Sujet Précédent Sujet Suivant

Comment supprimer ADS by Cloudscout (besoin du script !)

Fermé
iSpeeX Messages postés 3 Date d'inscription samedi 27 juin 2015 Statut Membre Dernière intervention 27 juin 2015 - 27 juin 2015 à 22:36
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 27 juin 2015 à 23:18
Bonjour,

J'ai un problème sur mon ordinateur à cause de... ADS by CloudScout ! J'ai vu beaucoup de posts, mais j'ai aussi remarqué que chaque scripts étaient spécifiques à chaque personne, j'ai donc besoin d'un script qui correspond à mon problème. L'un d'entre vous serait-il capable de me fournir ce fameux script ?

PS : J'ai suivi ce tutoriel https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

Merci d'avance !

Voici les fichiers FRST, Addition et Shortcut obtenus lors du scan.
https://pjjoint.malekal.com/files.php?id=FRST_20150627_u13g13k11g14e14
https://pjjoint.malekal.com/files.php?id=20150627_l15k15w13f6y11
https://pjjoint.malekal.com/files.php?id=20150627_h10x13x8p13o14

A voir également:

3 réponses

Réponse 1 / 3
Utilisateur anonyme
Modifié par Bl@ck_LiGHT le 27/06/2015 à 22:40
Bonjour iSpeeX

Nous allons regarder cela de plus près.

Le rapport de ZHPDiag doit être posté en lien, il est trop long pour tenir dans une réponse.

ZHPDiag(de Nicolas coolman)

ZHPDiag : https://nicolascoolman.eu
  • Pour Vista Windows 7 et Windows 8 clic droit sur le fichier téléchargé et Exécuter en tant qu'administrateur
  • Deux icônes seront crées sur le bureau lors de son installation ZHPDiag et ZHPFix
  • Lance ZHPDiag en double cliquant sur son icône présente sur le bureau
  • Pour Vista Windows 7 et Windows 8 clic droit sur le raccourci de ZHPDiag et Exécuter en tant qu'administrateur
  • Clique sur Complet
  • Laisse le scan se dérouler.
  • Le scan terminé le rapport sera automatiquement sauvegardé sur le bureau sous ce nom ZHPDiag.txt
  • Sinon le rapport se trouvera aussi ici ==> c:\ZHP\ZHPDiag.txt


Pour poster le rapport en lien dans ta réponse utilise cet hébergeur de fichiers : http://www.cjoint.com/


.::Helper en désinfection PC::.
0
Réponse 2 / 3
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 633
Modifié par Malekal_morte- le 27/06/2015 à 22:44
Salut,

Tu as mis un mot de passe sur les rapports, donc on ne peut pas les lire.

Sinon ceci devrait faire l'affaire comme sur les autres sujets résolus :

Remets/vérifie que tous les serveurs de noms (DNS) sont automatiques : https://forum.malekal.com/viewtopic.php?t=48312&start=
PUIS ensuite vide le cache DNS et internet.
Les 3 étapes sont importantes et à faire sinon les pubs vont continuer.


Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 633
27 juin 2015 à 22:51
Le mot de passe a été envoyé en PM.



Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :

HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\Ynauoihe.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\Ynauoihe64.exe
HKLM-x32\...\Run: [SmartWeb] => C:\Users\DOMZEN06\AppData\Local\SmartWeb\SmartWebHelper.exe
HKLM-x32\...\Run: [gmsd_fr_005010014] => [X]
FF Extension: No Name - C:\Users\DOMZEN06\AppData\Roaming\Mozilla\Firefox\Profiles\vjwejrec.default-1416659744052\extensions\39ffxtbr@www.mapsgalaxy.com [not found]
FF Extension: No Name - C:\Users\DOMZEN06\AppData\Roaming\Mozilla\Firefox\Profiles\vjwejrec.default-1416659744052\extensions\arthurj8283@gmail.com [not found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
2015-06-27 21:57 - 2015-06-27 21:57 - 00000000 ____D C:\Users\DOMZEN06\Documents\Optimizer Pro
2015-06-27 21:52 - 2015-06-27 21:52 - 00000000 ____D C:\Program Files (x86)\predm
2015-06-22 00:00 - 2015-06-22 00:00 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nscBF4B.tmp
2015-06-21 23:59 - 2015-06-21 23:59 - 00003634 _____ C:\Windows\System32\Tasks\Ioect
2015-06-21 23:59 - 2015-06-18 12:08 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-06-21 19:46 - 2015-06-21 19:46 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsyD45.tmp
2015-06-21 19:28 - 2015-06-21 19:28 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-06-21 19:28 - 2015-06-21 19:27 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsr8300.tmp
2015-06-21 19:27 - 2015-06-26 22:34 - 00004044 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-06-21 19:27 - 2015-06-26 22:12 - 00000000 ____D C:\Program Files (x86)\MiuiTab
2015-06-21 17:26 - 2015-06-21 17:26 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nst8A28.tmp
2015-06-21 17:19 - 2015-06-21 17:24 - 00000000 ____D C:\Users\DOMZEN06\AppData\Local\gmsd_fr_002020008
2015-06-21 17:10 - 2015-06-21 17:10 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsn533A.tmp
2015-06-20 02:04 - 2015-06-20 02:04 - 00000000 ____D C:\ProgramData\{09b9b015-1280-f39d-09b9-9b015128c054}
2015-06-20 01:59 - 2015-06-20 01:59 - 00000000 ____D C:\Users\DOMZEN06\AppData\Roaming\288F1C80-1434758374-81E1-23A3-10BF4814D716
2015-06-20 01:49 - 2015-06-20 01:49 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nscCF13.tmp
2015-06-19 23:55 - 2015-06-19 23:55 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsp496A.tmp
2015-06-19 23:46 - 2015-06-20 01:58 - 00000000 ____D C:\Users\DOMZEN06\AppData\Local\gmsd_fr_005010007
2015-06-19 19:26 - 2015-06-19 19:26 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsiBFE4.tmp
2015-06-18 22:20 - 2015-06-18 22:20 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsy5F8C.tmp
2015-06-16 21:04 - 2015-06-16 21:04 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsc126B.tmp
2015-06-16 21:03 - 2015-06-16 21:03 - 00000000 _____ C:\Windows\prleth.sys
2015-06-16 21:03 - 2015-06-16 21:03 - 00000000 _____ C:\Windows\hgfs.sys
2015-06-16 20:34 - 2015-06-26 22:20 - 00000000 ____D C:\Users\DOMZEN06\AppData\Local\288F1C80-1434486863-81E1-23A3-10BF4814D716
2015-06-16 20:32 - 2015-06-26 22:17 - 00000000 ____D C:\Users\DOMZEN06\AppData\Local\288F1C80-1434486726-81E1-23A3-10BF4814D716
2015-06-16 20:32 - 2015-06-16 23:10 - 00000000 ____D C:\Program Files (x86)\CutterGeneration
2015-06-16 20:31 - 2015-06-26 22:13 - 00000000 ____D C:\Users\DOMZEN06\AppData\Roaming\288F1C80-1434479479-81E1-23A3-10BF4814D716
2015-06-16 20:31 - 2015-06-16 20:42 - 00000000 ____D C:\ProgramData\{8cbfc9a0-0e4b-60d0-8cbf-fc9a00e42680}
2015-06-16 20:31 - 2015-06-16 20:32 - 00000000 ____D C:\ProgramData\8244572019325762438
2015-06-16 20:31 - 2015-06-16 20:31 - 00000000 ____D C:\ProgramData\hidkddeihdbjgnlpfjjdbcehbjhpifll
2015-06-10 16:36 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 00:13 - 2015-06-16 20:42 - 00000000 ____D C:\Users\DOMZEN06\AppData\Local\25955
2015-06-09 23:46 - 2015-06-16 20:31 - 00000000 ___HD C:\ProgramData\joy
2015-06-08 16:54 - 2015-06-08 16:54 - 00000000 ____D C:\Users\DOMZEN06\AppData\Roaming\Yahoo!
2015-06-08 16:54 - 2015-06-08 16:54 - 00000000 ____D C:\ProgramData\Yahoo!
2015-06-08 14:55 - 2015-06-08 19:42 - 00000112 _____ C:\ProgramData\8A51J0f.dat
2015-06-08 13:11 - 2015-06-08 20:51 - 00000000 ____D C:\ProgramData\abc
2015-06-08 13:09 - 2015-06-08 13:09 - 00000000 _____ C:\Windows\SysWOW64\Number of results
2015-06-08 13:06 - 2015-06-21 16:42 - 00003164 _____ C:\Windows\System32\Tasks\{8CC7942C-F2B7-4222-B53E-46E448F310BC}
2015-06-08 12:27 - 2015-06-27 18:55 - 00045056 _____ C:\Windows\SysWOW64\acovcnt.exe
2015-06-08 12:13 - 2015-06-24 19:39 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-08 12:10 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-08 12:09 - 2015-06-26 22:20 - 00000000 ____D C:\Users\DOMZEN06\AppData\Roaming\288F1C80-1433758165-81E1-23A3-10BF4814D716
2015-06-08 12:09 - 2015-06-08 12:09 - 00631296 _____ C:\Windows\joy.dat
012-07-21 21:54 - 2015-06-27 18:55 - 0000387 _____ () C:\Users\DOMZEN06\AppData\Roaming\sp_data.sys
2015-06-16 21:04 - 2015-06-16 21:04 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsc126B.tmp
2015-06-22 00:00 - 2015-06-22 00:00 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nscBF4B.tmp
2015-06-20 01:49 - 2015-06-20 01:49 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nscCF13.tmp
2015-06-19 19:26 - 2015-06-19 19:26 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsiBFE4.tmp
2015-06-21 17:10 - 2015-06-21 17:10 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsn533A.tmp
2015-06-19 23:55 - 2015-06-19 23:55 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsp496A.tmp
2015-06-21 19:28 - 2015-06-21 19:27 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsr8300.tmp
2015-06-21 17:26 - 2015-06-21 17:26 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nst8A28.tmp
2015-06-18 22:20 - 2015-06-18 22:20 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsy5F8C.tmp
2015-06-21 19:46 - 2015-06-21 19:46 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsyD45.tmp
Task: {132AD632-F2D5-4FB4-909A-4336B64DB55A} - System32\Tasks\{8CC7942C-F2B7-4222-B53E-46E448F310BC} => pcalua.exe -a C:\Users\DOMZEN06\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cmi
Task: {2F960467-696E-4862-9C99-A034311AF72D} - \SpyHunter4Startup No Task File <==== ATTENTION
Task: {68A61DE0-9708-45DC-A9AE-61CB27E94BCF} - System32\Tasks\WebInternetSecurity Update Task => C:\Program Files (x86)\Webinternetsecurity\uninstall.webinternetsecurity.exe <==== ATTENTION
Task: {7D6F95F8-77E8-48E1-B2C9-099E924610F1} - \iren3006 No Task File <==== ATTENTION
Task: {CB1CEABD-887C-4929-9743-28147AD2D8AE} - System32\Tasks\Ioect => C:\Program Files\shopperz\Ewvdwdoae.bat <==== ATTENTION
Task: {F5574861-E994-4C87-956E-76CCABD0C6DC} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\DOMZEN06\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION


Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaà®t, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur


puis réinitialise tes navigateurs:
==================================
Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :

puis suivre la procédure des resets DNS.

~~

Côté antivirus, désinstalle SuperAntispyware.

Aussi ton Norton a l'air pas à jour, si tu ne l'as pas acheté ou ne compte pas l'acheté.
Désinstalle le et Installe Avast! : https://www.malekal.com/tutoriel-antivirus-avast/
Surtout active les détections LPIs.
0
iSpeeX Messages postés 3 Date d'inscription samedi 27 juin 2015 Statut Membre Dernière intervention 27 juin 2015
27 juin 2015 à 23:13
Le fix est fait, le log est posté ensuite, j'ai réinitialiser les DNS ainsi que mes navigateurs. Norton et compagnie sont en cours de désinstallation et je vais installer Avira plutôt que Avast (je préfère). C'est quoi les LPIs ?

Encore MERCI POUR TOUT ! Vous êtes vraiment très gentil et très rapide, merci énormément !
0
Réponse 3 / 3
iSpeeX Messages postés 3 Date d'inscription samedi 27 juin 2015 Statut Membre Dernière intervention 27 juin 2015
27 juin 2015 à 23:10
Voici le FIXLOG :

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by DOMZEN06 at 2015-06-27 22:55:48 Run:1
Running from C:\Users\DOMZEN06\Desktop
Loaded Profiles: UpdatusUser & DOMZEN06 & DefaultAppPool (Available Profiles: UpdatusUser & DOMZEN06 & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:

HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\Ynauoihe.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\Ynauoihe64.exe
HKLM-x32\...\Run: [SmartWeb] => C:\Users\DOMZEN06\AppData\Local\SmartWeb\SmartWebHelper.exe
HKLM-x32\...\Run: [gmsd_fr_005010014] => [X]
FF Extension: No Name - C:\Users\DOMZEN06\AppData\Roaming\Mozilla\Firefox\Profiles\vjwejrec.default-1416659744052\extensions\39ffxtbr@www.mapsgalaxy.com [not found]
FF Extension: No Name - C:\Users\DOMZEN06\AppData\Roaming\Mozilla\Firefox\Profiles\vjwejrec.default-1416659744052\extensions\arthurj8283@gmail.com [not found]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [not found]
2015-06-27 21:57 - 2015-06-27 21:57 - 00000000 ____D C:\Users\DOMZEN06\Documents\Optimizer Pro
2015-06-27 21:52 - 2015-06-27 21:52 - 00000000 ____D C:\Program Files (x86)\predm
2015-06-22 00:00 - 2015-06-22 00:00 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nscBF4B.tmp
2015-06-21 23:59 - 2015-06-21 23:59 - 00003634 _____ C:\Windows\System32\Tasks\Ioect
2015-06-21 23:59 - 2015-06-18 12:08 - 00061336 _____ (Cherimoya Ltd) C:\Windows\system32\Drivers\cherimoya.sys
2015-06-21 19:46 - 2015-06-21 19:46 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsyD45.tmp
2015-06-21 19:28 - 2015-06-21 19:28 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-06-21 19:28 - 2015-06-21 19:27 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsr8300.tmp
2015-06-21 19:27 - 2015-06-26 22:34 - 00004044 _____ C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task
2015-06-21 19:27 - 2015-06-26 22:12 - 00000000 ____D C:\Program Files (x86)\MiuiTab
2015-06-21 17:26 - 2015-06-21 17:26 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nst8A28.tmp
2015-06-21 17:19 - 2015-06-21 17:24 - 00000000 ____D C:\Users\DOMZEN06\AppData\Local\gmsd_fr_002020008
2015-06-21 17:10 - 2015-06-21 17:10 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsn533A.tmp
2015-06-20 02:04 - 2015-06-20 02:04 - 00000000 ____D C:\ProgramData\{09b9b015-1280-f39d-09b9-9b015128c054}
2015-06-20 01:59 - 2015-06-20 01:59 - 00000000 ____D C:\Users\DOMZEN06\AppData\Roaming\288F1C80-1434758374-81E1-23A3-10BF4814D716
2015-06-20 01:49 - 2015-06-20 01:49 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nscCF13.tmp
2015-06-19 23:55 - 2015-06-19 23:55 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsp496A.tmp
2015-06-19 23:46 - 2015-06-20 01:58 - 00000000 ____D C:\Users\DOMZEN06\AppData\Local\gmsd_fr_005010007
2015-06-19 19:26 - 2015-06-19 19:26 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsiBFE4.tmp
2015-06-18 22:20 - 2015-06-18 22:20 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsy5F8C.tmp
2015-06-16 21:04 - 2015-06-16 21:04 - 00613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsc126B.tmp
2015-06-16 21:03 - 2015-06-16 21:03 - 00000000 _____ C:\Windows\prleth.sys
2015-06-16 21:03 - 2015-06-16 21:03 - 00000000 _____ C:\Windows\hgfs.sys
2015-06-16 20:34 - 2015-06-26 22:20 - 00000000 ____D C:\Users\DOMZEN06\AppData\Local\288F1C80-1434486863-81E1-23A3-10BF4814D716
2015-06-16 20:32 - 2015-06-26 22:17 - 00000000 ____D C:\Users\DOMZEN06\AppData\Local\288F1C80-1434486726-81E1-23A3-10BF4814D716
2015-06-16 20:32 - 2015-06-16 23:10 - 00000000 ____D C:\Program Files (x86)\CutterGeneration
2015-06-16 20:31 - 2015-06-26 22:13 - 00000000 ____D C:\Users\DOMZEN06\AppData\Roaming\288F1C80-1434479479-81E1-23A3-10BF4814D716
2015-06-16 20:31 - 2015-06-16 20:42 - 00000000 ____D C:\ProgramData\{8cbfc9a0-0e4b-60d0-8cbf-fc9a00e42680}
2015-06-16 20:31 - 2015-06-16 20:32 - 00000000 ____D C:\ProgramData\8244572019325762438
2015-06-16 20:31 - 2015-06-16 20:31 - 00000000 ____D C:\ProgramData\hidkddeihdbjgnlpfjjdbcehbjhpifll
2015-06-10 16:36 - 2015-04-11 05:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 00:13 - 2015-06-16 20:42 - 00000000 ____D C:\Users\DOMZEN06\AppData\Local\25955
2015-06-09 23:46 - 2015-06-16 20:31 - 00000000 ___HD C:\ProgramData\joy
2015-06-08 16:54 - 2015-06-08 16:54 - 00000000 ____D C:\Users\DOMZEN06\AppData\Roaming\Yahoo!
2015-06-08 16:54 - 2015-06-08 16:54 - 00000000 ____D C:\ProgramData\Yahoo!
2015-06-08 14:55 - 2015-06-08 19:42 - 00000112 _____ C:\ProgramData\8A51J0f.dat
2015-06-08 13:11 - 2015-06-08 20:51 - 00000000 ____D C:\ProgramData\abc
2015-06-08 13:09 - 2015-06-08 13:09 - 00000000 _____ C:\Windows\SysWOW64\Number of results
2015-06-08 13:06 - 2015-06-21 16:42 - 00003164 _____ C:\Windows\System32\Tasks\{8CC7942C-F2B7-4222-B53E-46E448F310BC}
2015-06-08 12:27 - 2015-06-27 18:55 - 00045056 _____ C:\Windows\SysWOW64\acovcnt.exe
2015-06-08 12:13 - 2015-06-24 19:39 - 00000004 _____ C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-06-08 12:10 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hp.bak
2015-06-08 12:09 - 2015-06-26 22:20 - 00000000 ____D C:\Users\DOMZEN06\AppData\Roaming\288F1C80-1433758165-81E1-23A3-10BF4814D716
2015-06-08 12:09 - 2015-06-08 12:09 - 00631296 _____ C:\Windows\joy.dat
012-07-21 21:54 - 2015-06-27 18:55 - 0000387 _____ () C:\Users\DOMZEN06\AppData\Roaming\sp_data.sys
2015-06-16 21:04 - 2015-06-16 21:04 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsc126B.tmp
2015-06-22 00:00 - 2015-06-22 00:00 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nscBF4B.tmp
2015-06-20 01:49 - 2015-06-20 01:49 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nscCF13.tmp
2015-06-19 19:26 - 2015-06-19 19:26 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsiBFE4.tmp
2015-06-21 17:10 - 2015-06-21 17:10 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsn533A.tmp
2015-06-19 23:55 - 2015-06-19 23:55 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsp496A.tmp
2015-06-21 19:28 - 2015-06-21 19:27 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsr8300.tmp
2015-06-21 17:26 - 2015-06-21 17:26 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nst8A28.tmp
2015-06-18 22:20 - 2015-06-18 22:20 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsy5F8C.tmp
2015-06-21 19:46 - 2015-06-21 19:46 - 0613255 _____ (CMI Limited) C:\Users\DOMZEN06\AppData\Local\nsyD45.tmp
Task: {132AD632-F2D5-4FB4-909A-4336B64DB55A} - System32\Tasks\{8CC7942C-F2B7-4222-B53E-46E448F310BC} => pcalua.exe -a C:\Users\DOMZEN06\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=cmi
Task: {2F960467-696E-4862-9C99-A034311AF72D} - \SpyHunter4Startup No Task File <==== ATTENTION
Task: {68A61DE0-9708-45DC-A9AE-61CB27E94BCF} - System32\Tasks\WebInternetSecurity Update Task => C:\Program Files (x86)\Webinternetsecurity\uninstall.webinternetsecurity.exe <==== ATTENTION
Task: {7D6F95F8-77E8-48E1-B2C9-099E924610F1} - \iren3006 No Task File <==== ATTENTION
Task: {CB1CEABD-887C-4929-9743-28147AD2D8AE} - System32\Tasks\Ioect => C:\Program Files\shopperz\Ewvdwdoae.bat <==== ATTENTION
Task: {F5574861-E994-4C87-956E-76CCABD0C6DC} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\DOMZEN06\AppData\Local\SmartWeb\SmartWebHelper.exe <==== ATTENTION


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\shopperz => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\shopperz64 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SmartWeb => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_005010014 => value removed successfully
C:\Users\DOMZEN06\AppData\Roaming\Mozilla\Firefox\Profiles\vjwejrec.default-1416659744052\extensions\39ffxtbr@www.mapsgalaxy.com not found.
C:\Users\DOMZEN06\AppData\Roaming\Mozilla\Firefox\Profiles\vjwejrec.default-1416659744052\extensions\arthurj8283@gmail.com not found.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
"C:\Users\DOMZEN06\Documents\Optimizer Pro" => File/Folder not found.
C:\Program Files (x86)\predm => moved successfully.
C:\Users\DOMZEN06\AppData\Local\nscBF4B.tmp => moved successfully.
C:\Windows\System32\Tasks\Ioect => moved successfully.
C:\Windows\system32\Drivers\cherimoya.sys => moved successfully.
C:\Users\DOMZEN06\AppData\Local\nsyD45.tmp => moved successfully.
C:\ProgramData\IHProtectUpDate => moved successfully.
C:\Users\DOMZEN06\AppData\Local\nsr8300.tmp => moved successfully.
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => moved successfully.
C:\Program Files (x86)\MiuiTab => moved successfully.
C:\Users\DOMZEN06\AppData\Local\nst8A28.tmp => moved successfully.
C:\Users\DOMZEN06\AppData\Local\gmsd_fr_002020008 => moved successfully.
C:\Users\DOMZEN06\AppData\Local\nsn533A.tmp => moved successfully.
C:\ProgramData\{09b9b015-1280-f39d-09b9-9b015128c054} => moved successfully.
C:\Users\DOMZEN06\AppData\Roaming\288F1C80-1434758374-81E1-23A3-10BF4814D716 => moved successfully.
C:\Users\DOMZEN06\AppData\Local\nscCF13.tmp => moved successfully.
C:\Users\DOMZEN06\AppData\Local\nsp496A.tmp => moved successfully.
C:\Users\DOMZEN06\AppData\Local\gmsd_fr_005010007 => moved successfully.
C:\Users\DOMZEN06\AppData\Local\nsiBFE4.tmp => moved successfully.
C:\Users\DOMZEN06\AppData\Local\nsy5F8C.tmp => moved successfully.
C:\Users\DOMZEN06\AppData\Local\nsc126B.tmp => moved successfully.
C:\Windows\prleth.sys => moved successfully.
C:\Windows\hgfs.sys => moved successfully.
C:\Users\DOMZEN06\AppData\Local\288F1C80-1434486863-81E1-23A3-10BF4814D716 => moved successfully.
C:\Users\DOMZEN06\AppData\Local\288F1C80-1434486726-81E1-23A3-10BF4814D716 => moved successfully.
C:\Program Files (x86)\CutterGeneration => moved successfully.
C:\Users\DOMZEN06\AppData\Roaming\288F1C80-1434479479-81E1-23A3-10BF4814D716 => moved successfully.
C:\ProgramData\{8cbfc9a0-0e4b-60d0-8cbf-fc9a00e42680} => moved successfully.
C:\ProgramData\8244572019325762438 => moved successfully.
C:\ProgramData\hidkddeihdbjgnlpfjjdbcehbjhpifll => moved successfully.
Could not move "C:\Windows\system32\Drivers\stream.sys" => Scheduled to move on reboot.
C:\Users\DOMZEN06\AppData\Local\25955 => moved successfully.
C:\ProgramData\joy => moved successfully.
C:\Users\DOMZEN06\AppData\Roaming\Yahoo! => moved successfully.
C:\ProgramData\Yahoo! => moved successfully.
C:\ProgramData\8A51J0f.dat => moved successfully.
C:\ProgramData\abc => moved successfully.
C:\Windows\SysWOW64\Number of results => moved successfully.
C:\Windows\System32\Tasks\{8CC7942C-F2B7-4222-B53E-46E448F310BC} => moved successfully.
C:\Windows\SysWOW64\acovcnt.exe => moved successfully.
C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7 => moved successfully.
C:\Windows\system32\Drivers\etc\hp.bak => moved successfully.
C:\Users\DOMZEN06\AppData\Roaming\288F1C80-1433758165-81E1-23A3-10BF4814D716 => moved successfully.
C:\Windows\joy.dat => moved successfully.
012-07-21 21:54 - 2015-06-27 18:55 - 0000387 _____ () C:\Users\DOMZEN06\AppData\Roaming\sp_data.sys => Error: No automatic fix found for this entry.
"C:\Users\DOMZEN06\AppData\Local\nsc126B.tmp" => File/Folder not found.
"C:\Users\DOMZEN06\AppData\Local\nscBF4B.tmp" => File/Folder not found.
"C:\Users\DOMZEN06\AppData\Local\nscCF13.tmp" => File/Folder not found.
"C:\Users\DOMZEN06\AppData\Local\nsiBFE4.tmp" => File/Folder not found.
"C:\Users\DOMZEN06\AppData\Local\nsn533A.tmp" => File/Folder not found.
"C:\Users\DOMZEN06\AppData\Local\nsp496A.tmp" => File/Folder not found.
"C:\Users\DOMZEN06\AppData\Local\nsr8300.tmp" => File/Folder not found.
"C:\Users\DOMZEN06\AppData\Local\nst8A28.tmp" => File/Folder not found.
"C:\Users\DOMZEN06\AppData\Local\nsy5F8C.tmp" => File/Folder not found.
"C:\Users\DOMZEN06\AppData\Local\nsyD45.tmp" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{132AD632-F2D5-4FB4-909A-4336B64DB55A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{132AD632-F2D5-4FB4-909A-4336B64DB55A}" => key removed successfully
C:\Windows\System32\Tasks\{8CC7942C-F2B7-4222-B53E-46E448F310BC} not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8CC7942C-F2B7-4222-B53E-46E448F310BC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2F960467-696E-4862-9C99-A034311AF72D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F960467-696E-4862-9C99-A034311AF72D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68A61DE0-9708-45DC-A9AE-61CB27E94BCF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68A61DE0-9708-45DC-A9AE-61CB27E94BCF}" => key removed successfully
C:\Windows\System32\Tasks\WebInternetSecurity Update Task => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WebInternetSecurity Update Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7D6F95F8-77E8-48E1-B2C9-099E924610F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D6F95F8-77E8-48E1-B2C9-099E924610F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iren3006" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB1CEABD-887C-4929-9743-28147AD2D8AE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB1CEABD-887C-4929-9743-28147AD2D8AE}" => key removed successfully
C:\Windows\System32\Tasks\Ioect not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ioect" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F5574861-E994-4C87-956E-76CCABD0C6DC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F5574861-E994-4C87-956E-76CCABD0C6DC}" => key removed successfully
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => key removed successfully

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-06-27 22:58:59)<=

C:\Windows\system32\Drivers\stream.sys => Is moved successfully

End of Fixlog 22:58:59

0
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 633
Modifié par Malekal_morte- le 27/06/2015 à 23:18
oups C:\Windows\system32\Drivers\stream.sys est légitime.
Fais une recherche de fichier sur stream.sys
il doit se trouve dans C:\FRST\Quarantine\C\Windows\system32\Drivers\
(Mon Ordinateur > Disque C > FRST > Quarantine > C > C > Windows > system32> Drivers)
et tu le copies dans C:\Windows\system32\drivers

ou si tu trouves plus simples, tu peux refaire un fix avec un fixlist.txt contenant :

RestoreQuarantine: C:\FRST\Quarantine\C\Windows\system32\Drivers\stream.sys

Fais le reste, surtout la partie DNS, sinon les pubs CloudScout vont continuer.
Et fais du ménage dans les antivirus.
0

Discussions similaires

Comment supprimer un compte Facebook sans email ni mot de passe ?
Joris77 -
jalker123 -

20 réponses