422-66C45900006B => Moved successfully.
C:\ProgramData\{41507b56-e3ed-bde5-4150-07b56e3eed5b} => Moved successfully.
C:\Users\leman124228\AppData\Roaming\C7986848-1428355145-11E1-A422-66C45900006B => Moved successfully.
C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
C:\Program Files\NZBPlayer => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NZBPlayer => Moved successfully.
C:\ProgramData\dfca264ad1814250892971385366e121 => Moved successfully.
C:\Program Files\Software => Moved successfully.
C:\ProgramData\LolyKey => Moved successfully.
C:\ProgramData\05cff463f47148ac829393babaf6c06d => Moved successfully.
C:\Users\leman124228\AppData\Roaming\TNMHRMOH => Moved successfully.
C:\Users\leman124228\AppData\Roaming\RRUHLZSQ => Moved successfully.
C:\Users\leman124228\AppData\Roaming\OVMMP => Moved successfully.
C:\Users\leman124228\AppData\Roaming\GXALK => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{13960C68-F103-473E-AA7B-1E81810D9655}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{13960C68-F103-473E-AA7B-1E81810D9655}" => Key deleted successfully.
C:\Windows\System32\Tasks\OVMMP => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OVMMP" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{25263D8F-F1AA-45A6-AD2B-9943B9C2BFFB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25263D8F-F1AA-45A6-AD2B-9943B9C2BFFB}" => Key deleted successfully.
C:\Windows\System32\Tasks\TNMHRMOH => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TNMHRMOH" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33E9A9B3-72ED-4B17-BD93-63D31056D7F4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33E9A9B3-72ED-4B17-BD93-63D31056D7F4}" => Key deleted successfully.
C:\Windows\System32\Tasks\JNNBDSK => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JNNBDSK" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{38073D4B-CC44-4AC9-A45F-BE2327CF03EA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{38073D4B-CC44-4AC9-A45F-BE2327CF03EA}" => Key deleted successfully.
C:\Windows\System32\Tasks\RRUHLZSQ => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RRUHLZSQ" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7B6F1A82-5CA6-4A78-9104-969CA2714484}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B6F1A82-5CA6-4A78-9104-969CA2714484}" => Key deleted successfully.
C:\Windows\System32\Tasks\PenWes => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PenWes" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{800531BE-E952-4CAD-BAD5-FD5995F0BC5A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{800531BE-E952-4CAD-BAD5-FD5995F0BC5A}" => Key deleted successfully.
C:\Windows\System32\Tasks\{F0CCA5E3-5120-4014-A554-83897A4D25CA} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F0CCA5E3-5120-4014-A554-83897A4D25CA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9478E81C-EF2A-4198-9DDF-093FD6F28206}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9478E81C-EF2A-4198-9DDF-093FD6F28206}" => Key deleted successfully.
C:\Windows\System32\Tasks\avaavaxvyy => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\avaavaxvyy" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D019546D-0064-4CE7-BC98-33B13DBA1751}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D019546D-0064-4CE7-BC98-33B13DBA1751}" => Key deleted successfully.
C:\Windows\System32\Tasks\Optimizer Pro Schedule => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3372049-CDBE-442D-BDCD-2A9E6156B1A8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3372049-CDBE-442D-BDCD-2A9E6156B1A8}" => Key deleted successfully.
C:\Windows\System32\Tasks\{7F79953E-B3A5-4AAE-97D6-5FAD1C89A90C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7F79953E-B3A5-4AAE-97D6-5FAD1C89A90C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F89F23D5-56A8-4245-9368-82438AABA2C5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F89F23D5-56A8-4245-9368-82438AABA2C5}" => Key deleted successfully.
C:\Windows\System32\Tasks\GXALK => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GXALK" => Key deleted successfully.
C:\Windows\Tasks\GXALK.job not found.
C:\Windows\Tasks\OVMMP.job not found.
C:\Windows\Tasks\RRUHLZSQ.job not found.
C:\Windows\Tasks\TNMHRMOH.job not found.

End of Fixlog 11:59:13

0
Réponse 4 / 4
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
10 avril 2015 à 12:05
fais le reste et vois ce que cela donne.
0

Discussions similaires

Mon pc s'allume et s'éteint en boucle
Jack -
Daniel -

16 réponses