Ordi totalement bloqué par virus trovi

Résolu
Ferrayonnes -  
 Ferrayones -
Bonjour,
Je suis complètement bloqué par une succession de pages qui s'ouvrent. Elles semblent envoyées entre autres par "Trovi".
Pouvez-vous m'aider ?

Merci d'avance

Ps : je n'ai même pas pu m'inscrire sur le forum, ma messagerie Outlook express est également bloquée

12 réponses

  1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Salut,

    Tu as installé des adwares et programmes parasites sur ton PC qui ouvrent des publicités et ralentissent l'ordinateur et les navigateurs WEB.
    Voici la procédure à suivre pour les supprimer :

    Commence par ceci :

    Suis le tutorial AdwCleaner https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= ( d'Xplode )
    Télécharge le sur ton bureau ou dossier de téléchargement.
    Lance AdwCleaner, clique sur [Scanner].
    L'analyse peux durer plusieurs minutes, patiente.
    Une fois le scan terminé, ne décoche rien, clique sur [Nettoyer]

    Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
    Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

    Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt

    puis :

    Suis ce tutoriel FRST: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
    (et bien prendre le temps de lire afin d'appliquer correctement - tout y est expliqué).
    Télécharge et lance le scan FRST, cela va générer trois rapports FRST :
    • FRST.txt
    • Shortcut.txt
    • Additionnal.txt


    Envoie, comme expliqué, ces trois rapports sur le site http://pjjoint.malekal.com et en retour donne les trois liens pjjoint qui mènent à ses rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.

    0
  2. Ferrayonnes
     
    Merci pour ta réponse rapide. J'ai eu un peu de mal à télécharger Adw cleaner et à obtenir le rapport, avec la kyrielle de fenêtres et d'onglets qui s'ouvraient, mais voilà le rapport :

    # AdwCleaner v4.201 - Logfile created 22/04/2015 at 18:32:50
    # Updated 08/04/2015 by Xplode
    # Database : 2015-04-08.1 [Server]
    # Operating system : Microsoft Windows XP Service Pack 3 (x86)
    # Username : Alain_2 - WORKSTATION
    # Running from : C:\Documents and Settings\Alain_2\Mes documents\Téléchargements\adwcleaner_4.201.exe
    # Option : Cleaning
            • [ Services ] *****


    [#] Service Deleted : CltMngSvc
    [#] Service Deleted : globalUpdate
    [#] Service Deleted : globalUpdatem
    [#] Service Deleted : WaNetworkEnhance Service
    [#] Service Deleted : Update Browser Good
    [#] Service Deleted : Util Browser Good
    [#] Service Deleted : {83d61599-0efb-4f42-943e-3fde87e711f5}Gt
    [#] Service Deleted : BIAuDUtAqKY
            • [ Files / Folders ] *****


    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Browser
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\NetEngine
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\luqlbZcdjnc
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\3211c19a00002caa
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\ae5c4a8200007ae1
    Folder Deleted : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\GAMESDESKTOP
    Folder Deleted : C:\Documents and Settings\All Users\Menu Démarrer\Programmes\WaNetworkEnhance
    Folder Deleted : C:\Program Files\globalUpdate
    Folder Deleted : C:\Program Files\SearchProtect
    Folder Deleted : C:\Program Files\TelevisionFanaticEI
    Folder Deleted : C:\Program Files\GU Player
    Folder Deleted : C:\Program Files\WSE_Taplika
    Folder Deleted : C:\Program Files\Browser Good
    Folder Deleted : C:\Program Files\WaNetworkEnhance
    Folder Deleted : C:\Program Files\Plus HD Video 3.1cV03.04
    Folder Deleted : C:\Program Files\gmsd_fr_319
    Folder Deleted : C:\Documents and Settings\Alain\Local Settings\Application Data\iMesh
    Folder Deleted : C:\Documents and Settings\Alain\Local Settings\Application Data\SearchProtect
    Folder Deleted : C:\Documents and Settings\Alain\Local Settings\Application Data\BoBrowser
    Folder Deleted : C:\Documents and Settings\Alain\Local Settings\Application Data\speed browser
    Folder Deleted : C:\Documents and Settings\Alain\Local Settings\Application Data\Binkiland
    Folder Deleted : C:\Documents and Settings\Alain\Local Settings\Application Data\gmsd_fr_319
    Folder Deleted : C:\Documents and Settings\Alain\Application Data\cacaoweb
    Folder Deleted : C:\Documents and Settings\Alain\Application Data\Iminent
    Folder Deleted : C:\Documents and Settings\Alain\Application Data\mixidj
    Folder Deleted : C:\Documents and Settings\Alain\Application Data\Nosibay
    Folder Deleted : C:\Documents and Settings\Alain\Menu Démarrer\Programmes\GU Player
    Folder Deleted : C:\Documents and Settings\Alain_2\Local Settings\Application Data\globalUpdate
    Folder Deleted : C:\Documents and Settings\Alain_2\Local Settings\Application Data\SearchProtect
    Folder Deleted : C:\Documents and Settings\Alain_2\Local Settings\Application Data\BoBrowser
    Folder Deleted : C:\Documents and Settings\Alain_2\Local Settings\Application Data\gmsd_fr_319
    Folder Deleted : C:\Documents and Settings\Alain_2\Application Data\Nosibay
    Folder Deleted : C:\Documents and Settings\Alain_2\Application Data\OpenCandy
    Folder Deleted : C:\Documents and Settings\Alain_2\Application Data\WTools
    Folder Deleted : C:\Documents and Settings\Alain_2\Application Data\WSE_Taplika
    Folder Deleted : C:\Documents and Settings\Alain_2\Menu Démarrer\Programmes\GU Player
    Folder Deleted : C:\Documents and Settings\Alain_2\Application Data\Mozilla\Firefox\Profiles\8wz37lgd.default\Extensions\***@***
    File Deleted : C:\Documents and Settings\Alain_2\Application Data\Mozilla\Firefox\Profiles\8wz37lgd.default\Extensions\{83d61599-0efb-4f42-943e-3fde87e711f5}.xpi
    File Deleted : C:\Documents and Settings\Alain\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
    File Deleted : C:\END
    File Deleted : C:\WINDOWS\AppPatch\Custom\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}.sdb
    File Deleted : C:\WINDOWS\AppPatch\nbin\VC32Loader.dll
    File Deleted : C:\WINDOWS\system32\drivers\{83d61599-0efb-4f42-943e-3fde87e711f5}Gt.sys
    File Deleted : C:\Documents and Settings\Alain\Application Data\Bubble Dock.boostrap.log
    File Deleted : C:\Documents and Settings\Alain\Application Data\Bubble Dock.installation.log
    File Deleted : C:\Documents and Settings\Alain\Application Data\WindApp.boostrap.log
    File Deleted : C:\Documents and Settings\Alain\Application Data\Microsoft\Internet Explorer\Quick Launch\BoBrowser.lnk
    File Deleted : C:\Documents and Settings\Alain\Application Data\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk
    File Deleted : C:\Documents and Settings\Alain\Menu Démarrer\Programmes\Démarrage\OptimizerProInstaller.lnk
    File Deleted : C:\Documents and Settings\Alain\Bureau\cacaoweb.exe
    File Deleted : C:\Documents and Settings\Alain\Bureau\Facebook.lnk
    File Deleted : C:\Documents and Settings\Alain\Bureau\Youtube.lnk
    File Deleted : C:\Documents and Settings\Alain_2\Application Data\Bubble Dock.boostrap.log
    File Deleted : C:\Documents and Settings\Alain_2\Application Data\Bubble Dock.installation.log
    File Deleted : C:\Documents and Settings\Alain_2\Application Data\Selection Tools.installation.log
    File Deleted : C:\Documents and Settings\Alain_2\Application Data\WindApp.boostrap.log
    File Deleted : C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\3qvszm78.default\searchplugins\mixidj.xml
    File Deleted : C:\Documents and Settings\Alain\Application Data\Mozilla\Firefox\Profiles\nv86o05p.default-1428079273781\searchplugins\Taplika.xml
    File Deleted : C:\Documents and Settings\Alain_2\Application Data\Mozilla\Firefox\Profiles\8wz37lgd.default\searchplugins\Taplika.xml
    File Deleted : C:\Documents and Settings\Alain_2\Application Data\Mozilla\Firefox\Profiles\8wz37lgd.default\searchplugins\trovi.xml
    File Deleted : C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\3qvszm78.default\user.js
    File Deleted : C:\Documents and Settings\Alain_2\Application Data\Mozilla\Firefox\Profiles\8wz37lgd.default\user.js
            • [ Scheduled tasks ] *****


    Task Deleted : globalUpdateUpdateTaskMachineCore
    Task Deleted : globalUpdateUpdateTaskMachineUA
    Task Deleted : bb7212eb-de68-4bed-be6c-2cdd4170ffc4-1-6
    Task Deleted : bb7212eb-de68-4bed-be6c-2cdd4170ffc4-10_user
            • [ Shortcuts ] *****
            • [ Registry ] *****


    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\defdhglnppeioeflggkmglipcecffkhk
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
    Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Bubble Dock
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
    Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\InstalledsDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update Browser Good
    Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util Browser Good
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [upgmsd_fr_319.exe]
    Key Deleted : HKLM\SOFTWARE\1a34a66d-59d9-0e6d-07e4-d8452537d34d
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A2773ED4-83BD-488A-A186-73590706C916}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2DD0916F-60DE-4413-8198-D3C9D9B959D1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D14ED2E1-C75B-443c-BD7C-111111111114}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{45210c8b-d8c6-4fbe-99a0-2add70d53422}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DD0916F-60DE-4413-8198-D3C9D9B959D1}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2FF49ED5-A3EF-410B-918E-97DECEB5996D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{015DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0CACCF86-4D37-4DBE-9AAF-51C817A8A58C}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{79096E8E-F8B5-4F97-9EE8-7E59B5566BFF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3ED6B58F-DDAA-4B0A-9A18-F59FD0919A83}
    Key Deleted : HKCU\Software\DynConIE
    Key Deleted : HKCU\Software\GlobalUpdate
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Nosibay
    Key Deleted : HKCU\Software\Optimizer Pro
    Key Deleted : HKCU\Software\Store
    Key Deleted : HKCU\Software\Tutorials
    Key Deleted : HKCU\Software\TutoTag
    Key Deleted : HKCU\Software\BoBrowser
    Key Deleted : HKCU\Software\GAMESDESKTOP
    Key Deleted : HKCU\Software\WTools
    Key Deleted : HKCU\Software\WSE_Taplika
    Key Deleted : HKCU\Software\Plus HD Video 3.1cV03.04
    Key Deleted : HKCU\Software\Browser Good
    Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
    Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
    Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
    Key Deleted : HKLM\SOFTWARE\Crossrider
    Key Deleted : HKLM\SOFTWARE\GlobalUpdate
    Key Deleted : HKLM\SOFTWARE\Iminent
    Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
    Key Deleted : HKLM\SOFTWARE\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Tutorials
    Key Deleted : HKLM\SOFTWARE\SpeedBrowser
    Key Deleted : HKLM\SOFTWARE\Clara
    Key Deleted : HKLM\SOFTWARE\mystartsearchSoftware
    Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
    Key Deleted : HKLM\SOFTWARE\SPPDCOM
    Key Deleted : HKLM\SOFTWARE\WaNetworkEnhance
    Key Deleted : HKLM\SOFTWARE\Plus HD Video 3.1cV03.04
    Key Deleted : HKLM\SOFTWARE\Browser Good
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Selection Tools
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZombieNews
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Taplika
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus HD Video 3.1cV03.04
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Browser Good
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_fr_319_is1
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Selection Tools
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AutocompletePro3_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\IMBoosterARP
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZombieNews
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Super Optimizer_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WSE_Taplika
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus HD Video 3.1cV03.04
    Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~1\searchprotect\searchprotect\bin\vc32loader.dll
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SoftwareUpdate.exe
    Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:1495;hxxps=127.0.0.1:1495;
    Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
    Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:1495;hxxps=127.0.0.1:1495;
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
            • [ Web browsers ] *****


    -\\ Internet Explorer v8.0.6001.18702

    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
    Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
    Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

    -\\ Mozilla Firefox v37.0.2 (x86 fr)

    [3qvszm78.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://taplika.com/?f=1&a=tpl_tuto_15_14&cd=2XzuyEtN2Y1L1QzutDtDyEzzyDyEzz0D0CzzzztD0DtD0ByDtN0D0Tzu0StCtCzzzztN1L2XzutAtFzztFtAtFtAtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2[...]
    [3qvszm78.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
    [3qvszm78.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
    [3qvszm78.default\prefs.js] - Line Deleted : user_pref("extensions.wrc.SearchRules.terra.com.br.style", ".WRCN {display:none} #searchResultsDiv .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
    [8wz37lgd.default\prefs.js] - Line Deleted : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3330124&octid=EB_ORIGINAL_CTID&ISID=M32E424A2-A7D1-4FA9-9F26-98D3A3DEBF9F&SearchSource=69&CUI=&SSPV=SP2230TB_sp_ff&Lay=1&UM=8&UP=SPF8A[...]
    [8wz37lgd.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename", "Trovi");
    [8wz37lgd.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Trovi");
    [8wz37lgd.default\prefs.js] - Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.trovi.com/?gd=&ctid=CT3330124&octid=EB_ORIGINAL_CTID&ISID=M32E424A2-A7D1-4FA9-9F26-98D3A3DEBF9F&SearchSource=55&CUI=&UM=8&UP=SPF8AAD313-0295-4670-89E9[...]
    [8wz37lgd.default\prefs.js] - Line Deleted : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.cookie.previous_page.value", "%22hxxp%3A//www.trovi.com/%3Fgd%3D%26ctid%3DCT3330124%26octid%3DEB_ORIGINAL_CTID%26ISID[...]
    [8wz37lgd.default\prefs.js] - Line Deleted : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon[...]
    [8wz37lgd.default\prefs.js] - Line Deleted : user_pref("extensions.ad4db60df25f14dae9dd18185c395f9e794c9ab86be3ebcom72893.72893.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2[...]
    [8wz37lgd.default\prefs.js] - Line Deleted : user_pref("extensions.crossrider.bic", "14c8041e9c129d59d3885d3020823013");

    -\\ Google Chrome v

    [C:\Documents and Settings\Alain\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - Deleted [Extension] : eofcbnmajmjmplflapaojjnihcjkigck
    [C:\Documents and Settings\Alain\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - Deleted [Homepage] : hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-334&v=n9396-122&t=4
    [C:\Documents and Settings\Alain\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences] - Deleted [Startup_URLs] : hxxp://www.search.ask.com/?o=APN10653A&gct=hp&d=1-334&v=n9396-122&t=4

    AdwCleaner[R0].txt - [29118 bytes] - [22/04/2015 18:19:21]
    AdwCleaner[S0].txt - [26943 bytes] - [22/04/2015 18:32:50]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [27003 bytes] ##########
    0
    1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
       
      ok passe à FRST =)
      0
  3. Ferrayonnes
     
    Voilà les trois liens vers les rapports de FRST :

    http://pjjoint.malekal.com/files.php?id=20150422_f14v15g5s9t12

    http://pjjoint.malekal.com/files.php?id=20150422_k11h11o13z14y13

    http://pjjoint.malekal.com/files.php?id=20150422_g15u13d9v7e5

    Encore un grand merci pour ton aide.
    0
    1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
       
      il manque FRST.txt
      0
  4. Ferrayonnes
     
    Désolé. Le voilà :

    http://pjjoint.malekal.com/files.php?id=20150423_f13r12k6f7s5

    A+
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Voici la correction à effectuer avec FRST.
    Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

    Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
    Copie/colle dedans ce qui suit :

    Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
    Task: C:\WINDOWS\Tasks\Selection Tools Update.job => C:\Documents and Settings\Alain_2\Application Data\WTools\Selection Tools\Selection Tools Update.exe
    Task: C:\WINDOWS\Tasks\avabvxvadx.job => C:\Documents and Settings\Alain_2\Local Settings\Application Data\avabvxvadx\avabvxvadx.exe C:\Documents and Settings\Alain_2\Local Settings\Application Data\avabvxvadx\avabvxvadx.exe
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1085031214-1383384898-1417001333-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:1495;https=127.0.0.1:1495;
    2015-04-22 11:19 - 2015-04-22 18:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{0a1387db-b0b1-74a7-0a13-387dbb0b1f6e}
    2015-04-22 11:17 - 2015-04-22 18:10 - 00000550 _____ () C:\WINDOWS\Tasks\avabvxvadx.job
    2015-04-22 11:17 - 2015-04-22 18:10 - 00000000 ____D () C:\Documents and Settings\Alain_2\Local Settings\Application Data\avabvxvadx
    2015-04-21 13:25 - 2015-04-21 13:25 - 00000375 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
    2015-04-21 12:18 - 2015-04-21 12:18 - 00000000 __SHD () C:\Documents and Settings\Alain_2\IECompatCache
    2015-04-20 23:38 - 2010-01-14 15:49 - 00373507 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150420-233850.backup
    2015-04-20 22:32 - 2015-04-20 22:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
    2015-04-20 20:25 - 2015-04-20 20:26 - 00097193 ____C () C:\Documents and Settings\Alain\Local Settings\Application Data\FASTWiz.log
    2015-04-19 14:20 - 2015-04-19 14:20 - 00274045 _____ () C:\Documents and Settings\Alain_2\Local Settings\Application Data\dsi1.dat
    2015-04-19 14:20 - 2015-04-19 14:20 - 00161916 _____ () C:\Documents and Settings\Alain_2\Local Settings\Application Data\dsi2.dat
    2015-04-08 10:58 - 2015-04-08 10:58 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\speed browser
    2015-04-07 08:59 - 2015-04-07 10:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\T122078ED
    2015-04-07 08:57 - 2015-04-07 08:57 - 00274045 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\dsi1.dat
    2015-04-07 08:57 - 2015-04-07 08:57 - 00161916 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\dsi2.dat
    2015-04-04 00:57 - 2015-04-20 18:58 - 00000098 _____ () C:\Documents and Settings\NetworkService\Application Data\WB.CFG
    2015-04-03 19:09 - 2015-04-22 18:18 - 00000000 ____D () C:\Documents and Settings\Alain_2\Local Settings\Application Data\ZombieNews
    2015-04-03 19:05 - 2015-04-22 18:06 - 00000004 _____ () C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
    2015-04-03 19:05 - 2015-04-22 11:10 - 00000133 _____ () C:\Documents and Settings\Alain_2\Application Data\WB.CFG
    2015-04-03 19:02 - 2015-04-19 19:44 - 00000000 ____D () C:\Documents and Settings\Alain\Local Settings\Application Data\ZombieNews
    2015-04-03 18:57 - 2015-04-22 18:57 - 00000414 _____ () C:\WINDOWS\Tasks\At1.job
    2015-04-03 18:56 - 2015-04-22 18:56 - 00001000 _____ () C:\WINDOWS\Tasks\Taplika cana.job
    2015-04-03 18:56 - 2015-04-03 18:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{62A68A65-3224-5BE3-83A2-2B615320F8EF}
    2015-04-03 18:54 - 2015-04-21 09:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ZombieNews
    2015-04-17 22:41 - 2015-03-16 23:57 - 00001672 ____C () C:\Documents and Settings\Alain\Bureau\Wikipedia.lnk
    2015-04-17 22:41 - 2015-03-16 23:57 - 00001672 ____C () C:\Documents and Settings\Alain\Bureau\Hotmail.lnk
    2015-04-17 22:41 - 2015-03-16 23:57 - 00001672 ____C () C:\Documents and Settings\Alain\Bureau\Amazon.lnk
    2015-04-08 10:33 - 2012-02-09 01:56 - 00001324 ____C () C:\Documents and Settings\Alain\Local Settings\Application Data\d3d9caps.tmp
    2015-03-26 21:14 - 2015-03-26 21:14 - 0005542 _____ () C:\Documents and Settings\Alain_2\Application Data\RNONDP
    2015-03-26 21:14 - 2015-03-26 21:14 - 0004185 _____ () C:\Documents and Settings\Alain_2\Application Data\RUAMID

    Une fois, le texte coller dans le bloc-note.
    Menu Fichier puis Enregistrer sous.
    A gauche, place toi sur le bureau.

    Dans le champs en bas, nom du fichier mets : fixlist.txt
    Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

    Relance FRST qui doit se trouver sur le bureau et clic sur le bouton Fix
    Selon comment un redémarrage est nécessaire (pas obligatoire).
    Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

    Redémarre l'ordinateur

    puis réinitialise tes navigateurs:
    ==================================
    Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :

    0
  7. Ferrayonnes
     
    Merci pour tes réponses rapides. Je réponds moins vite parceque c'est l'ordi de mon fils qui était infecté. A chaque fois, je consulte tes réponses sur le mien et je file ensuite chez lui....
    Donc, à bientôt pour te dire si tout est ok, avec tes conseils.
    0
  8. Ferrayonnes
     
    J'ai bien fait le copier/coller et enregistré ton rapport sur le bureau, mais pour la suite, problème : FRST a disparu du bureau !
    J'ai essayé de le télécharger à nouveau.
    En réponse, j'ai ce message :

    C:\DOCUME~1\Alain_2\LOCALS~1\Temp\eh5Wbmqp.exe.part ne pourra être enregistré car le fichier source ne peut être lu.

    Réessayez plus tard ou contactez l'administrateur du serveur.

    Et impossible de télécharger FRST. Qu'en penses-tu ?
    0
    1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
       
      Vu le nom du fichier ce n'est pas FRST que tu as tenté de téléchareger.
      Tu as dû cliquer sur une pub.
      0
  9. Ferrayonnes
     
    Voilà le log :
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 22-04-2015
    Ran by Alain_2 at 2015-04-23 18:08:36 Run:1
    Running from C:\Documents and Settings\Alain_2\Bureau
    Loaded Profiles: Alain_2 (Available profiles: Alain & Alain_2 & Administrateur)
    Boot Mode: Normal

    ==============================================

    Content of fixlist:

    Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe
    Task: C:\WINDOWS\Tasks\Selection Tools Update.job => C:\Documents and Settings\Alain_2\Application Data\WTools\Selection Tools\Selection Tools Update.exe
    Task: C:\WINDOWS\Tasks\avabvxvadx.job => C:\Documents and Settings\Alain_2\Local Settings\Application Data\avabvxvadx\avabvxvadx.exe C:\Documents and Settings\Alain_2\Local Settings\Application Data\avabvxvadx\avabvxvadx.exe
    HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-1085031214-1383384898-1417001333-1007\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
    ProxyServer: [.DEFAULT] => http=127.0.0.1:1495;https=127.0.0.1:1495;
    2015-04-22 11:19 - 2015-04-22 18:05 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{0a1387db-b0b1-74a7-0a13-387dbb0b1f6e}
    2015-04-22 11:17 - 2015-04-22 18:10 - 00000550 _____ () C:\WINDOWS\Tasks\avabvxvadx.job
    2015-04-22 11:17 - 2015-04-22 18:10 - 00000000 ____D () C:\Documents and Settings\Alain_2\Local Settings\Application Data\avabvxvadx
    2015-04-21 13:25 - 2015-04-21 13:25 - 00000375 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
    2015-04-21 12:18 - 2015-04-21 12:18 - 00000000 __SHD () C:\Documents and Settings\Alain_2\IECompatCache
    2015-04-20 23:38 - 2010-01-14 15:49 - 00373507 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150420-233850.backup
    2015-04-20 22:32 - 2015-04-20 22:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
    2015-04-20 20:25 - 2015-04-20 20:26 - 00097193 ____C () C:\Documents and Settings\Alain\Local Settings\Application Data\FASTWiz.log
    2015-04-19 14:20 - 2015-04-19 14:20 - 00274045 _____ () C:\Documents and Settings\Alain_2\Local Settings\Application Data\dsi1.dat
    2015-04-19 14:20 - 2015-04-19 14:20 - 00161916 _____ () C:\Documents and Settings\Alain_2\Local Settings\Application Data\dsi2.dat
    2015-04-08 10:58 - 2015-04-08 10:58 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Application Data\speed browser
    2015-04-07 08:59 - 2015-04-07 10:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\T122078ED
    2015-04-07 08:57 - 2015-04-07 08:57 - 00274045 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\dsi1.dat
    2015-04-07 08:57 - 2015-04-07 08:57 - 00161916 _____ () C:\Documents and Settings\NetworkService\Local Settings\Application Data\dsi2.dat
    2015-04-04 00:57 - 2015-04-20 18:58 - 00000098 _____ () C:\Documents and Settings\NetworkService\Application Data\WB.CFG
    2015-04-03 19:09 - 2015-04-22 18:18 - 00000000 ____D () C:\Documents and Settings\Alain_2\Local Settings\Application Data\ZombieNews
    2015-04-03 19:05 - 2015-04-22 18:06 - 00000004 _____ () C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7
    2015-04-03 19:05 - 2015-04-22 11:10 - 00000133 _____ () C:\Documents and Settings\Alain_2\Application Data\WB.CFG
    2015-04-03 19:02 - 2015-04-19 19:44 - 00000000 ____D () C:\Documents and Settings\Alain\Local Settings\Application Data\ZombieNews
    2015-04-03 18:57 - 2015-04-22 18:57 - 00000414 _____ () C:\WINDOWS\Tasks\At1.job
    2015-04-03 18:56 - 2015-04-22 18:56 - 00001000 _____ () C:\WINDOWS\Tasks\Taplika cana.job
    2015-04-03 18:56 - 2015-04-03 18:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\{62A68A65-3224-5BE3-83A2-2B615320F8EF}
    2015-04-03 18:54 - 2015-04-21 09:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\ZombieNews
    2015-04-17 22:41 - 2015-03-16 23:57 - 00001672 ____C () C:\Documents and Settings\Alain\Bureau\Wikipedia.lnk
    2015-04-17 22:41 - 2015-03-16 23:57 - 00001672 ____C () C:\Documents and Settings\Alain\Bureau\Hotmail.lnk
    2015-04-17 22:41 - 2015-03-16 23:57 - 00001672 ____C () C:\Documents and Settings\Alain\Bureau\Amazon.lnk
    2015-04-08 10:33 - 2012-02-09 01:56 - 00001324 ____C () C:\Documents and Settings\Alain\Local Settings\Application Data\d3d9caps.tmp
    2015-03-26 21:14 - 2015-03-26 21:14 - 0005542 _____ () C:\Documents and Settings\Alain_2\Application Data\RNONDP
    2015-03-26 21:14 - 2015-03-26 21:14 - 0004185 _____ () C:\Documents and Settings\Alain_2\Application Data\RUAMID

    C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => Moved successfully.
    C:\WINDOWS\Tasks\Selection Tools Update.job => Moved successfully.
    C:\WINDOWS\Tasks\avabvxvadx.job => Moved successfully.
    "HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-19\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-20\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    "HKU\S-1-5-21-1085031214-1383384898-1417001333-1007\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
    C:\Documents and Settings\All Users\Application Data\{0a1387db-b0b1-74a7-0a13-387dbb0b1f6e} => Moved successfully.
    "C:\WINDOWS\Tasks\avabvxvadx.job" => File/Directory not found.
    C:\Documents and Settings\Alain_2\Local Settings\Application Data\avabvxvadx => Moved successfully.
    C:\WINDOWS\system32\Drivers\etc\hosts.ics => Moved successfully.
    C:\Documents and Settings\Alain_2\IECompatCache => Moved successfully.
    C:\WINDOWS\system32\Drivers\etc\hosts.20150420-233850.backup => Moved successfully.
    C:\Documents and Settings\All Users\Application Data\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB => Moved successfully.
    C:\Documents and Settings\Alain\Local Settings\Application Data\FASTWiz.log => Moved successfully.
    C:\Documents and Settings\Alain_2\Local Settings\Application Data\dsi1.dat => Moved successfully.
    C:\Documents and Settings\Alain_2\Local Settings\Application Data\dsi2.dat => Moved successfully.
    C:\Documents and Settings\LocalService\Local Settings\Application Data\speed browser => Moved successfully.
    C:\Documents and Settings\All Users\Application Data\T122078ED => Moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\dsi1.dat => Moved successfully.
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\dsi2.dat => Moved successfully.
    C:\Documents and Settings\NetworkService\Application Data\WB.CFG => Moved successfully.
    C:\Documents and Settings\Alain_2\Local Settings\Application Data\ZombieNews => Moved successfully.
    C:\WINDOWS\system32\029B560A371F4E00AB32838EBC01B9E7 => Moved successfully.
    C:\Documents and Settings\Alain_2\Application Data\WB.CFG => Moved successfully.
    C:\Documents and Settings\Alain\Local Settings\Application Data\ZombieNews => Moved successfully.
    C:\WINDOWS\Tasks\At1.job => Moved successfully.
    C:\WINDOWS\Tasks\Taplika cana.job => Moved successfully.
    C:\Documents and Settings\All Users\Application Data\{62A68A65-3224-5BE3-83A2-2B615320F8EF} => Moved successfully.
    C:\Documents and Settings\All Users\Application Data\ZombieNews => Moved successfully.
    C:\Documents and Settings\Alain\Bureau\Wikipedia.lnk => Moved successfully.
    C:\Documents and Settings\Alain\Bureau\Hotmail.lnk => Moved successfully.
    C:\Documents and Settings\Alain\Bureau\Amazon.lnk => Moved successfully.
    C:\Documents and Settings\Alain\Local Settings\Application Data\d3d9caps.tmp => Moved successfully.
    C:\Documents and Settings\Alain_2\Application Data\RNONDP => Moved successfully.
    C:\Documents and Settings\Alain_2\Application Data\RUAMID => Moved successfully.

    End of Fixlog 18:08:37

    Je m'occupe de la suite
    0
  10. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    oui fais le reste et vois si tu as encore des pubs et autres prob
    Précise sur quel navigateur WEB.
    0
  11. Ferrayonnes
     
    SUPER : Firefox, que j'utilise, ne pose plus de problème. Plus aucune fenêtre intempestive non plus. Mille mercis pour ton aide et bravo pour ce site d'entraide.
    Bonne fin de journée.
    0
  12. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    =)

    Voila, c'est terminé, tu peux supprimer les programmes utilisés.

    Quelques conseils :

    Pour prévenir les sites malicieux, tu peux installer Blockulicious : https://forum.malekal.com/viewtopic.php?t=46656&start=

    Pour ne plus te faire avoir.
    A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/

    Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html

    0
  13. Ferrayones
     
    Merci pour tes conseils. je vais essayer de convaincre mon fils, car c'est son ordi qui était complètement bloqué, mais c'est moi qui ai demandé ton aide et fait les manip.
    Bon week-end à toi.
    0