Any protect, gamesdekstop, smart web, reviennent sans cesse

Résolu
saranyght Messages postés 5 Statut Membre -  
Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   -
bonjour, j'ai besoin d'aide. J'ai des virus et fenêtres intempestives qui reviennent. J'ai installé adwcleaner, j'arrive à les retirer mais après 10min de navigation sur mozilla firefox, tout revient.
J'ai également téléchargé adblockplus car sur une page internet j'avais énormément de pub, et des onglets s'ouvrent avec des pubs.
Comment m'en débarrasser définitivement svp.

9 réponses

  1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Salut,

    Tu as installé des adwares et programmes parasites sur ton PC qui ouvrent des publicités et ralentissent l'ordinateur et les navigateurs WEB.
    Voici la procédure à suivre pour les supprimer :

    Commence par ceci :

    Suis ce tutoriel FRST: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
    (et bien prendre le temps de lire afin d'appliquer correctement - tout y est expliqué).
    Télécharge et lance le scan FRST, cela va générer trois rapports FRST :
    • FRST.txt
    • Shortcut.txt
    • Additionnal.txt


    Envoie, comme expliqué, ces trois rapports sur le site http://pjjoint.malekal.com et en retour donne les trois liens pjjoint qui mènent à ses rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.

    Like the angel you are, you laugh creating a lightness in my chest,
    Your eyes they penetrate me,
    (Your answer's always 'maybe')
    That's when I got up and left
    0
  2. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    Voici la correction à effectuer avec FRST.
    Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

    Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
    Copie/colle dedans ce qui suit :

    HKLM\...\Run: [gmsd_fr_575] => [X]
    HKLM\...\Run: [gmsd_us_640] => [X]
    HKLM\...\Run: [gmsd_fr_005010025] => C:\Program Files\gmsd_fr_005010025\gmsd_fr_005010025.exe [3988624 2015-07-08] ()
    HKLM\...\Run: [SmartWeb] => C:\Users\Sarah 2\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
    HKLM\...\Run: [gmsd_fr_005010026] => C:\Program Files\gmsd_fr_005010026\gmsd_fr_005010026.exe [3986064 2015-07-09] ()
    HKLM\...\RunOnce: [upgmsd_fr_005010025.exe] => C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010025\upgmsd_fr_005010025.exe [3297424 2015-07-08] ()
    HKLM\...\RunOnce: [upgmsd_fr_005010026.exe] => C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010025\upgmsd_fr_005010026.exe -runonce
    Startup: C:\Users\Sarah 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-07-09]
    ShortcutTarget: SmartWeb.lnk -> C:\Users\Sarah 2\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    S2 ac0423ae; c:\Program Files\SystemPlus\SystemPlus.dll [1774080 2015-07-05] () [File not signed]
    R2 bovumecu; C:\Users\Sarah\AppData\Local\C3ECC8F3-1432673997-11E0-3F80-6D9910325D29\snswB9DE.tmp [305152 2015-05-26] () [File not signed]
    R2 comituce; C:\Users\Sarah\AppData\Roaming\C3ECC8F3-1432666554-11E0-3F80-6D9910325D29\nseD4F5.tmp [663040 2015-06-02] () [File not signed]
    R2 f1943dfc; c:\Program Files\TampaEdit\TampaEdit.dll [3041792 2015-07-08] () [File not signed]
    R2 FEsYPcKUH; C:\ProgramData\XbrAREfOu\FEsYPcKUH.exe [2731488 2015-06-03] (Useful Technology)
    R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system)
    R2 kexiduse; C:\Users\Sarah\AppData\Roaming\C3ECC8F3-1432671102-11E0-3F80-6D9910325D29\hnso3F9.tmp [334848 2015-05-26] () [File not signed]
    R2 mesimoqi; C:\Users\Sarah\AppData\Local\C3ECC8F3-1432673978-11E0-3F80-6D9910325D29\cnsg7C92.tmp [243200 2015-05-26] () [File not signed]
    R2 pekudyho; C:\Users\Sarah\AppData\Roaming\C3ECC8F3-1432666554-11E0-3F80-6D9910325D29\hnsk9DD5.tmp [334848 2015-05-26] () [File not signed]
    R2 rewisezu; C:\Users\Sarah\AppData\Roaming\C3ECC8F3-1432666554-11E0-3F80-6D9910325D29\jnsf84B8.tmp [307712 2015-05-26] () [File not signed]
    R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [707240 2015-07-09] (DTools LIMITED) <==== ATTENTION
    S1 innfd_1_10_0_13; system32\drivers\innfd_1_10_0_13.sys [X]
    S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
    S1 scfd_1_10_0_16; system32\drivers\scfd_1_10_0_16.sys [X]
    2015-07-09 14:45 - 2015-07-09 14:45 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010026
    2015-07-09 14:45 - 2015-07-09 14:45 - 00000000 ____D C:\Program Files\gmsd_fr_005010026
    2015-07-09 02:08 - 2015-07-09 14:12 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP3.job
    2015-07-09 02:08 - 2015-07-09 14:12 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP2.job
    2015-07-09 02:08 - 2015-07-09 02:33 - 00000366 _____ C:\Windows\Tasks\APSnotifierPP1.job
    2015-07-09 02:08 - 2015-07-09 02:08 - 00000000 ____D C:\Users\Sarah 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
    2015-07-09 02:07 - 2015-07-09 02:08 - 00000000 ____D C:\Program Files\AnyProtectEx
    2015-07-09 02:07 - 2015-07-09 02:07 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsk1756.tmp
    2015-07-09 02:07 - 2015-07-09 02:07 - 00000000 __SHD C:\Users\Sarah 2\AppData\Roaming\AnyProtectEx
    2015-07-09 02:01 - 2015-07-09 14:45 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010025
    2015-07-09 02:01 - 2015-07-09 02:01 - 00000000 ____D C:\ProgramData\IHProtectUpDate
    2015-07-09 02:01 - 2015-07-09 02:01 - 00000000 ____D C:\Program Files\gmsd_fr_005010025
    2015-07-09 01:59 - 2015-07-09 01:59 - 00000000 ____D C:\Users\Sarah 2\AppData\Roaming\mystartsearch
    2015-07-09 01:59 - 2015-07-09 01:59 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
    2015-07-09 01:34 - 2015-07-09 01:34 - 00000000 ____D C:\Program Files\predm
    2015-07-08 20:56 - 2015-07-08 20:56 - 00000000 ____D C:\Program Files\TampaEdit
    2015-07-08 20:54 - 2015-07-08 20:54 - 00000000 ____D C:\Program Files\ZIP Converter Start
    2015-07-08 20:54 - 2015-07-08 20:54 - 00000000 ____D C:\Program Files\youtubeadblocker
    2015-07-08 20:53 - 2015-07-08 20:53 - 00000000 ____D C:\Program Files\PricELesss
    2015-07-08 20:52 - 2015-07-09 14:52 - 00000340 _____ C:\Windows\Tasks\Navig8.job
    2015-07-08 20:52 - 2015-07-09 01:59 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\SmartWeb
    2015-07-08 20:52 - 2015-07-08 20:52 - 00000000 ____D C:\ProgramData\{419184f9-00bb-0eda-4191-184f900b13e4}
    2015-07-08 20:52 - 2015-07-08 20:52 - 00000000 _____ C:\dummy.htm
    2015-07-08 20:27 - 2015-07-09 17:55 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\BreakingNewsAlert
    2015-07-08 01:15 - 2015-07-08 01:15 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nst986A.tmp
    2015-07-08 01:12 - 2015-07-09 02:01 - 00000000 ____D C:\Program Files\MiuiTab
    2015-07-08 01:10 - 2015-07-08 20:18 - 00000000 ____D C:\Program Files\WordSurfer_1.10.0.19
    2015-07-08 00:24 - 2015-07-08 00:24 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsnF2E.tmp
    2015-07-07 13:25 - 2015-07-07 23:28 - 00000000 ____D C:\ProgramData\abc
    2015-07-07 13:20 - 2015-07-08 20:18 - 00000000 ____D C:\ProgramData\2988696b-294c-4054-b34f-e97ca58a10e8
    2015-07-07 13:20 - 2015-07-08 20:18 - 00000000 ____D C:\Program Files\Common Files\2988696b-294c-4054-b34f-e97ca58a10e8
    2015-07-07 12:39 - 2015-07-07 12:39 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsnB243.tmp
    2015-07-07 12:36 - 2015-07-07 12:36 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\23592
    2015-07-07 12:13 - 2015-07-07 12:13 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\GWX
    2015-07-07 11:57 - 2015-07-07 11:57 - 00000000 _____ C:\Windows\prleth.sys
    2015-07-07 11:57 - 2015-07-07 11:57 - 00000000 _____ C:\Windows\hgfs.sys
    2015-07-07 11:54 - 2015-07-07 11:54 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsuC9E2.tmp
    2015-07-05 17:08 - 2015-07-05 17:08 - 00000000 ____D C:\Program Files\SystemPlus
    2015-07-05 16:59 - 2015-07-09 17:33 - 00000354 _____ C:\Windows\Tasks\CandyClues.job
    2015-07-05 16:59 - 2015-07-05 16:59 - 00000000 ____D C:\ProgramData\{9c4b19f9-882e-559f-9c4b-b19f988267e6}
    2015-07-05 16:58 - 2015-07-09 17:33 - 00000354 _____ C:\Windows\Tasks\CodingWizard.job
    2015-07-05 16:58 - 2015-07-05 16:59 - 00000000 ____D C:\ProgramData\{dab22f44-e588-e233-dab2-22f44e58bd13}
    2015-06-16 22:37 - 2015-06-16 22:37 - 01498248 _____ C:\ProgramData\setup_366d93a9537e4c6b884441cd1a848e20.exe
    2015-06-16 22:24 - 2015-06-16 22:24 - 00000000 ____D C:\69a9054132edc5ff7408
    2015-06-16 22:20 - 2015-07-05 17:03 - 00000000 ____D C:\Program Files\LinkFunc
    2015-07-09 01:32 - 2015-05-29 14:57 - 00000000 ____D C:\ProgramData\Iargrutrowo
    2015-07-08 20:55 - 2015-06-02 15:32 - 00000000 ____D C:\ProgramData\12782418110637309928
    2015-07-09 14:17 - 2015-05-26 20:59 - 00000000 ____D C:\Users\Sarah\AppData\Local\C3ECC8F3-1432673997-11E0-3F80-6D9910325D29
    2015-07-09 02:07 - 2015-07-09 02:07 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsk1756.tmp
    2015-07-07 12:39 - 2015-07-07 12:39 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsnB243.tmp
    2015-07-08 00:24 - 2015-07-08 00:24 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsnF2E.tmp
    2015-07-08 01:15 - 2015-07-08 01:15 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nst986A.tmp
    2015-07-07 11:54 - 2015-07-07 11:54 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsuC9E2.tmp
    2015-06-16 22:37 - 2015-06-16 22:37 - 1498248 _____ () C:\ProgramData\setup_366d93a9537e4c6b884441cd1a848e20.exe
    Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job => c:\programdata\{3eb73ccb-bd7c-8a9f-3eb7-73ccbbd7f32e}\hqghumeaylnlf.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Bidaily Synchronize Task[d492].job => c:\programdata\{da0d15a0-cbee-e994-da0d-d15a0cbe5683}\priceless_p_soft_partner.exe <==== ATTENTION
    Task: C:\Windows\Tasks\CandyClues.job => c:\programdata\{9c4b19f9-882e-559f-9c4b-b19f988267e6}\6056640203960042688e.exe <==== ATTENTION
    Task: C:\Windows\Tasks\CodingWizard.job => c:\programdata\{dab22f44-e588-e233-dab2-22f44e58bd13}\3566228733109764371b.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Navig8.job => c:\programdata\{419184f9-00bb-0eda-4191-184f900b13e4}\nsc6cd8.tmp.exe <==== ATTENTION
    Task: {11B09414-0690-4200-921A-540A567C8EC9} - System32\Tasks\CodingWizard => c:\programdata\{dab22f44-e588-e233-dab2-22f44e58bd13}\3566228733109764371b.exe [2014-07-05] () <==== ATTENTION
    Task: {1A8B293C-48C5-4A98-AB92-E5E3DAAD48DD} - System32\Tasks\Navig8 => c:\programdata\{419184f9-00bb-0eda-4191-184f900b13e4}\nsc6cd8.tmp.exe [2014-07-08] () <==== ATTENTION
    Task: {1E850965-8ACA-4DE1-866C-3718700B92C5} - System32\Tasks\Bidaily Synchronize Task[d492] => c:\programdata\{da0d15a0-cbee-e994-da0d-d15a0cbe5683}\priceless_p_soft_partner.exe [2014-06-02] () <==== ATTENTION
    Task: {2262D782-8A47-46FC-9CCF-A238B730B2E0} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Sarah 2\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
    Task: {5D89A2D4-3540-4672-891A-62E6CFE51ADF} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe [2015-07-09] (AnyProtect.com) <==== ATTENTION
    Task: {66682B65-27D5-4CDD-B2B2-AEB5796F115E} - System32\Tasks\{BD3EFF15-FC1E-473F-924E-967F84E033BE} => pcalua.exe -a C:\Users\Sarah\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=cmi
    Task: {721132E7-C355-485F-83D2-3F7C36747CE9} - System32\Tasks\Iargrutrowo => C:\ProgramData\Iargrutrowo\1.0.4.1\alprobse.exe [2015-07-09] ()
    Task: {7921990D-E2A2-4385-94FB-BE9D43B2F463} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe [2015-07-09] (AnyProtect.com) <==== ATTENTION
    Task: {AAEF012D-381C-4368-BB9B-366560AD2DCB} - System32\Tasks\CandyClues => c:\programdata\{9c4b19f9-882e-559f-9c4b-b19f988267e6}\6056640203960042688e.exe [2014-07-05] () <==== ATTENTION
    Task: {B7275CFA-4919-4E66-A065-165276049298} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe [2015-07-09] (AnyProtect.com) <==== ATTENTION
    Task: {E6763948-11F4-4738-BD51-594C3A5118BF} - System32\Tasks\Bidaily Synchronize Task[74c7] => c:\programdata\{3eb73ccb-bd7c-8a9f-3eb7-73ccbbd7f32e}\hqghumeaylnlf.exe [2014-06-02] (Super PC Tools Ltd) <==== ATTENTION
    Task: {FDDA319E-FB61-4775-AD8A-587C59182635} - System32\Tasks\{2A9F25BC-C2D7-4E1D-ACA0-FE72F13ACB9D} => pcalua.exe -a C:\Users\Sarah\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=ima

    Une fois, le texte coller dans le bloc-note.
    Menu Fichier puis Enregistrer sous.
    A gauche, place toi sur le bureau.
    Dans le champs en bas, nom du fichier mets : fixlist.txt
    Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

    Relance FRST et clic sur le bouton Fix
    Selon comment un redémarrage est nécessaire (pas obligatoire).
    Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

    Redémarre l'ordinateur

    puis réinitialise tes navigateurs:
    ==================================
    Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :

    0
  3. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  4. saranyght Messages postés 5 Statut Membre
     
    voici le contenu du FIXLOG :

    Fix result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015
    Ran by Sarah 2 at 2015-07-09 18:35:29 Run:1
    Running from C:\Users\Sarah 2\Desktop
    Loaded Profiles: Sarah 2 (Available Profiles: Sarah 2)
    Boot Mode: Normal

    ==============================================

    fixlist content:
    HKLM\...\Run: [gmsd_fr_575] => [X]
    HKLM\...\Run: [gmsd_us_640] => [X]
    HKLM\...\Run: [gmsd_fr_005010025] => C:\Program Files\gmsd_fr_005010025\gmsd_fr_005010025.exe [3988624 2015-07-08] ()
    HKLM\...\Run: [SmartWeb] => C:\Users\Sarah 2\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
    HKLM\...\Run: [gmsd_fr_005010026] => C:\Program Files\gmsd_fr_005010026\gmsd_fr_005010026.exe [3986064 2015-07-09] ()
    HKLM\...\RunOnce: [upgmsd_fr_005010025.exe] => C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010025\upgmsd_fr_005010025.exe [3297424 2015-07-08] ()
    HKLM\...\RunOnce: [upgmsd_fr_005010026.exe] => C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010025\upgmsd_fr_005010026.exe -runonce
    Startup: C:\Users\Sarah 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-07-09]
    ShortcutTarget: SmartWeb.lnk -> C:\Users\Sarah 2\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    S2 ac0423ae; c:\Program Files\SystemPlus\SystemPlus.dll [1774080 2015-07-05] () [File not signed]
    R2 bovumecu; C:\Users\Sarah\AppData\Local\C3ECC8F3-1432673997-11E0-3F80-6D9910325D29\snswB9DE.tmp [305152 2015-05-26] () [File not signed]
    R2 comituce; C:\Users\Sarah\AppData\Roaming\C3ECC8F3-1432666554-11E0-3F80-6D9910325D29\nseD4F5.tmp [663040 2015-06-02] () [File not signed]
    R2 f1943dfc; c:\Program Files\TampaEdit\TampaEdit.dll [3041792 2015-07-08] () [File not signed]
    R2 FEsYPcKUH; C:\ProgramData\XbrAREfOu\FEsYPcKUH.exe [2731488 2015-06-03] (Useful Technology)
    R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system)
    R2 kexiduse; C:\Users\Sarah\AppData\Roaming\C3ECC8F3-1432671102-11E0-3F80-6D9910325D29\hnso3F9.tmp [334848 2015-05-26] () [File not signed]
    R2 mesimoqi; C:\Users\Sarah\AppData\Local\C3ECC8F3-1432673978-11E0-3F80-6D9910325D29\cnsg7C92.tmp [243200 2015-05-26] () [File not signed]
    R2 pekudyho; C:\Users\Sarah\AppData\Roaming\C3ECC8F3-1432666554-11E0-3F80-6D9910325D29\hnsk9DD5.tmp [334848 2015-05-26] () [File not signed]
    R2 rewisezu; C:\Users\Sarah\AppData\Roaming\C3ECC8F3-1432666554-11E0-3F80-6D9910325D29\jnsf84B8.tmp [307712 2015-05-26] () [File not signed]
    R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [707240 2015-07-09] (DTools LIMITED) <==== ATTENTION
    S1 innfd_1_10_0_13; system32\drivers\innfd_1_10_0_13.sys [X]
    S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
    S1 scfd_1_10_0_16; system32\drivers\scfd_1_10_0_16.sys [X]
    2015-07-09 14:45 - 2015-07-09 14:45 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010026
    2015-07-09 14:45 - 2015-07-09 14:45 - 00000000 ____D C:\Program Files\gmsd_fr_005010026
    2015-07-09 02:08 - 2015-07-09 14:12 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP3.job
    2015-07-09 02:08 - 2015-07-09 14:12 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP2.job
    2015-07-09 02:08 - 2015-07-09 02:33 - 00000366 _____ C:\Windows\Tasks\APSnotifierPP1.job
    2015-07-09 02:08 - 2015-07-09 02:08 - 00000000 ____D C:\Users\Sarah 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
    2015-07-09 02:07 - 2015-07-09 02:08 - 00000000 ____D C:\Program Files\AnyProtectEx
    2015-07-09 02:07 - 2015-07-09 02:07 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsk1756.tmp
    2015-07-09 02:07 - 2015-07-09 02:07 - 00000000 __SHD C:\Users\Sarah 2\AppData\Roaming\AnyProtectEx
    2015-07-09 02:01 - 2015-07-09 14:45 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010025
    2015-07-09 02:01 - 2015-07-09 02:01 - 00000000 ____D C:\ProgramData\IHProtectUpDate
    2015-07-09 02:01 - 2015-07-09 02:01 - 00000000 ____D C:\Program Files\gmsd_fr_005010025
    2015-07-09 01:59 - 2015-07-09 01:59 - 00000000 ____D C:\Users\Sarah 2\AppData\Roaming\mystartsearch
    2015-07-09 01:59 - 2015-07-09 01:59 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
    2015-07-09 01:34 - 2015-07-09 01:34 - 00000000 ____D C:\Program Files\predm
    2015-07-08 20:56 - 2015-07-08 20:56 - 00000000 ____D C:\Program Files\TampaEdit
    2015-07-08 20:54 - 2015-07-08 20:54 - 00000000 ____D C:\Program Files\ZIP Converter Start
    2015-07-08 20:54 - 2015-07-08 20:54 - 00000000 ____D C:\Program Files\youtubeadblocker
    2015-07-08 20:53 - 2015-07-08 20:53 - 00000000 ____D C:\Program Files\PricELesss
    2015-07-08 20:52 - 2015-07-09 14:52 - 00000340 _____ C:\Windows\Tasks\Navig8.job
    2015-07-08 20:52 - 2015-07-09 01:59 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\SmartWeb
    2015-07-08 20:52 - 2015-07-08 20:52 - 00000000 ____D C:\ProgramData\{419184f9-00bb-0eda-4191-184f900b13e4}
    2015-07-08 20:52 - 2015-07-08 20:52 - 00000000 _____ C:\dummy.htm
    2015-07-08 20:27 - 2015-07-09 17:55 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\BreakingNewsAlert
    2015-07-08 01:15 - 2015-07-08 01:15 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nst986A.tmp
    2015-07-08 01:12 - 2015-07-09 02:01 - 00000000 ____D C:\Program Files\MiuiTab
    2015-07-08 01:10 - 2015-07-08 20:18 - 00000000 ____D C:\Program Files\WordSurfer_1.10.0.19
    2015-07-08 00:24 - 2015-07-08 00:24 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsnF2E.tmp
    2015-07-07 13:25 - 2015-07-07 23:28 - 00000000 ____D C:\ProgramData\abc
    2015-07-07 13:20 - 2015-07-08 20:18 - 00000000 ____D C:\ProgramData\2988696b-294c-4054-b34f-e97ca58a10e8
    2015-07-07 13:20 - 2015-07-08 20:18 - 00000000 ____D C:\Program Files\Common Files\2988696b-294c-4054-b34f-e97ca58a10e8
    2015-07-07 12:39 - 2015-07-07 12:39 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsnB243.tmp
    2015-07-07 12:36 - 2015-07-07 12:36 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\23592
    2015-07-07 12:13 - 2015-07-07 12:13 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\GWX
    2015-07-07 11:57 - 2015-07-07 11:57 - 00000000 _____ C:\Windows\prleth.sys
    2015-07-07 11:57 - 2015-07-07 11:57 - 00000000 _____ C:\Windows\hgfs.sys
    2015-07-07 11:54 - 2015-07-07 11:54 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsuC9E2.tmp
    2015-07-05 17:08 - 2015-07-05 17:08 - 00000000 ____D C:\Program Files\SystemPlus
    2015-07-05 16:59 - 2015-07-09 17:33 - 00000354 _____ C:\Windows\Tasks\CandyClues.job
    2015-07-05 16:59 - 2015-07-05 16:59 - 00000000 ____D C:\ProgramData\{9c4b19f9-882e-559f-9c4b-b19f988267e6}
    2015-07-05 16:58 - 2015-07-09 17:33 - 00000354 _____ C:\Windows\Tasks\CodingWizard.job
    2015-07-05 16:58 - 2015-07-05 16:59 - 00000000 ____D C:\ProgramData\{dab22f44-e588-e233-dab2-22f44e58bd13}
    2015-06-16 22:37 - 2015-06-16 22:37 - 01498248 _____ C:\ProgramData\setup_366d93a9537e4c6b884441cd1a848e20.exe
    2015-06-16 22:24 - 2015-06-16 22:24 - 00000000 ____D C:\69a9054132edc5ff7408
    2015-06-16 22:20 - 2015-07-05 17:03 - 00000000 ____D C:\Program Files\LinkFunc
    2015-07-09 01:32 - 2015-05-29 14:57 - 00000000 ____D C:\ProgramData\Iargrutrowo
    2015-07-08 20:55 - 2015-06-02 15:32 - 00000000 ____D C:\ProgramData\12782418110637309928
    2015-07-09 14:17 - 2015-05-26 20:59 - 00000000 ____D C:\Users\Sarah\AppData\Local\C3ECC8F3-1432673997-11E0-3F80-6D9910325D29
    2015-07-09 02:07 - 2015-07-09 02:07 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsk1756.tmp
    2015-07-07 12:39 - 2015-07-07 12:39 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsnB243.tmp
    2015-07-08 00:24 - 2015-07-08 00:24 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsnF2E.tmp
    2015-07-08 01:15 - 2015-07-08 01:15 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nst986A.tmp
    2015-07-07 11:54 - 2015-07-07 11:54 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsuC9E2.tmp
    2015-06-16 22:37 - 2015-06-16 22:37 - 1498248 _____ () C:\ProgramData\setup_366d93a9537e4c6b884441cd1a848e20.exe
    Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job => c:\programdata\{3eb73ccb-bd7c-8a9f-3eb7-73ccbbd7f32e}\hqghumeaylnlf.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Bidaily Synchronize Task[d492].job => c:\programdata\{da0d15a0-cbee-e994-da0d-d15a0cbe5683}\priceless_p_soft_partner.exe <==== ATTENTION
    Task: C:\Windows\Tasks\CandyClues.job => c:\programdata\{9c4b19f9-882e-559f-9c4b-b19f988267e6}\6056640203960042688e.exe <==== ATTENTION
    Task: C:\Windows\Tasks\CodingWizard.job => c:\programdata\{dab22f44-e588-e233-dab2-22f44e58bd13}\3566228733109764371b.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Navig8.job => c:\programdata\{419184f9-00bb-0eda-4191-184f900b13e4}\nsc6cd8.tmp.exe <==== ATTENTION
    Task: {11B09414-0690-4200-921A-540A567C8EC9} - System32\Tasks\CodingWizard => c:\programdata\{dab22f44-e588-e233-dab2-22f44e58bd13}\3566228733109764371b.exe [2014-07-05] () <==== ATTENTION
    Task: {1A8B293C-48C5-4A98-AB92-E5E3DAAD48DD} - System32\Tasks\Navig8 => c:\programdata\{419184f9-00bb-0eda-4191-184f900b13e4}\nsc6cd8.tmp.exe [2014-07-08] () <==== ATTENTION
    Task: {1E850965-8ACA-4DE1-866C-3718700B92C5} - System32\Tasks\Bidaily Synchronize Task[d492] => c:\programdata\{da0d15a0-cbee-e994-da0d-d15a0cbe5683}\priceless_p_soft_partner.exe [2014-06-02] () <==== ATTENTION
    Task: {2262D782-8A47-46FC-9CCF-A238B730B2E0} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Sarah 2\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
    Task: {5D89A2D4-3540-4672-891A-62E6CFE51ADF} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe [2015-07-09] (AnyProtect.com) <==== ATTENTION
    Task: {66682B65-27D5-4CDD-B2B2-AEB5796F115E} - System32\Tasks\{BD3EFF15-FC1E-473F-924E-967F84E033BE} => pcalua.exe -a C:\Users\Sarah\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=cmi
    Task: {721132E7-C355-485F-83D2-3F7C36747CE9} - System32\Tasks\Iargrutrowo => C:\ProgramData\Iargrutrowo\1.0.4.1\alprobse.exe [2015-07-09] ()
    Task: {7921990D-E2A2-4385-94FB-BE9D43B2F463} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe [2015-07-09] (AnyProtect.com) <==== ATTENTION
    Task: {AAEF012D-381C-4368-BB9B-366560AD2DCB} - System32\Tasks\CandyClues => c:\programdata\{9c4b19f9-882e-559f-9c4b-b19f988267e6}\6056640203960042688e.exe [2014-07-05] () <==== ATTENTION
    Task: {B7275CFA-4919-4E66-A065-165276049298} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe [2015-07-09] (AnyProtect.com) <==== ATTENTION
    Task: {E6763948-11F4-4738-BD51-594C3A5118BF} - System32\Tasks\Bidaily Synchronize Task[74c7] => c:\programdata\{3eb73ccb-bd7c-8a9f-3eb7-73ccbbd7f32e}\hqghumeaylnlf.exe [2014-06-02] (Super PC Tools Ltd) <==== ATTENTION
    Task: {FDDA319E-FB61-4775-AD8A-587C59182635} - System32\Tasks\{2A9F25BC-C2D7-4E1D-ACA0-FE72F13ACB9D} => pcalua.exe -a C:\Users\Sarah\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=ima

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_575 => value removed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_640 => value removed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_005010025 => value removed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SmartWeb => value removed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_005010026 => value removed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\upgmsd_fr_005010025.exe => value removed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\upgmsd_fr_005010026.exe => value removed successfully.
    C:\Users\Sarah 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk => moved successfully.
    C:\Users\Sarah 2\AppData\Local\SmartWeb\SmartWebHelper.exe => moved successfully.
    "HKLM\SOFTWARE\Policies\Google" => key removed successfully.
    ac0423ae => Service removed successfully.
    bovumecu => Service stopped successfully.
    bovumecu => Service removed successfully.
    comituce => Service stopped successfully.
    comituce => Service removed successfully.
    f1943dfc => Service removed successfully.
    FEsYPcKUH => Unable to stop service.
    FEsYPcKUH => Service removed successfully.
    IHProtect Service => Service stopped successfully.
    IHProtect Service => Service removed successfully.
    kexiduse => Service stopped successfully.
    kexiduse => Service removed successfully.
    mesimoqi => Service stopped successfully.
    mesimoqi => Service removed successfully.
    pekudyho => Service stopped successfully.
    pekudyho => Service removed successfully.
    rewisezu => Service stopped successfully.
    rewisezu => Service removed successfully.
    WindowsMangerProtect => Service stopped successfully.
    WindowsMangerProtect => Service removed successfully.
    innfd_1_10_0_13 => Service removed successfully.
    innfd_1_10_0_14 => Service removed successfully.
    scfd_1_10_0_16 => Service removed successfully.

    "C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010026" folder move:

    Could not move "C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010026" folder => Scheduled to move on reboot.

    "C:\Program Files\gmsd_fr_005010026" folder move:

    Could not move "C:\Program Files\gmsd_fr_005010026" folder => Scheduled to move on reboot.

    C:\Windows\Tasks\APSnotifierPP3.job => moved successfully.
    C:\Windows\Tasks\APSnotifierPP2.job => moved successfully.
    C:\Windows\Tasks\APSnotifierPP1.job => moved successfully.
    C:\Users\Sarah 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup => moved successfully.
    C:\Program Files\AnyProtectEx => moved successfully.
    C:\Users\Sarah 2\AppData\Local\nsk1756.tmp => moved successfully.
    C:\Users\Sarah 2\AppData\Roaming\AnyProtectEx => moved successfully.
    C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010025 => moved successfully.
    C:\ProgramData\IHProtectUpDate => moved successfully.
    C:\Program Files\gmsd_fr_005010025 => moved successfully.
    C:\Users\Sarah 2\AppData\Roaming\mystartsearch => moved successfully.
    C:\ProgramData\WindowsMangerProtect => moved successfully.
    C:\Program Files\predm => moved successfully.
    C:\Program Files\TampaEdit => moved successfully.
    C:\Program Files\ZIP Converter Start => moved successfully.
    C:\Program Files\youtubeadblocker => moved successfully.
    C:\Program Files\PricELesss => moved successfully.
    C:\Windows\Tasks\Navig8.job => moved successfully.
    C:\Users\Sarah 2\AppData\Local\SmartWeb => moved successfully.
    C:\ProgramData\{419184f9-00bb-0eda-4191-184f900b13e4} => moved successfully.
    C:\dummy.htm => moved successfully.
    C:\Users\Sarah 2\AppData\Local\BreakingNewsAlert => moved successfully.
    C:\Users\Sarah 2\AppData\Local\nst986A.tmp => moved successfully.
    C:\Program Files\MiuiTab => moved successfully.
    C:\Program Files\WordSurfer_1.10.0.19 => moved successfully.
    C:\Users\Sarah 2\AppData\Local\nsnF2E.tmp => moved successfully.
    C:\ProgramData\abc => moved successfully.
    C:\ProgramData\2988696b-294c-4054-b34f-e97ca58a10e8 => moved successfully.
    C:\Program Files\Common Files\2988696b-294c-4054-b34f-e97ca58a10e8 => moved successfully.
    C:\Users\Sarah 2\AppData\Local\nsnB243.tmp => moved successfully.
    C:\Users\Sarah 2\AppData\Local\23592 => moved successfully.
    C:\Users\Sarah 2\AppData\Local\GWX => moved successfully.
    C:\Windows\prleth.sys => moved successfully.
    C:\Windows\hgfs.sys => moved successfully.
    C:\Users\Sarah 2\AppData\Local\nsuC9E2.tmp => moved successfully.
    C:\Program Files\SystemPlus => moved successfully.
    C:\Windows\Tasks\CandyClues.job => moved successfully.
    C:\ProgramData\{9c4b19f9-882e-559f-9c4b-b19f988267e6} => moved successfully.
    C:\Windows\Tasks\CodingWizard.job => moved successfully.
    C:\ProgramData\{dab22f44-e588-e233-dab2-22f44e58bd13} => moved successfully.
    C:\ProgramData\setup_366d93a9537e4c6b884441cd1a848e20.exe => moved successfully.
    C:\69a9054132edc5ff7408 => moved successfully.
    C:\Program Files\LinkFunc => moved successfully.
    C:\ProgramData\Iargrutrowo => moved successfully.
    C:\ProgramData\12782418110637309928 => moved successfully.
    C:\Users\Sarah\AppData\Local\C3ECC8F3-1432673997-11E0-3F80-6D9910325D29 => moved successfully.
    "C:\Users\Sarah 2\AppData\Local\nsk1756.tmp" => File/Folder not found.
    "C:\Users\Sarah 2\AppData\Local\nsnB243.tmp" => File/Folder not found.
    "C:\Users\Sarah 2\AppData\Local\nsnF2E.tmp" => File/Folder not found.
    "C:\Users\Sarah 2\AppData\Local\nst986A.tmp" => File/Folder not found.
    "C:\Users\Sarah 2\AppData\Local\nsuC9E2.tmp" => File/Folder not found.
    "C:\ProgramData\setup_366d93a9537e4c6b884441cd1a848e20.exe" => File/Folder not found.
    C:\Windows\Tasks\APSnotifierPP1.job not found.
    C:\Windows\Tasks\APSnotifierPP2.job not found.
    C:\Windows\Tasks\APSnotifierPP3.job not found.
    C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job => moved successfully.
    C:\Windows\Tasks\Bidaily Synchronize Task[d492].job => moved successfully.
    C:\Windows\Tasks\CandyClues.job not found.
    C:\Windows\Tasks\CodingWizard.job not found.
    C:\Windows\Tasks\Navig8.job not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11B09414-0690-4200-921A-540A567C8EC9}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11B09414-0690-4200-921A-540A567C8EC9}" => key removed successfully.
    C:\Windows\System32\Tasks\CodingWizard => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CodingWizard" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A8B293C-48C5-4A98-AB92-E5E3DAAD48DD}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A8B293C-48C5-4A98-AB92-E5E3DAAD48DD}" => key removed successfully.
    C:\Windows\System32\Tasks\Navig8 => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Navig8" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E850965-8ACA-4DE1-866C-3718700B92C5}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E850965-8ACA-4DE1-866C-3718700B92C5}" => key removed successfully.
    C:\Windows\System32\Tasks\Bidaily Synchronize Task[d492] => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[d492]" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2262D782-8A47-46FC-9CCF-A238B730B2E0}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2262D782-8A47-46FC-9CCF-A238B730B2E0}" => key removed successfully.
    C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D89A2D4-3540-4672-891A-62E6CFE51ADF}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D89A2D4-3540-4672-891A-62E6CFE51ADF}" => key removed successfully.
    C:\Windows\System32\Tasks\APSnotifierPP3 => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66682B65-27D5-4CDD-B2B2-AEB5796F115E}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66682B65-27D5-4CDD-B2B2-AEB5796F115E}" => key removed successfully.
    C:\Windows\System32\Tasks\{BD3EFF15-FC1E-473F-924E-967F84E033BE} => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BD3EFF15-FC1E-473F-924E-967F84E033BE}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{721132E7-C355-485F-83D2-3F7C36747CE9}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{721132E7-C355-485F-83D2-3F7C36747CE9}" => key removed successfully.
    C:\Windows\System32\Tasks\Iargrutrowo => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Iargrutrowo" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7921990D-E2A2-4385-94FB-BE9D43B2F463}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7921990D-E2A2-4385-94FB-BE9D43B2F463}" => key removed successfully.
    C:\Windows\System32\Tasks\APSnotifierPP1 => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAEF012D-381C-4368-BB9B-366560AD2DCB}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAEF012D-381C-4368-BB9B-366560AD2DCB}" => key removed successfully.
    C:\Windows\System32\Tasks\CandyClues => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CandyClues" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7275CFA-4919-4E66-A065-165276049298}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7275CFA-4919-4E66-A065-165276049298}" => key removed successfully.
    C:\Windows\System32\Tasks\APSnotifierPP2 => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6763948-11F4-4738-BD51-594C3A5118BF}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6763948-11F4-4738-BD51-594C3A5118BF}" => key removed successfully.
    C:\Windows\System32\Tasks\Bidaily Synchronize Task[74c7] => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[74c7]" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDDA319E-FB61-4775-AD8A-587C59182635}" => key removed successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDDA319E-FB61-4775-AD8A-587C59182635}" => key removed successfully.
    C:\Windows\System32\Tasks\{2A9F25BC-C2D7-4E1D-ACA0-FE72F13ACB9D} => moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A9F25BC-C2D7-4E1D-ACA0-FE72F13ACB9D}" => key removed successfully.

    Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-09 18:38:09)<=

    C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010026 => is moved successfully
    C:\Program Files\gmsd_fr_005010026 => is moved successfully

    End of Fixlog 18:38:09

    0
  5. saranyght Messages postés 5 Statut Membre
     
    Après avoir tout suivi, j'espère que je n'aurai plus de soucis.
    Je vais naviguer sur internet comme d'habitude et voir si tout est ok.
    Je vous remercie pour votre aide.
    0
  6. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    =)

    Voila, c'est terminé, tu peux supprimer les programmes utilisés.

    Quelques conseils :

    Pour prévenir les sites malicieux, tu peux installer Blockulicious : https://forum.malekal.com/viewtopic.php?t=46656&start=

    Pour ne plus te faire avoir.
    A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/
    (Surtout active les détections LPIs pour détecter les programmes parasites et publicitaires)

    Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html

    0
  7. Julou16 Messages postés 3 Statut Membre
     
    Bonjour,

    J'ai le même problème que Sarah. Pouvez vous m'aider svp ???

    Voici les liens FRST :

    FRST : https://pjjoint.malekal.com/files.php?id=20150901_l14i9z11t10p11
    Addition : https://pjjoint.malekal.com/files.php?id=20150901_d14c9u15r10i7
    Shortcut : https://pjjoint.malekal.com/files.php?id=20150901_z9z13k13i12k7

    Merci d'avance !
    0
    1. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
       
      Salut,

      Désinstalle SpyHunter, Avast! et Malwarebytes, c'est largement suffisant.



      Voici la correction à effectuer avec FRST.
      Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

      Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
      Copie/colle dedans ce qui suit :


      HKLM\...\Run: [3D BubbleSound] => C:\Program Files\BubbleSound\3D BubbleSound.exe
      HKU\S-1-5-21-845023093-2508282223-2783293402-1002\...\Run: [WindApp] => C:\Users\Juju\AppData\Roaming\Store\WindApp\WindApp.exe /winstartup
      HKLM-x32\...\Run: [mbot_fr_014010075] => [X]
      HKLM-x32\...\Run: [gmsd_fr_005010075] => [X]
      HKLM-x32\...\Run: [gmsd_fr_005010076] => [X]
      R2 CoupoonService64; C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [172344 2015-04-03] ()
      R2 IHProtect Service; C:\Program Files (x86)\MiniLite\ProtectService.exe [132768 2015-08-24] (MiniLite system)
      R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
      R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-08-31] ()
      2 WdsManPro; C:\ProgramData\4WdsManPro4\WdsManPro.exe [709288 2015-08-31] (DTools LIMITED)
      R2 xewyzypu; C:\Program Files (x86)\EAA5F260-1440929070-81E3-24AF-0C54A5B3F383\knsf8D7C.tmp [762880 2015-08-31] () [Fichier non signé]
      2015-09-01 14:14 - 2015-09-01 14:14 - 00003334 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
      2015-09-01 14:14 - 2015-09-01 14:14 - 00002278 _____ C:\Users\Juju\Desktop\SpyHunter.lnk
      2015-09-01 14:14 - 2015-09-01 14:14 - 00000000 ____D C:\Users\Juju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
      2015-08-31 19:50 - 2015-09-01 09:58 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP3.job
      2015-08-31 19:50 - 2015-09-01 09:58 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP2.job
      2015-08-31 19:50 - 2015-08-31 20:10 - 00000378 _____ C:\Windows\Tasks\APSnotifierPP1.job
      2015-08-31 19:50 - 2015-08-31 19:50 - 00001037 _____ C:\Users\Juju\Desktop\AnyProtect.lnk
      2015-08-31 19:50 - 2015-08-31 19:50 - 00000000 ____D C:\Users\Juju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
      2015-08-31 19:49 - 2015-08-31 19:50 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
      2015-08-31 19:49 - 2015-08-31 19:49 - 00613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nsyF5AB.tmp
      2015-08-31 19:45 - 2015-08-31 19:46 - 00000000 ____D C:\ProgramData\4WdsManPro4
      2015-08-31 19:12 - 2015-08-31 19:12 - 00481944 _____ C:\Windows\system32\FNTCACHE.DAT
      2015-08-31 19:12 - 2015-08-31 19:12 - 00000000 ____D C:\Program Files\Coupoon
      2015-08-31 18:55 - 2015-08-31 18:55 - 00003144 _____ C:\Windows\System32\Tasks\{B868F541-76C9-4521-8349-F4D77A8375C5}
      2015-08-31 18:54 - 2015-08-31 18:54 - 00613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nswCB46.tmp
      2015-08-31 18:53 - 2015-08-31 18:53 - 00000000 ____D C:\ProgramData\Usevlamsa
      2015-08-31 18:46 - 2015-08-31 18:55 - 00000000 ____D C:\Users\Juju\AppData\Roaming\istartsurf
      2015-08-31 18:46 - 2015-08-31 18:46 - 00000000 ____D C:\ProgramData\HWdsManProH
      2015-08-30 20:59 - 2015-08-30 20:59 - 00613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nsz7347.tmp
      2015-08-30 20:33 - 2015-08-30 20:34 - 00000000 ____D C:\ProgramData\XWdsManProX
      2015-08-30 13:23 - 2015-08-30 13:23 - 00000000 ____D C:\Program Files (x86)\Exploremedia
      2015-08-30 13:22 - 2015-08-30 13:22 - 00000000 ____D C:\Program Files (x86)\predm
      2015-08-30 12:38 - 2015-08-30 13:12 - 00000000 ____D C:\ProgramData\abc
      2015-08-30 12:38 - 2015-08-30 12:38 - 00000000 ____D C:\ProgramData\cWdsManProc
      2015-08-30 12:37 - 2015-09-01 14:10 - 00000000 ____D C:\Users\Juju\AppData\Roaming\mystartsearch
      2015-08-30 12:37 - 2015-08-31 20:24 - 00000000 ____D C:\Program Files (x86)\Coupoon
      2015-08-30 12:08 - 2015-08-30 12:43 - 00000000 ____D C:\Users\Juju\AppData\Roaming\Opera Software
      2015-08-30 12:08 - 2015-08-30 12:43 - 00000000 ____D C:\Users\Juju\AppData\Local\Opera Software
      2015-08-30 12:05 - 2015-08-30 12:43 - 00000000 ____D C:\Program Files (x86)\Opera
      2015-08-30 12:04 - 2015-08-31 17:45 - 00000000 ____D C:\Program Files (x86)\EAA5F260-1440929070-81E3-24AF-0C54A5B3F383
      2015-08-30 12:03 - 2015-08-30 15:56 - 00000000 ____D C:\Users\Juju\AppData\Roaming\WTools
      2015-08-30 12:03 - 2015-08-30 13:31 - 00000000 ____D C:\Users\Juju\AppData\Roaming\Store
      2015-08-30 12:03 - 2015-08-30 12:03 - 00005706 _____ C:\Users\Juju\AppData\Roaming\Bubble Dock.installation.log
      2015-08-30 12:03 - 2015-08-30 12:03 - 00000078 _____ C:\Users\Juju\AppData\Roaming\WindApp.installation.log
      2015-08-30 12:03 - 2015-08-30 12:03 - 00000078 _____ C:\Users\Juju\AppData\Roaming\Selection Tools.installation.log
      2015-08-30 12:02 - 2015-08-30 12:03 - 00001270 _____ C:\Users\Juju\AppData\Roaming\Bubble Dock.boostrap.log
      2015-08-30 12:02 - 2015-08-30 12:02 - 00000097 _____ C:\Users\Juju\AppData\Roaming\WindApp.boostrap.log
      2015-08-30 12:01 - 2015-08-31 19:45 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
      2015-08-30 12:01 - 2015-08-31 19:45 - 00000000 ____D C:\Program Files (x86)\MiniLite
      2015-08-30 12:01 - 2015-08-31 18:48 - 00000000 ____D C:\ProgramData\update
      2015-08-30 12:01 - 2015-08-30 12:32 - 00000000 ____D C:\Users\Juju\AppData\Roaming\oursurfing
      2015-08-30 12:01 - 2015-08-30 12:02 - 00000000 ____D C:\ProgramData\lWdsManProl
      2015-08-31 19:50 - 2014-10-27 13:11 - 00002806 _____ C:\Windows\System32\Tasks\APSnotifierPP1
      2015-08-31 19:50 - 2014-10-27 13:11 - 00002804 _____ C:\Windows\System32\Tasks\APSnotifierPP3
      2015-08-31 19:50 - 2014-10-27 13:11 - 00002804 _____ C:\Windows\System32\Tasks\APSnotifierPP2
      2015-08-14 22:31 - 2014-03-10 20:26 - 00000000 ____D C:\Program Files (x86)\Plus-HD-9.3
      2015-08-14 22:09 - 2014-03-10 20:25 - 00000000 ____D C:\Users\Juju\AppData\Roaming\SupTab
      2015-08-14 22:09 - 2014-03-10 20:25 - 00000000 ____D C:\Program Files (x86)\SupTab
      2014-10-27 13:09 - 2014-10-27 13:09 - 0627760 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nss5AEC.tmp
      2015-08-31 18:54 - 2015-08-31 18:54 - 0613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nswCB46.tmp
      2015-08-31 19:49 - 2015-08-31 19:49 - 0613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nsyF5AB.tmp
      2015-08-30 20:59 - 2015-08-30 20:59 - 0613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nsz7347.tmp
      Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
      Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
      Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
      C:\Program Files\BubbleSound


      Une fois, le texte coller dans le bloc-note.
      Menu Fichier puis Enregistrer sous.
      A gauche, place toi sur le bureau.
      Dans le champs en bas, nom du fichier mets : fixlist.txt
      Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

      Relance FRST et clic sur le bouton Corriger / Fix
      Selon comment un redémarrage est nécessaire (pas obligatoire).
      Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

      Redémarre l'ordinateur



      puis réinitialise tes navigateurs:
      ==================================
      Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :
      0
      1. Julou16 Messages postés 3 Statut Membre > Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention  
         
        Voici les résultats !
        Merci beaucoup !

        Résultats de correction de Farbar Recovery Scan Tool (x64) Version:31-08-2015
        Exécuté par Juju (2015-09-01 18:02:39) Run:1
        Exécuté depuis C:\Users\Juju\Desktop
        Profils chargés: UpdatusUser & Juju & (Profils disponibles: UpdatusUser & Juju)
        Mode d'amorçage: Normal
        ==============================================

        fixlist contenu:

        HKLM\...\Run: [3D BubbleSound] => C:\Program Files\BubbleSound\3D BubbleSound.exe
        HKU\S-1-5-21-845023093-2508282223-2783293402-1002\...\Run: [WindApp] => C:\Users\Juju\AppData\Roaming\Store\WindApp\WindApp.exe /winstartup
        HKLM-x32\...\Run: [mbot_fr_014010075] => [X]
        HKLM-x32\...\Run: [gmsd_fr_005010075] => [X]
        HKLM-x32\...\Run: [gmsd_fr_005010076] => [X]
        R2 CoupoonService64; C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [172344 2015-04-03] ()
        R2 IHProtect Service; C:\Program Files (x86)\MiniLite\ProtectService.exe [132768 2015-08-24] (MiniLite system)
        R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
        R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-08-31] ()
        2 WdsManPro; C:\ProgramData\4WdsManPro4\WdsManPro.exe [709288 2015-08-31] (DTools LIMITED)
        R2 xewyzypu; C:\Program Files (x86)\EAA5F260-1440929070-81E3-24AF-0C54A5B3F383\knsf8D7C.tmp [762880 2015-08-31] () [Fichier non signé]
        2015-09-01 14:14 - 2015-09-01 14:14 - 00003334 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
        2015-09-01 14:14 - 2015-09-01 14:14 - 00002278 _____ C:\Users\Juju\Desktop\SpyHunter.lnk
        2015-09-01 14:14 - 2015-09-01 14:14 - 00000000 ____D C:\Users\Juju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
        2015-08-31 19:50 - 2015-09-01 09:58 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP3.job
        2015-08-31 19:50 - 2015-09-01 09:58 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP2.job
        2015-08-31 19:50 - 2015-08-31 20:10 - 00000378 _____ C:\Windows\Tasks\APSnotifierPP1.job
        2015-08-31 19:50 - 2015-08-31 19:50 - 00001037 _____ C:\Users\Juju\Desktop\AnyProtect.lnk
        2015-08-31 19:50 - 2015-08-31 19:50 - 00000000 ____D C:\Users\Juju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
        2015-08-31 19:49 - 2015-08-31 19:50 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
        2015-08-31 19:49 - 2015-08-31 19:49 - 00613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nsyF5AB.tmp
        2015-08-31 19:45 - 2015-08-31 19:46 - 00000000 ____D C:\ProgramData\4WdsManPro4
        2015-08-31 19:12 - 2015-08-31 19:12 - 00481944 _____ C:\Windows\system32\FNTCACHE.DAT
        2015-08-31 19:12 - 2015-08-31 19:12 - 00000000 ____D C:\Program Files\Coupoon
        2015-08-31 18:55 - 2015-08-31 18:55 - 00003144 _____ C:\Windows\System32\Tasks\{B868F541-76C9-4521-8349-F4D77A8375C5}
        2015-08-31 18:54 - 2015-08-31 18:54 - 00613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nswCB46.tmp
        2015-08-31 18:53 - 2015-08-31 18:53 - 00000000 ____D C:\ProgramData\Usevlamsa
        2015-08-31 18:46 - 2015-08-31 18:55 - 00000000 ____D C:\Users\Juju\AppData\Roaming\istartsurf
        2015-08-31 18:46 - 2015-08-31 18:46 - 00000000 ____D C:\ProgramData\HWdsManProH
        2015-08-30 20:59 - 2015-08-30 20:59 - 00613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nsz7347.tmp
        2015-08-30 20:33 - 2015-08-30 20:34 - 00000000 ____D C:\ProgramData\XWdsManProX
        2015-08-30 13:23 - 2015-08-30 13:23 - 00000000 ____D C:\Program Files (x86)\Exploremedia
        2015-08-30 13:22 - 2015-08-30 13:22 - 00000000 ____D C:\Program Files (x86)\predm
        2015-08-30 12:38 - 2015-08-30 13:12 - 00000000 ____D C:\ProgramData\abc
        2015-08-30 12:38 - 2015-08-30 12:38 - 00000000 ____D C:\ProgramData\cWdsManProc
        2015-08-30 12:37 - 2015-09-01 14:10 - 00000000 ____D C:\Users\Juju\AppData\Roaming\mystartsearch
        2015-08-30 12:37 - 2015-08-31 20:24 - 00000000 ____D C:\Program Files (x86)\Coupoon
        2015-08-30 12:08 - 2015-08-30 12:43 - 00000000 ____D C:\Users\Juju\AppData\Roaming\Opera Software
        2015-08-30 12:08 - 2015-08-30 12:43 - 00000000 ____D C:\Users\Juju\AppData\Local\Opera Software
        2015-08-30 12:05 - 2015-08-30 12:43 - 00000000 ____D C:\Program Files (x86)\Opera
        2015-08-30 12:04 - 2015-08-31 17:45 - 00000000 ____D C:\Program Files (x86)\EAA5F260-1440929070-81E3-24AF-0C54A5B3F383
        2015-08-30 12:03 - 2015-08-30 15:56 - 00000000 ____D C:\Users\Juju\AppData\Roaming\WTools
        2015-08-30 12:03 - 2015-08-30 13:31 - 00000000 ____D C:\Users\Juju\AppData\Roaming\Store
        2015-08-30 12:03 - 2015-08-30 12:03 - 00005706 _____ C:\Users\Juju\AppData\Roaming\Bubble Dock.installation.log
        2015-08-30 12:03 - 2015-08-30 12:03 - 00000078 _____ C:\Users\Juju\AppData\Roaming\WindApp.installation.log
        2015-08-30 12:03 - 2015-08-30 12:03 - 00000078 _____ C:\Users\Juju\AppData\Roaming\Selection Tools.installation.log
        2015-08-30 12:02 - 2015-08-30 12:03 - 00001270 _____ C:\Users\Juju\AppData\Roaming\Bubble Dock.boostrap.log
        2015-08-30 12:02 - 2015-08-30 12:02 - 00000097 _____ C:\Users\Juju\AppData\Roaming\WindApp.boostrap.log
        2015-08-30 12:01 - 2015-08-31 19:45 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
        2015-08-30 12:01 - 2015-08-31 19:45 - 00000000 ____D C:\Program Files (x86)\MiniLite
        2015-08-30 12:01 - 2015-08-31 18:48 - 00000000 ____D C:\ProgramData\update
        2015-08-30 12:01 - 2015-08-30 12:32 - 00000000 ____D C:\Users\Juju\AppData\Roaming\oursurfing
        2015-08-30 12:01 - 2015-08-30 12:02 - 00000000 ____D C:\ProgramData\lWdsManProl
        2015-08-31 19:50 - 2014-10-27 13:11 - 00002806 _____ C:\Windows\System32\Tasks\APSnotifierPP1
        2015-08-31 19:50 - 2014-10-27 13:11 - 00002804 _____ C:\Windows\System32\Tasks\APSnotifierPP3
        2015-08-31 19:50 - 2014-10-27 13:11 - 00002804 _____ C:\Windows\System32\Tasks\APSnotifierPP2
        2015-08-14 22:31 - 2014-03-10 20:26 - 00000000 ____D C:\Program Files (x86)\Plus-HD-9.3
        2015-08-14 22:09 - 2014-03-10 20:25 - 00000000 ____D C:\Users\Juju\AppData\Roaming\SupTab
        2015-08-14 22:09 - 2014-03-10 20:25 - 00000000 ____D C:\Program Files (x86)\SupTab
        2014-10-27 13:09 - 2014-10-27 13:09 - 0627760 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nss5AEC.tmp
        2015-08-31 18:54 - 2015-08-31 18:54 - 0613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nswCB46.tmp
        2015-08-31 19:49 - 2015-08-31 19:49 - 0613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nsyF5AB.tmp
        2015-08-30 20:59 - 2015-08-30 20:59 - 0613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nsz7347.tmp
        Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
        Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
        Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
        C:\Program Files\BubbleSound


        HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\3D BubbleSound => valeur supprimé(es) avec succès
        HKU\S-1-5-21-845023093-2508282223-2783293402-1002\Software\Microsoft\Windows\CurrentVersion\Run\\WindApp => valeur supprimé(es) avec succès
        HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_fr_014010075 => valeur supprimé(es) avec succès
        HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_005010075 => valeur supprimé(es) avec succès
        HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_005010076 => valeur supprimé(es) avec succès
        CoupoonService64 => service supprimé(es) avec succès
        IHProtect Service => Impossible d'arrêter le service.
        IHProtect Service => service supprimé(es) avec succès
        SpyHunter 4 Service => service non trouvé(e).
        UpdateCheck => Impossible d'arrêter le service.
        UpdateCheck => service supprimé(es) avec succès
        2 WdsManPro; C:\ProgramData\4WdsManPro4\WdsManPro.exe [709288 2015-08-31] (DTools LIMITED) => Erreur: Pas de correction automatique trouvée pour cet élément.
        xewyzypu => Impossible d'arrêter le service.
        xewyzypu => service supprimé(es) avec succès
        "C:\Windows\System32\Tasks\SpyHunter4Startup" => Fichier/Dossier non trouvé(e).
        "C:\Users\Juju\Desktop\SpyHunter.lnk" => Fichier/Dossier non trouvé(e).
        "C:\Users\Juju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter" => Fichier/Dossier non trouvé(e).
        C:\Windows\Tasks\APSnotifierPP3.job => déplacé(es) avec succès
        C:\Windows\Tasks\APSnotifierPP2.job => déplacé(es) avec succès
        C:\Windows\Tasks\APSnotifierPP1.job => déplacé(es) avec succès
        C:\Users\Juju\Desktop\AnyProtect.lnk => déplacé(es) avec succès
        C:\Users\Juju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup => déplacé(es) avec succès
        C:\Program Files (x86)\AnyProtectEx => déplacé(es) avec succès
        C:\Users\Juju\AppData\Local\nsyF5AB.tmp => déplacé(es) avec succès
        C:\ProgramData\4WdsManPro4 => déplacé(es) avec succès
        C:\Windows\system32\FNTCACHE.DAT => déplacé(es) avec succès
        C:\Program Files\Coupoon => déplacé(es) avec succès
        C:\Windows\System32\Tasks\{B868F541-76C9-4521-8349-F4D77A8375C5} => déplacé(es) avec succès
        C:\Users\Juju\AppData\Local\nswCB46.tmp => déplacé(es) avec succès
        C:\ProgramData\Usevlamsa => déplacé(es) avec succès
        C:\Users\Juju\AppData\Roaming\istartsurf => déplacé(es) avec succès
        C:\ProgramData\HWdsManProH => déplacé(es) avec succès
        C:\Users\Juju\AppData\Local\nsz7347.tmp => déplacé(es) avec succès
        C:\ProgramData\XWdsManProX => déplacé(es) avec succès
        C:\Program Files (x86)\Exploremedia => déplacé(es) avec succès
        C:\Program Files (x86)\predm => déplacé(es) avec succès
        C:\ProgramData\abc => déplacé(es) avec succès
        C:\ProgramData\cWdsManProc => déplacé(es) avec succès
        C:\Users\Juju\AppData\Roaming\mystartsearch => déplacé(es) avec succès
        C:\Program Files (x86)\Coupoon => déplacé(es) avec succès
        C:\Users\Juju\AppData\Roaming\Opera Software => déplacé(es) avec succès
        C:\Users\Juju\AppData\Local\Opera Software => déplacé(es) avec succès
        C:\Program Files (x86)\Opera => déplacé(es) avec succès
        C:\Program Files (x86)\EAA5F260-1440929070-81E3-24AF-0C54A5B3F383 => déplacé(es) avec succès
        C:\Users\Juju\AppData\Roaming\WTools => déplacé(es) avec succès
        C:\Users\Juju\AppData\Roaming\Store => déplacé(es) avec succès
        C:\Users\Juju\AppData\Roaming\Bubble Dock.installation.log => déplacé(es) avec succès
        C:\Users\Juju\AppData\Roaming\WindApp.installation.log => déplacé(es) avec succès
        C:\Users\Juju\AppData\Roaming\Selection Tools.installation.log => déplacé(es) avec succès
        C:\Users\Juju\AppData\Roaming\Bubble Dock.boostrap.log => déplacé(es) avec succès
        C:\Users\Juju\AppData\Roaming\WindApp.boostrap.log => déplacé(es) avec succès
        C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => déplacé(es) avec succès
        C:\Program Files (x86)\MiniLite => déplacé(es) avec succès
        C:\ProgramData\update => déplacé(es) avec succès
        C:\Users\Juju\AppData\Roaming\oursurfing => déplacé(es) avec succès
        C:\ProgramData\lWdsManProl => déplacé(es) avec succès
        C:\Windows\System32\Tasks\APSnotifierPP1 => déplacé(es) avec succès
        C:\Windows\System32\Tasks\APSnotifierPP3 => déplacé(es) avec succès
        C:\Windows\System32\Tasks\APSnotifierPP2 => déplacé(es) avec succès
        C:\Program Files (x86)\Plus-HD-9.3 => déplacé(es) avec succès
        C:\Users\Juju\AppData\Roaming\SupTab => déplacé(es) avec succès
        C:\Program Files (x86)\SupTab => déplacé(es) avec succès
        C:\Users\Juju\AppData\Local\nss5AEC.tmp => déplacé(es) avec succès
        "C:\Users\Juju\AppData\Local\nswCB46.tmp" => Fichier/Dossier non trouvé(e).
        "C:\Users\Juju\AppData\Local\nsyF5AB.tmp" => Fichier/Dossier non trouvé(e).
        "C:\Users\Juju\AppData\Local\nsz7347.tmp" => Fichier/Dossier non trouvé(e).
        C:\Windows\Tasks\APSnotifierPP1.job => non trouvé(e).
        C:\Windows\Tasks\APSnotifierPP2.job => non trouvé(e).
        C:\Windows\Tasks\APSnotifierPP3.job => non trouvé(e).
        "C:\Program Files\BubbleSound" => Fichier/Dossier non trouvé(e).


        Le système a dû redémarrer..

        Fin de Fixlog 18:02:57

        0
    2. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
       
      Malwarebytes (temps : environ 40min de scan):
      ==================================================
      Télécharge et installe Malwarebyte.
      Il existe une version gratuite qui permet de nettoyer son ordinateur (décoche bien la proposition d'essai de la version Premium à la fin de l'installation) :

      Mets Malwarebytes à jour puis lance un examen.

      A la fin du scan, clic sur "Supprimer Selection" en bas à gauche.
      Redémarre l'ordinateur si besoin.
      Après redémarrage, relance Malwarebytes.
      Vas chercher le rapport dans l'onglet Historique.
      A gauche Journal d'analyse.
      Doube-clic sur l'examen dans la liste.
      Puis en bas Copier dans le presse papier
      Vas sur http://pjjoint.malekal.com et en bas, clic droit / coller pour coller le rapport du scan Malwarebytes.
      Clic sur envoyer.
      Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.
      0
  8. Malekal_morte- Messages postés 178136 Date d'inscription   Statut Modérateur, Contributeur sécurité Dernière intervention   24 712
     
    il reste quel problème et sur quel navigateur WEB ?
    0