Encore, encore des malwares... help!
LilyJ
Messages postés
18
Statut
Membre
-
LilyJ Messages postés 18 Statut Membre -
LilyJ Messages postés 18 Statut Membre -
Bonjour!
J'ai encore dû mettre ma méfiance en sommeil, et j'ai attrapé quelques logiciels malveillants sur mon PC (Windows 7). Bref, j'avais réussi à tout enlever sauf un: Cinema Plus, et non seulement il veut rester dans mon PC mais en plus il m'ouvre des pubs partout sur mon navigateur (tellement que je ne vois plus la page, c'est dire). Et des fois, il en profite pour installer d'autres choses en masse.
Mon antivirus le sent bien, mais ni lui ni celui de nettoyage ne parvient à les enlever, évidemment.
Donc, j'ai grand besoin de votre aide, s'il vous plait!
J'ai encore dû mettre ma méfiance en sommeil, et j'ai attrapé quelques logiciels malveillants sur mon PC (Windows 7). Bref, j'avais réussi à tout enlever sauf un: Cinema Plus, et non seulement il veut rester dans mon PC mais en plus il m'ouvre des pubs partout sur mon navigateur (tellement que je ne vois plus la page, c'est dire). Et des fois, il en profite pour installer d'autres choses en masse.
Mon antivirus le sent bien, mais ni lui ni celui de nettoyage ne parvient à les enlever, évidemment.
Donc, j'ai grand besoin de votre aide, s'il vous plait!
A voir également:
- Encore, encore des malwares... help!
- Supprimer les malwares - Guide
- Anti malwares - Télécharger - Antivirus & Antimalwares
- Malware Joker : encore des applications Android infectées - Guide
- Piratage ChatGPT : des hackers détournent l'IA pour créer des malwares - Accueil - Guide virus
- Virus et malwares : comment les détecter facilement - Guide
12 réponses
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
▶ Télécharge ici : FRST (de Farbar)
!!! En fonction de ta version de Windows, prends la "32-Bit Version" ou la "64-Bit Version" !!!
Aide : va dans Démarrer > Panneau de configuration > Système pour savoir si tu es sous 32 bits ou 64 bits.
▶ Double-clique sur l'icône FRST.exe pour lancer le programme. (Sous Windows Vista, 7 et 8, il faut faire un clic droit dessus, puis exécuter en tant qu'administrateur.) Clique ensuite sur Oui lorsqu'un message d'avertissement (Disclaimer) s'affiche.
▶ Sur le menu principal, clique sur le bouton Scan et patiente le temps de l'analyse.
▶ A la fin du scan, deux rapports s'affichent, FRST.txt et Addition.txt Poste les rapports dans ta prochaine réponse.
Les rapport se trouvent ici : C:\FRST\Logs
▶ Envoie-les sur https://www.cjoint.com/ et poste les liens obtenus en échange.
!!! En fonction de ta version de Windows, prends la "32-Bit Version" ou la "64-Bit Version" !!!
Aide : va dans Démarrer > Panneau de configuration > Système pour savoir si tu es sous 32 bits ou 64 bits.
▶ Double-clique sur l'icône FRST.exe pour lancer le programme. (Sous Windows Vista, 7 et 8, il faut faire un clic droit dessus, puis exécuter en tant qu'administrateur.) Clique ensuite sur Oui lorsqu'un message d'avertissement (Disclaimer) s'affiche.
▶ Sur le menu principal, clique sur le bouton Scan et patiente le temps de l'analyse.
▶ A la fin du scan, deux rapports s'affichent, FRST.txt et Addition.txt Poste les rapports dans ta prochaine réponse.
Les rapport se trouvent ici : C:\FRST\Logs
▶ Envoie-les sur https://www.cjoint.com/ et poste les liens obtenus en échange.
▶ /!\ Crée un point de restauration manuel avant d'appliquer le correctif - Tutoriel en images/!\
▶ Ouvre le Bloc-notes (Démarrer => Tous les programmes => Accessoires => Bloc-notes)
▶ Copie/colle la totalité du contenu de la zone Code ci-dessous dans le Bloc-notes
▶ Enregistre le fichier sur ton Bureau (au même endroit que FRST) sous le nom fixlist.txt
▶ Ferme toutes les applications, y compris ton navigateur
▶ Double-clique sur FRST.exe
/!\ Sous Vista, Windows 7 et 8, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
▶ Sur le menu principal, clique une seule fois sur Fix et patiente le temps de la correction
▶ L'outil va créer un rapport de correction Fixlog.txt. Poste ce rapport dans ta réponse.
▶ /!\ Ce script a été établi pour cet utilisateur, il ne doit, en aucun cas, être appliqué sur un autre système, au risque de provoquer de graves dysfonctionnement et endommager Windows /!\
▶ Ouvre le Bloc-notes (Démarrer => Tous les programmes => Accessoires => Bloc-notes)
▶ Copie/colle la totalité du contenu de la zone Code ci-dessous dans le Bloc-notes
start
CinemaPlus-3.2cV21.05 (HKLM-x32\...\CinemaPlus-3.2cV21.05) (Version: 1.36.01.22 - Cinema PlusV21.05) <==== ATTENTION
Task: {01530985-F272-43A1-AFFA-76B3FF8CA872} - \fec3efde-451b-433b-805b-d4e7bfd155d6-6 No Task File <==== ATTENTION
Task: {0521D3DB-C454-43B0-AF2E-7CE0F8BB0FBA} - \ddcbf0d4-cc26-4fd6-bb47-934907b713d9-7 No Task File <==== ATTENTION
Task: {0C29289F-F10B-4A40-BE1A-12F6EEA2D513} - \fec3efde-451b-433b-805b-d4e7bfd155d6-1 No Task File <==== ATTENTION
Task: {54C106FE-556E-4545-80DD-17CC88A2CD7B} - System32\Tasks\{2FD92C50-76D6-4E0A-B72E-F2A56E0AB4AA} => pcalua.exe -a "C:\Program Files (x86)\SmartSaver+ 3\Uninstall.exe" -c /fcp=1
Task: {64B8D17E-5388-4CE3-BF77-4E295EFEC204} - \ddcbf0d4-cc26-4fd6-bb47-934907b713d9-5 No Task File <==== ATTENTION
Task: {65B0034E-9CE5-4336-B271-ACA6D25E4EAC} - System32\Tasks\{B39DCAC1-E32D-42EF-976E-68A038F7501A} => pcalua.exe -a C:\Users\Julie\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cmi
Task: {65FEA972-06C9-40F9-873C-DA6E79540950} - \fec3efde-451b-433b-805b-d4e7bfd155d6-7 No Task File <==== ATTENTION
Task: {68EF3C0E-C451-4D43-9B1C-220D00DCB64D} - System32\Tasks\{AD11D2C9-E625-48F3-91B6-D5F828A643ED} => pcalua.exe -a "C:\Program Files (x86)\Frieven_s_Prox_1.8\Uninstall.exe" -c /fcp=1
Task: {69EDB85B-B2D7-44E1-8C2A-436D0EAB487A} - \ddcbf0d4-cc26-4fd6-bb47-934907b713d9-2 No Task File <==== ATTENTION
Task: {7642320C-0592-44F7-AB71-F0649062E9ED} - System32\Tasks\{B94D0891-0A58-403F-84BF-E53B9EFD00F1} => pcalua.exe -a C:\Users\Julie\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
Task: {780570EB-2BB1-462C-8EF1-8062B1B1AA12} - \e4772293-3b4a-4643-aac8-fff01e7b5a74-7 No Task File <==== ATTENTION
Task: {7C35F3D2-724A-4A6B-A83A-895922713FE4} - \fec3efde-451b-433b-805b-d4e7bfd155d6-5 No Task File <==== ATTENTION
Task: {7CC7AE63-77CD-42C2-AEA1-1CB9553D1679} - \fec3efde-451b-433b-805b-d4e7bfd155d6-3 No Task File <==== ATTENTION
Task: {20C7BBC0-5FC1-4579-BB8D-DE5F7C966E94} - \ddcbf0d4-cc26-4fd6-bb47-934907b713d9-6 No Task File <==== ATTENTION
Task: {EEC74BE5-4FCA-43B1-B305-D0ACF4566BE1} - \e4772293-3b4a-4643-aac8-fff01e7b5a74-5 No Task File <==== ATTENTION
Task: {EFAD0760-D159-449C-B80F-EA1BCEF2864C} - \ddcbf0d4-cc26-4fd6-bb47-934907b713d9-3 No Task File <==== ATTENTION
Task: {F4A328E7-9F97-4006-AA01-69288E11695D} - \fec3efde-451b-433b-805b-d4e7bfd155d6-4 No Task File <==== ATTENTION
Task: {F71E2645-01B4-47B9-ABB2-0246CAAD3EC0} - \ddcbf0d4-cc26-4fd6-bb47-934907b713d9-4 No Task File <==== ATTENTION
() C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F\hnsb16C8.tmp
() C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F\nsqA2B9.tmpfs
HKLM-x32\...\Run: [gmsd_fr_610] => [X]
HKU\S-1-5-21-1092725793-2815744365-3997786595-1002\...\Run: [cacaoweb] => "C:\Users\Julie\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
AppInit_DLLs-x32: c:\progra~3\{d9653~1\1170~1.1\nita.dll => "c:\progra~3\{d9653~1\1170~1.1\nita.dll" File not found
HKU\S-1-5-21-1092725793-2815744365-3997786595-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1092725793-2815744365-3997786595-1002 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = https://search.safefinder.com/?st=ds&q={searchTerms}
2015-05-21 20:01 - 2015-05-25 16:11 - 00000000 ____D C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F
2015-05-21 20:01 - 2015-05-21 20:02 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV21.05
2015-05-21 20:01 - 2015-05-21 20:02 - 00000000 ____D C:\Program Files (x86)\c4eebd83-b215-47df-b9bb-b770f7be130e
2015-05-21 21:13 - 2015-05-21 21:13 - 00628688 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsdCBCD.tmp
2015-05-21 20:34 - 2015-05-21 20:34 - 00613255 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsd7E48.tmp
2015-05-21 20:14 - 2015-05-21 20:14 - 00000000 ____D C:\Program Files (x86)\MaxComputerCleaner_v17.507
2015-06-05 16:47 - 2015-06-05 16:46 - 00613255 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsjD2ED.tmp
2015-06-05 16:46 - 2015-06-05 16:46 - 00000000 ____D C:\Program Files (x86)\6a7bcf4a-036f-4a18-8ee9-5dd8672b1827
2015-05-21 20:05 - 2015-05-25 16:11 - 00000000 ____D C:\Users\Julie\AppData\Local\916B392D-1432238719-3145-244F-49AFF525694F
2015-05-21 20:34 - 2015-05-21 20:34 - 0613255 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsd7E48.tmp
2015-05-21 21:13 - 2015-05-21 21:13 - 0628688 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsdCBCD.tmp
2014-09-02 15:30 - 2014-09-02 15:30 - 0575544 _____ (ClickMeIn Limited) C:\Users\Julie\AppData\Local\nsh73AC.tmp
2015-06-05 16:47 - 2015-06-05 16:46 - 0613255 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsjD2ED.tmp
C:\Users\Julie\AppData\Local\Temp\1097.exe
C:\Users\Julie\AppData\Local\Temp\1664.exe
C:\Users\Julie\AppData\Local\Temp\1779.exe
C:\Users\Julie\AppData\Local\Temp\1811.exe
C:\Users\Julie\AppData\Local\Temp\2486.exe
C:\Users\Julie\AppData\Local\Temp\3505.exe
C:\Users\Julie\AppData\Local\Temp\3810.exe
C:\Users\Julie\AppData\Local\Temp\4105.exe
C:\Users\Julie\AppData\Local\Temp\4698.exe
C:\Users\Julie\AppData\Local\Temp\4917.exe
C:\Users\Julie\AppData\Local\Temp\4969.exe
C:\Users\Julie\AppData\Local\Temp\6019.exe
C:\Users\Julie\AppData\Local\Temp\8392.exe
OPR StartupUrls: "hxxp://www.mystartsearch.com/?type=hp&ts=1431531587&z=75b1d0ce4fb313b8eeedfc5g7z5c1g3w7c7gdqawfb&from=wpc&uid=ST2000DL003-9VT166_5YD6XQPF"
R2 gykoruqo; C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F\hnsb16C8.tmp [368640 2015-05-21] () [File not signed]
R2 cycyvysu; C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F\nsqA2B9.tmpfs [X] 2015-05-21 21:13 - 2015-05-21 21:13 - 00628688 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsdCBCD.tmp
ProxyServer: [.DEFAULT] => http=127.0.0.1:57837;https=127.0.0.1:57837
SearchScopes: HKU\S-1-5-21-1092725793-2815744365-3997786595-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = https://uk.ask.com{searchterms}&l=dis&o=HPDTDF [Pays IE - 185.23.44.87]
FF HKU\S-1-5-21-1092725793-2815744365-3997786595-1002\...\Firefox\Extensions: [{0F827075-B026-42F3-885D-98981EE7B1AE}] - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx
CHR Extension: (iGraal) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm [2015-06-06]
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx
end
▶ Enregistre le fichier sur ton Bureau (au même endroit que FRST) sous le nom fixlist.txt
▶ Ferme toutes les applications, y compris ton navigateur
▶ Double-clique sur FRST.exe
/!\ Sous Vista, Windows 7 et 8, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
▶ Sur le menu principal, clique une seule fois sur Fix et patiente le temps de la correction
▶ L'outil va créer un rapport de correction Fixlog.txt. Poste ce rapport dans ta réponse.
▶ /!\ Ce script a été établi pour cet utilisateur, il ne doit, en aucun cas, être appliqué sur un autre système, au risque de provoquer de graves dysfonctionnement et endommager Windows /!\
Pas enregistré au bon endroit...
Oui, autant pour moi! J'ai suivi mot pour mot et je l'avais laissé uniquement sur le bureau. Je l'ai refait:
Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Julie at 2015-06-09 19:43:23 Run:1
Running from C:\Users\Julie\Downloads
Loaded Profiles: Julie & UpdatusUser (Available Profiles: Julie & UpdatusUser)
Boot Mode: Normal
==============================================
fixlist content:
start
CinemaPlus-3.2cV21.05 (HKLM-x32\...\CinemaPlus-3.2cV21.05) (Version: 1.36.01.22 - Cinema PlusV21.05) <==== ATTENTION
Task: {01530985-F272-43A1-AFFA-76B3FF8CA872} - \fec3efde-451b-433b-805b-d4e7bfd155d6-6 No Task File <==== ATTENTION
Task: {0521D3DB-C454-43B0-AF2E-7CE0F8BB0FBA} - \ddcbf0d4-cc26-4fd6-bb47-934907b713d9-7 No Task File <==== ATTENTION
Task: {0C29289F-F10B-4A40-BE1A-12F6EEA2D513} - \fec3efde-451b-433b-805b-d4e7bfd155d6-1 No Task File <==== ATTENTION
Task: {54C106FE-556E-4545-80DD-17CC88A2CD7B} - System32\Tasks\{2FD92C50-76D6-4E0A-B72E-F2A56E0AB4AA} => pcalua.exe -a "C:\Program Files (x86)\SmartSaver+ 3\Uninstall.exe" -c /fcp=1
Task: {64B8D17E-5388-4CE3-BF77-4E295EFEC204} - \ddcbf0d4-cc26-4fd6-bb47-934907b713d9-5 No Task File <==== ATTENTION
Task: {65B0034E-9CE5-4336-B271-ACA6D25E4EAC} - System32\Tasks\{B39DCAC1-E32D-42EF-976E-68A038F7501A} => pcalua.exe -a C:\Users\Julie\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cmi
Task: {65FEA972-06C9-40F9-873C-DA6E79540950} - \fec3efde-451b-433b-805b-d4e7bfd155d6-7 No Task File <==== ATTENTION
Task: {68EF3C0E-C451-4D43-9B1C-220D00DCB64D} - System32\Tasks\{AD11D2C9-E625-48F3-91B6-D5F828A643ED} => pcalua.exe -a "C:\Program Files (x86)\Frieven_s_Prox_1.8\Uninstall.exe" -c /fcp=1
Task: {69EDB85B-B2D7-44E1-8C2A-436D0EAB487A} - \ddcbf0d4-cc26-4fd6-bb47-934907b713d9-2 No Task File <==== ATTENTION
Task: {7642320C-0592-44F7-AB71-F0649062E9ED} - System32\Tasks\{B94D0891-0A58-403F-84BF-E53B9EFD00F1} => pcalua.exe -a C:\Users\Julie\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
Task: {780570EB-2BB1-462C-8EF1-8062B1B1AA12} - \e4772293-3b4a-4643-aac8-fff01e7b5a74-7 No Task File <==== ATTENTION
Task: {7C35F3D2-724A-4A6B-A83A-895922713FE4} - \fec3efde-451b-433b-805b-d4e7bfd155d6-5 No Task File <==== ATTENTION
Task: {7CC7AE63-77CD-42C2-AEA1-1CB9553D1679} - \fec3efde-451b-433b-805b-d4e7bfd155d6-3 No Task File <==== ATTENTION
Task: {20C7BBC0-5FC1-4579-BB8D-DE5F7C966E94} - \ddcbf0d4-cc26-4fd6-bb47-934907b713d9-6 No Task File <==== ATTENTION
Task: {EEC74BE5-4FCA-43B1-B305-D0ACF4566BE1} - \e4772293-3b4a-4643-aac8-fff01e7b5a74-5 No Task File <==== ATTENTION
Task: {EFAD0760-D159-449C-B80F-EA1BCEF2864C} - \ddcbf0d4-cc26-4fd6-bb47-934907b713d9-3 No Task File <==== ATTENTION
Task: {F4A328E7-9F97-4006-AA01-69288E11695D} - \fec3efde-451b-433b-805b-d4e7bfd155d6-4 No Task File <==== ATTENTION
Task: {F71E2645-01B4-47B9-ABB2-0246CAAD3EC0} - \ddcbf0d4-cc26-4fd6-bb47-934907b713d9-4 No Task File <==== ATTENTION
() C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F\hnsb16C8.tmp
() C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F\nsqA2B9.tmpfs
HKLM-x32\...\Run: [gmsd_fr_610] => [X]
HKU\S-1-5-21-1092725793-2815744365-3997786595-1002\...\Run: [cacaoweb] => "C:\Users\Julie\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
AppInit_DLLs-x32: c:\progra~3\{d9653~1\1170~1.1\nita.dll => "c:\progra~3\{d9653~1\1170~1.1\nita.dll" File not found
HKU\S-1-5-21-1092725793-2815744365-3997786595-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1092725793-2815744365-3997786595-1002 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = https://www.google.com/#u_ip=91.209.35.218{searchTerms}
2015-05-21 20:01 - 2015-05-25 16:11 - 00000000 ____D C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F
2015-05-21 20:01 - 2015-05-21 20:02 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV21.05
2015-05-21 20:01 - 2015-05-21 20:02 - 00000000 ____D C:\Program Files (x86)\c4eebd83-b215-47df-b9bb-b770f7be130e
2015-05-21 21:13 - 2015-05-21 21:13 - 00628688 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsdCBCD.tmp
2015-05-21 20:34 - 2015-05-21 20:34 - 00613255 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsd7E48.tmp
2015-05-21 20:14 - 2015-05-21 20:14 - 00000000 ____D C:\Program Files (x86)\MaxComputerCleaner_v17.507
2015-06-05 16:47 - 2015-06-05 16:46 - 00613255 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsjD2ED.tmp
2015-06-05 16:46 - 2015-06-05 16:46 - 00000000 ____D C:\Program Files (x86)\6a7bcf4a-036f-4a18-8ee9-5dd8672b1827
2015-05-21 20:05 - 2015-05-25 16:11 - 00000000 ____D C:\Users\Julie\AppData\Local\916B392D-1432238719-3145-244F-49AFF525694F
2015-05-21 20:34 - 2015-05-21 20:34 - 0613255 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsd7E48.tmp
2015-05-21 21:13 - 2015-05-21 21:13 - 0628688 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsdCBCD.tmp
2014-09-02 15:30 - 2014-09-02 15:30 - 0575544 _____ (ClickMeIn Limited) C:\Users\Julie\AppData\Local\nsh73AC.tmp
2015-06-05 16:47 - 2015-06-05 16:46 - 0613255 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsjD2ED.tmp
C:\Users\Julie\AppData\Local\Temp\1097.exe
C:\Users\Julie\AppData\Local\Temp\1664.exe
C:\Users\Julie\AppData\Local\Temp\1779.exe
C:\Users\Julie\AppData\Local\Temp\1811.exe
C:\Users\Julie\AppData\Local\Temp\2486.exe
C:\Users\Julie\AppData\Local\Temp\3505.exe
C:\Users\Julie\AppData\Local\Temp\3810.exe
C:\Users\Julie\AppData\Local\Temp\4105.exe
C:\Users\Julie\AppData\Local\Temp\4698.exe
C:\Users\Julie\AppData\Local\Temp\4917.exe
C:\Users\Julie\AppData\Local\Temp\4969.exe
C:\Users\Julie\AppData\Local\Temp\6019.exe
C:\Users\Julie\AppData\Local\Temp\8392.exe
OPR StartupUrls: "hxxp://www.mystartsearch.com/?type=hp&ts=1431531587&z=75b1d0ce4fb313b8eeedfc5g7z5c1g3w7c7gdqawfb&from=wpc&uid=ST2000DL003-9VT166_5YD6XQPF"
R2 gykoruqo; C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F\hnsb16C8.tmp [368640 2015-05-21] () [File not signed]
R2 cycyvysu; C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F\nsqA2B9.tmpfs [X] 2015-05-21 21:13 - 2015-05-21 21:13 - 00628688 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsdCBCD.tmp
ProxyServer: [.DEFAULT] => http=127.0.0.1:57837;https=127.0.0.1:57837
SearchScopes: HKU\S-1-5-21-1092725793-2815744365-3997786595-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = https://uk.ask.com{searchterms}&l=dis&o=HPDTDF [Pays IE - 185.23.44.87]
FF HKU\S-1-5-21-1092725793-2815744365-3997786595-1002\...\Firefox\Extensions: [{0F827075-B026-42F3-885D-98981EE7B1AE}] - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx
CHR Extension: (iGraal) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm [2015-06-06]
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx
end
CinemaPlus-3.2cV21.05 (HKLM-x32\...\CinemaPlus-3.2cV21.05) (Version: 1.36.01.22 - Cinema PlusV21.05) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{01530985-F272-43A1-AFFA-76B3FF8CA872}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01530985-F272-43A1-AFFA-76B3FF8CA872}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fec3efde-451b-433b-805b-d4e7bfd155d6-6" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0521D3DB-C454-43B0-AF2E-7CE0F8BB0FBA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0521D3DB-C454-43B0-AF2E-7CE0F8BB0FBA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ddcbf0d4-cc26-4fd6-bb47-934907b713d9-7" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C29289F-F10B-4A40-BE1A-12F6EEA2D513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C29289F-F10B-4A40-BE1A-12F6EEA2D513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fec3efde-451b-433b-805b-d4e7bfd155d6-1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54C106FE-556E-4545-80DD-17CC88A2CD7B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54C106FE-556E-4545-80DD-17CC88A2CD7B}" => key removed successfully
C:\Windows\System32\Tasks\{2FD92C50-76D6-4E0A-B72E-F2A56E0AB4AA} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2FD92C50-76D6-4E0A-B72E-F2A56E0AB4AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{64B8D17E-5388-4CE3-BF77-4E295EFEC204}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64B8D17E-5388-4CE3-BF77-4E295EFEC204}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ddcbf0d4-cc26-4fd6-bb47-934907b713d9-5" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65B0034E-9CE5-4336-B271-ACA6D25E4EAC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65B0034E-9CE5-4336-B271-ACA6D25E4EAC}" => key removed successfully
C:\Windows\System32\Tasks\{B39DCAC1-E32D-42EF-976E-68A038F7501A} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B39DCAC1-E32D-42EF-976E-68A038F7501A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{65FEA972-06C9-40F9-873C-DA6E79540950}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65FEA972-06C9-40F9-873C-DA6E79540950}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fec3efde-451b-433b-805b-d4e7bfd155d6-7" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68EF3C0E-C451-4D43-9B1C-220D00DCB64D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68EF3C0E-C451-4D43-9B1C-220D00DCB64D}" => key removed successfully
C:\Windows\System32\Tasks\{AD11D2C9-E625-48F3-91B6-D5F828A643ED} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AD11D2C9-E625-48F3-91B6-D5F828A643ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69EDB85B-B2D7-44E1-8C2A-436D0EAB487A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69EDB85B-B2D7-44E1-8C2A-436D0EAB487A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ddcbf0d4-cc26-4fd6-bb47-934907b713d9-2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7642320C-0592-44F7-AB71-F0649062E9ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7642320C-0592-44F7-AB71-F0649062E9ED}" => key removed successfully
C:\Windows\System32\Tasks\{B94D0891-0A58-403F-84BF-E53B9EFD00F1} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B94D0891-0A58-403F-84BF-E53B9EFD00F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{780570EB-2BB1-462C-8EF1-8062B1B1AA12}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{780570EB-2BB1-462C-8EF1-8062B1B1AA12}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e4772293-3b4a-4643-aac8-fff01e7b5a74-7" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C35F3D2-724A-4A6B-A83A-895922713FE4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C35F3D2-724A-4A6B-A83A-895922713FE4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fec3efde-451b-433b-805b-d4e7bfd155d6-5" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7CC7AE63-77CD-42C2-AEA1-1CB9553D1679}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CC7AE63-77CD-42C2-AEA1-1CB9553D1679}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fec3efde-451b-433b-805b-d4e7bfd155d6-3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20C7BBC0-5FC1-4579-BB8D-DE5F7C966E94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20C7BBC0-5FC1-4579-BB8D-DE5F7C966E94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ddcbf0d4-cc26-4fd6-bb47-934907b713d9-6" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EEC74BE5-4FCA-43B1-B305-D0ACF4566BE1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEC74BE5-4FCA-43B1-B305-D0ACF4566BE1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e4772293-3b4a-4643-aac8-fff01e7b5a74-5" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EFAD0760-D159-449C-B80F-EA1BCEF2864C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFAD0760-D159-449C-B80F-EA1BCEF2864C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ddcbf0d4-cc26-4fd6-bb47-934907b713d9-3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F4A328E7-9F97-4006-AA01-69288E11695D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4A328E7-9F97-4006-AA01-69288E11695D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fec3efde-451b-433b-805b-d4e7bfd155d6-4" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F71E2645-01B4-47B9-ABB2-0246CAAD3EC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F71E2645-01B4-47B9-ABB2-0246CAAD3EC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ddcbf0d4-cc26-4fd6-bb47-934907b713d9-4" => key removed successfully
[2408] C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F\hnsb16C8.tmp => process closed successfully.
[2096] C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F\nsqA2B9.tmpfs => process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_610 => value removed successfully
HKU\S-1-5-21-1092725793-2815744365-3997786595-1002\Software\Microsoft\Windows\CurrentVersion\Run\\cacaoweb => value removed successfully
"c:\progra~3\{d9653~1\1170~1.1\nita.dll" => value data removed successfully.
"HKU\S-1-5-21-1092725793-2815744365-3997786595-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1092725793-2815744365-3997786595-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => key removed successfully
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key not found.
C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F => moved successfully.
C:\Program Files (x86)\CinemaPlus-3.2cV21.05 => moved successfully.
C:\Program Files (x86)\c4eebd83-b215-47df-b9bb-b770f7be130e => moved successfully.
C:\Users\Julie\AppData\Local\nsdCBCD.tmp => moved successfully.
C:\Users\Julie\AppData\Local\nsd7E48.tmp => moved successfully.
C:\Program Files (x86)\MaxComputerCleaner_v17.507 => moved successfully.
C:\Users\Julie\AppData\Local\nsjD2ED.tmp => moved successfully.
C:\Program Files (x86)\6a7bcf4a-036f-4a18-8ee9-5dd8672b1827 => moved successfully.
"C:\Users\Julie\AppData\Local\916B392D-1432238719-3145-244F-49AFF525694F" => File/Folder not found.
"C:\Users\Julie\AppData\Local\nsd7E48.tmp" => File/Folder not found.
"C:\Users\Julie\AppData\Local\nsdCBCD.tmp" => File/Folder not found.
C:\Users\Julie\AppData\Local\nsh73AC.tmp => moved successfully.
"C:\Users\Julie\AppData\Local\nsjD2ED.tmp" => File/Folder not found.
C:\Users\Julie\AppData\Local\Temp\1097.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\1664.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\1779.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\1811.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\2486.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\3505.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\3810.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\4105.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\4698.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\4917.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\4969.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\6019.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\8392.exe => moved successfully.
Opera StartupUrls removed successfully
gykoruqo => Service removed successfully
cycyvysu => Service removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
"HKU\S-1-5-21-1092725793-2815744365-3997786595-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
HKU\S-1-5-21-1092725793-2815744365-3997786595-1002\Software\Mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE} => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim" => key removed successfully
C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm => moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim" => key removed successfully
Fix result of Farbar Recovery Scan Tool (x64) Version:08-06-2015
Ran by Julie at 2015-06-09 19:43:23 Run:1
Running from C:\Users\Julie\Downloads
Loaded Profiles: Julie & UpdatusUser (Available Profiles: Julie & UpdatusUser)
Boot Mode: Normal
==============================================
fixlist content:
start
CinemaPlus-3.2cV21.05 (HKLM-x32\...\CinemaPlus-3.2cV21.05) (Version: 1.36.01.22 - Cinema PlusV21.05) <==== ATTENTION
Task: {01530985-F272-43A1-AFFA-76B3FF8CA872} - \fec3efde-451b-433b-805b-d4e7bfd155d6-6 No Task File <==== ATTENTION
Task: {0521D3DB-C454-43B0-AF2E-7CE0F8BB0FBA} - \ddcbf0d4-cc26-4fd6-bb47-934907b713d9-7 No Task File <==== ATTENTION
Task: {0C29289F-F10B-4A40-BE1A-12F6EEA2D513} - \fec3efde-451b-433b-805b-d4e7bfd155d6-1 No Task File <==== ATTENTION
Task: {54C106FE-556E-4545-80DD-17CC88A2CD7B} - System32\Tasks\{2FD92C50-76D6-4E0A-B72E-F2A56E0AB4AA} => pcalua.exe -a "C:\Program Files (x86)\SmartSaver+ 3\Uninstall.exe" -c /fcp=1
Task: {64B8D17E-5388-4CE3-BF77-4E295EFEC204} - \ddcbf0d4-cc26-4fd6-bb47-934907b713d9-5 No Task File <==== ATTENTION
Task: {65B0034E-9CE5-4336-B271-ACA6D25E4EAC} - System32\Tasks\{B39DCAC1-E32D-42EF-976E-68A038F7501A} => pcalua.exe -a C:\Users\Julie\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cmi
Task: {65FEA972-06C9-40F9-873C-DA6E79540950} - \fec3efde-451b-433b-805b-d4e7bfd155d6-7 No Task File <==== ATTENTION
Task: {68EF3C0E-C451-4D43-9B1C-220D00DCB64D} - System32\Tasks\{AD11D2C9-E625-48F3-91B6-D5F828A643ED} => pcalua.exe -a "C:\Program Files (x86)\Frieven_s_Prox_1.8\Uninstall.exe" -c /fcp=1
Task: {69EDB85B-B2D7-44E1-8C2A-436D0EAB487A} - \ddcbf0d4-cc26-4fd6-bb47-934907b713d9-2 No Task File <==== ATTENTION
Task: {7642320C-0592-44F7-AB71-F0649062E9ED} - System32\Tasks\{B94D0891-0A58-403F-84BF-E53B9EFD00F1} => pcalua.exe -a C:\Users\Julie\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
Task: {780570EB-2BB1-462C-8EF1-8062B1B1AA12} - \e4772293-3b4a-4643-aac8-fff01e7b5a74-7 No Task File <==== ATTENTION
Task: {7C35F3D2-724A-4A6B-A83A-895922713FE4} - \fec3efde-451b-433b-805b-d4e7bfd155d6-5 No Task File <==== ATTENTION
Task: {7CC7AE63-77CD-42C2-AEA1-1CB9553D1679} - \fec3efde-451b-433b-805b-d4e7bfd155d6-3 No Task File <==== ATTENTION
Task: {20C7BBC0-5FC1-4579-BB8D-DE5F7C966E94} - \ddcbf0d4-cc26-4fd6-bb47-934907b713d9-6 No Task File <==== ATTENTION
Task: {EEC74BE5-4FCA-43B1-B305-D0ACF4566BE1} - \e4772293-3b4a-4643-aac8-fff01e7b5a74-5 No Task File <==== ATTENTION
Task: {EFAD0760-D159-449C-B80F-EA1BCEF2864C} - \ddcbf0d4-cc26-4fd6-bb47-934907b713d9-3 No Task File <==== ATTENTION
Task: {F4A328E7-9F97-4006-AA01-69288E11695D} - \fec3efde-451b-433b-805b-d4e7bfd155d6-4 No Task File <==== ATTENTION
Task: {F71E2645-01B4-47B9-ABB2-0246CAAD3EC0} - \ddcbf0d4-cc26-4fd6-bb47-934907b713d9-4 No Task File <==== ATTENTION
() C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F\hnsb16C8.tmp
() C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F\nsqA2B9.tmpfs
HKLM-x32\...\Run: [gmsd_fr_610] => [X]
HKU\S-1-5-21-1092725793-2815744365-3997786595-1002\...\Run: [cacaoweb] => "C:\Users\Julie\AppData\Roaming\cacaoweb\cacaoweb.exe" -noplayer
AppInit_DLLs-x32: c:\progra~3\{d9653~1\1170~1.1\nita.dll => "c:\progra~3\{d9653~1\1170~1.1\nita.dll" File not found
HKU\S-1-5-21-1092725793-2815744365-3997786595-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-1092725793-2815744365-3997786595-1002 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = https://www.google.com/#u_ip=91.209.35.218{searchTerms}
2015-05-21 20:01 - 2015-05-25 16:11 - 00000000 ____D C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F
2015-05-21 20:01 - 2015-05-21 20:02 - 00000000 ____D C:\Program Files (x86)\CinemaPlus-3.2cV21.05
2015-05-21 20:01 - 2015-05-21 20:02 - 00000000 ____D C:\Program Files (x86)\c4eebd83-b215-47df-b9bb-b770f7be130e
2015-05-21 21:13 - 2015-05-21 21:13 - 00628688 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsdCBCD.tmp
2015-05-21 20:34 - 2015-05-21 20:34 - 00613255 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsd7E48.tmp
2015-05-21 20:14 - 2015-05-21 20:14 - 00000000 ____D C:\Program Files (x86)\MaxComputerCleaner_v17.507
2015-06-05 16:47 - 2015-06-05 16:46 - 00613255 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsjD2ED.tmp
2015-06-05 16:46 - 2015-06-05 16:46 - 00000000 ____D C:\Program Files (x86)\6a7bcf4a-036f-4a18-8ee9-5dd8672b1827
2015-05-21 20:05 - 2015-05-25 16:11 - 00000000 ____D C:\Users\Julie\AppData\Local\916B392D-1432238719-3145-244F-49AFF525694F
2015-05-21 20:34 - 2015-05-21 20:34 - 0613255 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsd7E48.tmp
2015-05-21 21:13 - 2015-05-21 21:13 - 0628688 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsdCBCD.tmp
2014-09-02 15:30 - 2014-09-02 15:30 - 0575544 _____ (ClickMeIn Limited) C:\Users\Julie\AppData\Local\nsh73AC.tmp
2015-06-05 16:47 - 2015-06-05 16:46 - 0613255 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsjD2ED.tmp
C:\Users\Julie\AppData\Local\Temp\1097.exe
C:\Users\Julie\AppData\Local\Temp\1664.exe
C:\Users\Julie\AppData\Local\Temp\1779.exe
C:\Users\Julie\AppData\Local\Temp\1811.exe
C:\Users\Julie\AppData\Local\Temp\2486.exe
C:\Users\Julie\AppData\Local\Temp\3505.exe
C:\Users\Julie\AppData\Local\Temp\3810.exe
C:\Users\Julie\AppData\Local\Temp\4105.exe
C:\Users\Julie\AppData\Local\Temp\4698.exe
C:\Users\Julie\AppData\Local\Temp\4917.exe
C:\Users\Julie\AppData\Local\Temp\4969.exe
C:\Users\Julie\AppData\Local\Temp\6019.exe
C:\Users\Julie\AppData\Local\Temp\8392.exe
OPR StartupUrls: "hxxp://www.mystartsearch.com/?type=hp&ts=1431531587&z=75b1d0ce4fb313b8eeedfc5g7z5c1g3w7c7gdqawfb&from=wpc&uid=ST2000DL003-9VT166_5YD6XQPF"
R2 gykoruqo; C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F\hnsb16C8.tmp [368640 2015-05-21] () [File not signed]
R2 cycyvysu; C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F\nsqA2B9.tmpfs [X] 2015-05-21 21:13 - 2015-05-21 21:13 - 00628688 _____ (CMI Limited) C:\Users\Julie\AppData\Local\nsdCBCD.tmp
ProxyServer: [.DEFAULT] => http=127.0.0.1:57837;https=127.0.0.1:57837
SearchScopes: HKU\S-1-5-21-1092725793-2815744365-3997786595-1002 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = https://uk.ask.com{searchterms}&l=dis&o=HPDTDF [Pays IE - 185.23.44.87]
FF HKU\S-1-5-21-1092725793-2815744365-3997786595-1002\...\Firefox\Extensions: [{0F827075-B026-42F3-885D-98981EE7B1AE}] - C:\ProgramData\BrowserProtect\2.6.1125.80\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension
CHR HKLM-x32\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx
CHR Extension: (iGraal) - C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm [2015-06-06]
CHR HKLM\...\Chrome\Extension: [ihokndmjeombjojnfkmapfnjeghjohim] - https://clients2.google.com/service/update2/crx
end
CinemaPlus-3.2cV21.05 (HKLM-x32\...\CinemaPlus-3.2cV21.05) (Version: 1.36.01.22 - Cinema PlusV21.05) <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{01530985-F272-43A1-AFFA-76B3FF8CA872}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01530985-F272-43A1-AFFA-76B3FF8CA872}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fec3efde-451b-433b-805b-d4e7bfd155d6-6" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0521D3DB-C454-43B0-AF2E-7CE0F8BB0FBA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0521D3DB-C454-43B0-AF2E-7CE0F8BB0FBA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ddcbf0d4-cc26-4fd6-bb47-934907b713d9-7" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0C29289F-F10B-4A40-BE1A-12F6EEA2D513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C29289F-F10B-4A40-BE1A-12F6EEA2D513}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fec3efde-451b-433b-805b-d4e7bfd155d6-1" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54C106FE-556E-4545-80DD-17CC88A2CD7B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54C106FE-556E-4545-80DD-17CC88A2CD7B}" => key removed successfully
C:\Windows\System32\Tasks\{2FD92C50-76D6-4E0A-B72E-F2A56E0AB4AA} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2FD92C50-76D6-4E0A-B72E-F2A56E0AB4AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{64B8D17E-5388-4CE3-BF77-4E295EFEC204}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64B8D17E-5388-4CE3-BF77-4E295EFEC204}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ddcbf0d4-cc26-4fd6-bb47-934907b713d9-5" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65B0034E-9CE5-4336-B271-ACA6D25E4EAC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65B0034E-9CE5-4336-B271-ACA6D25E4EAC}" => key removed successfully
C:\Windows\System32\Tasks\{B39DCAC1-E32D-42EF-976E-68A038F7501A} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B39DCAC1-E32D-42EF-976E-68A038F7501A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{65FEA972-06C9-40F9-873C-DA6E79540950}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65FEA972-06C9-40F9-873C-DA6E79540950}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fec3efde-451b-433b-805b-d4e7bfd155d6-7" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68EF3C0E-C451-4D43-9B1C-220D00DCB64D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68EF3C0E-C451-4D43-9B1C-220D00DCB64D}" => key removed successfully
C:\Windows\System32\Tasks\{AD11D2C9-E625-48F3-91B6-D5F828A643ED} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{AD11D2C9-E625-48F3-91B6-D5F828A643ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69EDB85B-B2D7-44E1-8C2A-436D0EAB487A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69EDB85B-B2D7-44E1-8C2A-436D0EAB487A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ddcbf0d4-cc26-4fd6-bb47-934907b713d9-2" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7642320C-0592-44F7-AB71-F0649062E9ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7642320C-0592-44F7-AB71-F0649062E9ED}" => key removed successfully
C:\Windows\System32\Tasks\{B94D0891-0A58-403F-84BF-E53B9EFD00F1} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B94D0891-0A58-403F-84BF-E53B9EFD00F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{780570EB-2BB1-462C-8EF1-8062B1B1AA12}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{780570EB-2BB1-462C-8EF1-8062B1B1AA12}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e4772293-3b4a-4643-aac8-fff01e7b5a74-7" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7C35F3D2-724A-4A6B-A83A-895922713FE4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C35F3D2-724A-4A6B-A83A-895922713FE4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fec3efde-451b-433b-805b-d4e7bfd155d6-5" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7CC7AE63-77CD-42C2-AEA1-1CB9553D1679}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CC7AE63-77CD-42C2-AEA1-1CB9553D1679}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fec3efde-451b-433b-805b-d4e7bfd155d6-3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{20C7BBC0-5FC1-4579-BB8D-DE5F7C966E94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20C7BBC0-5FC1-4579-BB8D-DE5F7C966E94}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ddcbf0d4-cc26-4fd6-bb47-934907b713d9-6" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EEC74BE5-4FCA-43B1-B305-D0ACF4566BE1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EEC74BE5-4FCA-43B1-B305-D0ACF4566BE1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e4772293-3b4a-4643-aac8-fff01e7b5a74-5" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EFAD0760-D159-449C-B80F-EA1BCEF2864C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFAD0760-D159-449C-B80F-EA1BCEF2864C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ddcbf0d4-cc26-4fd6-bb47-934907b713d9-3" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F4A328E7-9F97-4006-AA01-69288E11695D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4A328E7-9F97-4006-AA01-69288E11695D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fec3efde-451b-433b-805b-d4e7bfd155d6-4" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F71E2645-01B4-47B9-ABB2-0246CAAD3EC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F71E2645-01B4-47B9-ABB2-0246CAAD3EC0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ddcbf0d4-cc26-4fd6-bb47-934907b713d9-4" => key removed successfully
[2408] C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F\hnsb16C8.tmp => process closed successfully.
[2096] C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F\nsqA2B9.tmpfs => process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_610 => value removed successfully
HKU\S-1-5-21-1092725793-2815744365-3997786595-1002\Software\Microsoft\Windows\CurrentVersion\Run\\cacaoweb => value removed successfully
"c:\progra~3\{d9653~1\1170~1.1\nita.dll" => value data removed successfully.
"HKU\S-1-5-21-1092725793-2815744365-3997786595-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1092725793-2815744365-3997786595-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => key removed successfully
HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5} => key not found.
C:\Users\Julie\AppData\Roaming\916B392D-1432231279-3145-244F-49AFF525694F => moved successfully.
C:\Program Files (x86)\CinemaPlus-3.2cV21.05 => moved successfully.
C:\Program Files (x86)\c4eebd83-b215-47df-b9bb-b770f7be130e => moved successfully.
C:\Users\Julie\AppData\Local\nsdCBCD.tmp => moved successfully.
C:\Users\Julie\AppData\Local\nsd7E48.tmp => moved successfully.
C:\Program Files (x86)\MaxComputerCleaner_v17.507 => moved successfully.
C:\Users\Julie\AppData\Local\nsjD2ED.tmp => moved successfully.
C:\Program Files (x86)\6a7bcf4a-036f-4a18-8ee9-5dd8672b1827 => moved successfully.
"C:\Users\Julie\AppData\Local\916B392D-1432238719-3145-244F-49AFF525694F" => File/Folder not found.
"C:\Users\Julie\AppData\Local\nsd7E48.tmp" => File/Folder not found.
"C:\Users\Julie\AppData\Local\nsdCBCD.tmp" => File/Folder not found.
C:\Users\Julie\AppData\Local\nsh73AC.tmp => moved successfully.
"C:\Users\Julie\AppData\Local\nsjD2ED.tmp" => File/Folder not found.
C:\Users\Julie\AppData\Local\Temp\1097.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\1664.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\1779.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\1811.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\2486.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\3505.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\3810.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\4105.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\4698.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\4917.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\4969.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\6019.exe => moved successfully.
C:\Users\Julie\AppData\Local\Temp\8392.exe => moved successfully.
Opera StartupUrls removed successfully
gykoruqo => Service removed successfully
cycyvysu => Service removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
"HKU\S-1-5-21-1092725793-2815744365-3997786595-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
HKU\S-1-5-21-1092725793-2815744365-3997786595-1002\Software\Mozilla\Firefox\Extensions\\{0F827075-B026-42F3-885D-98981EE7B1AE} => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim" => key removed successfully
C:\Users\Julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmhkepipobnjllejbafajoemahjejdcm => moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ihokndmjeombjojnfkmapfnjeghjohim" => key removed successfully
End of Fixlog 19:43:28
1)Désinstallation des outils de désinfection
Télécharges Delfix ici https://www.commentcamarche.net/telecharger/securite/7111-delfix/
Exécutes le en tant qu'administrateur(si tu es sous xp double clic sur le fichier téléchargé) puis une fois sur l'interface coches les cases suivantes
-supprimer les outils de désinfections
-purger la restauration du système
Cliques ensuite sur Exécuter puis patientes pendant le processus de suppression.
Le rapport sera enregistré dans le presse-papier et sur le disque dur (C:\DelFix.txt).
Poste le rapport
2)N'oublies pas de mettre à jour java adobe reader et flashplayer pour IE (chrome l'intègre déjà)
Un lien utile à lire https://www.commentcamarche.net/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite
N'oublies pas aussi de maintenir Windows à jour via Windows update
https://www.java.com/fr/download/manual.jsp
3)Pour permettre de mettre à jour tes logiciels je te conseille d'utiliser Filehippo update checker
Tu peux le télécharger ici https://www.commentcamarche.net/telecharger/utilitaires/9771-filehippo-app-manager/
Pour l'installation de filehippo décoches seulement mettre l'icône dans la barre de lancement rapide
4)Pour nettoyer les fichiers temporaires (attention pas de nettoyage registre ) tu peux utiliser Ccleaner avec tuto pour bien le configurer (https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
Lien du téléchargement https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
Tu peux aussi utiliser le nettoyeur de disque windows
N'oublies pas de défragmenter de temps en temps ton disque dur soit par le biais de l'utilitaire soit par le biais d'un logiciel tiers comme par exemple Deffagler ou auslogic Disk Defrag
Oublies les genres de nettoyeurs comme Tuneup ,Glary et autre nettoyeurs miracles ils ne te feront que ralentir ta machine et nettoyer plus blanc que blanc peut provoquer de graves dysfonctionnements
5)Sécurise tes navigateurs par exemple avec WOT et simple adblock pour Internet explorer
Pour télécharger WOT pour ie c'est par ici https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
https://adblockplus.org/
Pour chrome(si tu possèdes Chrome)
Wot disponible ici https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp?hl=fr
Adblock disponible ici https://www.commentcamarche.net/telecharger/web-internet/2555-adblock-plus-pour-chrome/
Lien du téléchargement pour wot sur firefox
https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/
Lien pour télécharger adblock +
https://addons.mozilla.org/fr/firefox/addon/adblock-plus/?src=ss
6)Fais attention à ce que tu télécharges où et comment
Evites si possible de télécharger sur O1net,tom's guide,télécharger.com et Softonic et compagnie car ils repackent les logiciels avec des programmes potientellement indésirables
A lire
http://www.stoppublicites.fr/
https://www.malekal.com/adwares-pup-protection/
7)Pourquoi faut-il éviter de télécharger sur du p2p
Les risques sont gros la machine risque de devenir un pc zombie
Un peu de lecture concernant les dangers et le risque
https://forum.malekal.com/viewtopic.php?t=3208&start=
https://forum.malekal.com/viewtopic.php?t=893&start=
Télécharges Delfix ici https://www.commentcamarche.net/telecharger/securite/7111-delfix/
Exécutes le en tant qu'administrateur(si tu es sous xp double clic sur le fichier téléchargé) puis une fois sur l'interface coches les cases suivantes
-supprimer les outils de désinfections
-purger la restauration du système
Cliques ensuite sur Exécuter puis patientes pendant le processus de suppression.
Le rapport sera enregistré dans le presse-papier et sur le disque dur (C:\DelFix.txt).
Poste le rapport
2)N'oublies pas de mettre à jour java adobe reader et flashplayer pour IE (chrome l'intègre déjà)
Un lien utile à lire https://www.commentcamarche.net/faq/13362-mettre-a-jour-son-pc-contre-les-failles-de-securite
N'oublies pas aussi de maintenir Windows à jour via Windows update
https://www.java.com/fr/download/manual.jsp
3)Pour permettre de mettre à jour tes logiciels je te conseille d'utiliser Filehippo update checker
Tu peux le télécharger ici https://www.commentcamarche.net/telecharger/utilitaires/9771-filehippo-app-manager/
Pour l'installation de filehippo décoches seulement mettre l'icône dans la barre de lancement rapide
4)Pour nettoyer les fichiers temporaires (attention pas de nettoyage registre ) tu peux utiliser Ccleaner avec tuto pour bien le configurer (https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
Lien du téléchargement https://www.commentcamarche.net/telecharger/utilitaires/5647-ccleaner/
Tu peux aussi utiliser le nettoyeur de disque windows
N'oublies pas de défragmenter de temps en temps ton disque dur soit par le biais de l'utilitaire soit par le biais d'un logiciel tiers comme par exemple Deffagler ou auslogic Disk Defrag
Oublies les genres de nettoyeurs comme Tuneup ,Glary et autre nettoyeurs miracles ils ne te feront que ralentir ta machine et nettoyer plus blanc que blanc peut provoquer de graves dysfonctionnements
5)Sécurise tes navigateurs par exemple avec WOT et simple adblock pour Internet explorer
Pour télécharger WOT pour ie c'est par ici https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp
https://adblockplus.org/
Pour chrome(si tu possèdes Chrome)
Wot disponible ici https://chrome.google.com/webstore/detail/wot-web-of-trust-website/bhmmomiinigofkjcapegjjndpbikblnp?hl=fr
Adblock disponible ici https://www.commentcamarche.net/telecharger/web-internet/2555-adblock-plus-pour-chrome/
Lien du téléchargement pour wot sur firefox
https://addons.mozilla.org/fr/firefox/addon/wot-safe-browsing-tool/
Lien pour télécharger adblock +
https://addons.mozilla.org/fr/firefox/addon/adblock-plus/?src=ss
6)Fais attention à ce que tu télécharges où et comment
Evites si possible de télécharger sur O1net,tom's guide,télécharger.com et Softonic et compagnie car ils repackent les logiciels avec des programmes potientellement indésirables
A lire
http://www.stoppublicites.fr/
https://www.malekal.com/adwares-pup-protection/
7)Pourquoi faut-il éviter de télécharger sur du p2p
Les risques sont gros la machine risque de devenir un pc zombie
Un peu de lecture concernant les dangers et le risque
https://forum.malekal.com/viewtopic.php?t=3208&start=
https://forum.malekal.com/viewtopic.php?t=893&start=
Je vais lire ces liens attentivement.
Et oui, je possédais déjà l'extension Adblock Plus ainsi que CCleaner, bien que j'ai nombre fois dû les remettre ces derniers jours.
Merci beaucoup!
Le rapport:
# DelFix v1.010 - Rapport créé le 12/06/2015 à 12:57:58
# Mis à jour le 26/04/2015 par Xplode
# Nom d'utilisateur : Julie - JULIE-HP
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Suppression des outils de désinfection ...
Supprimé : C:\_OTL
Supprimé : C:\FRST
Supprimé : C:\AdwCleaner
Supprimé : C:\Users\Julie\Downloads\adwcleaner_4.206.exe
Supprimé : C:\Users\Julie\Downloads\Fixlog.txt
Supprimé : C:\Users\Julie\Downloads\FRST64.exe
Supprimée : HKLM\SOFTWARE\OldTimer Tools
Supprimée : HKLM\SOFTWARE\AdwCleaner
~ Purge de la restauration système ...
Supprimé : RP #505 [Windows Update | 06/02/2015 08:31:12]
Supprimé : RP #506 [Windows Update | 06/05/2015 10:44:36]
Supprimé : RP #507 [Windows Update | 06/09/2015 08:22:12]
Supprimé : RP #508 [Avant l'opération 'supprimer Cinema Plus'. | 06/09/2015 17:22:50]
Supprimé : RP #509 [Windows Update | 06/10/2015 19:02:27]
Nouveau point de restauration créé !
########## - EOF - ##########
Et oui, je possédais déjà l'extension Adblock Plus ainsi que CCleaner, bien que j'ai nombre fois dû les remettre ces derniers jours.
Merci beaucoup!
Le rapport:
# DelFix v1.010 - Rapport créé le 12/06/2015 à 12:57:58
# Mis à jour le 26/04/2015 par Xplode
# Nom d'utilisateur : Julie - JULIE-HP
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
~ Suppression des outils de désinfection ...
Supprimé : C:\_OTL
Supprimé : C:\FRST
Supprimé : C:\AdwCleaner
Supprimé : C:\Users\Julie\Downloads\adwcleaner_4.206.exe
Supprimé : C:\Users\Julie\Downloads\Fixlog.txt
Supprimé : C:\Users\Julie\Downloads\FRST64.exe
Supprimée : HKLM\SOFTWARE\OldTimer Tools
Supprimée : HKLM\SOFTWARE\AdwCleaner
~ Purge de la restauration système ...
Supprimé : RP #505 [Windows Update | 06/02/2015 08:31:12]
Supprimé : RP #506 [Windows Update | 06/05/2015 10:44:36]
Supprimé : RP #507 [Windows Update | 06/09/2015 08:22:12]
Supprimé : RP #508 [Avant l'opération 'supprimer Cinema Plus'. | 06/09/2015 17:22:50]
Supprimé : RP #509 [Windows Update | 06/10/2015 19:02:27]
Nouveau point de restauration créé !
########## - EOF - ##########
Merci beaucoup, ça a l'air de mieux marcher.
Mais je m'inquiète au sujet de Cinema Plus, qui manifestement ne veut se désinstaller sous aucun prétexte. Et je crois qu'il peut encore me ralentir mon pC.
Auriez-vous une solution à ce problème?
Merci!