Any protect, gamesdekstop, smart web, reviennent sans cesse

[Résolu/Fermé]
Signaler
Messages postés
5
Date d'inscription
jeudi 9 juillet 2015
Statut
Membre
Dernière intervention
9 juillet 2015
-
Messages postés
180261
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
-
bonjour, j'ai besoin d'aide. J'ai des virus et fenêtres intempestives qui reviennent. J'ai installé adwcleaner, j'arrive à les retirer mais après 10min de navigation sur mozilla firefox, tout revient.
J'ai également téléchargé adblockplus car sur une page internet j'avais énormément de pub, et des onglets s'ouvrent avec des pubs.
Comment m'en débarrasser définitivement svp.

9 réponses

Messages postés
180261
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 119
Salut,

Tu as installé des adwares et programmes parasites sur ton PC qui ouvrent des publicités et ralentissent l'ordinateur et les navigateurs WEB.
Voici la procédure à suivre pour les supprimer :

Commence par ceci :



Suis ce tutoriel FRST: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
(et bien prendre le temps de lire afin d'appliquer correctement - tout y est expliqué).
Télécharge et lance le scan FRST, cela va générer trois rapports FRST :
  • FRST.txt
  • Shortcut.txt
  • Additionnal.txt


Envoie, comme expliqué, ces trois rapports sur le site http://pjjoint.malekal.com et en retour donne les trois liens pjjoint qui mènent à ses rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.



Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Messages postés
5
Date d'inscription
jeudi 9 juillet 2015
Statut
Membre
Dernière intervention
9 juillet 2015

Tout d'abord, merci pour cette rapidité.
voici le premier lien du FRST :
https://pjjoint.malekal.com/files.php?id=20150709_j10r10z8n10m11
Messages postés
5
Date d'inscription
jeudi 9 juillet 2015
Statut
Membre
Dernière intervention
9 juillet 2015

Messages postés
180261
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 119
Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :

HKLM\...\Run: [gmsd_fr_575] => [X]
HKLM\...\Run: [gmsd_us_640] => [X]
HKLM\...\Run: [gmsd_fr_005010025] => C:\Program Files\gmsd_fr_005010025\gmsd_fr_005010025.exe [3988624 2015-07-08] ()
HKLM\...\Run: [SmartWeb] => C:\Users\Sarah 2\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM\...\Run: [gmsd_fr_005010026] => C:\Program Files\gmsd_fr_005010026\gmsd_fr_005010026.exe [3986064 2015-07-09] ()
HKLM\...\RunOnce: [upgmsd_fr_005010025.exe] => C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010025\upgmsd_fr_005010025.exe [3297424 2015-07-08] ()
HKLM\...\RunOnce: [upgmsd_fr_005010026.exe] => C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010025\upgmsd_fr_005010026.exe -runonce
Startup: C:\Users\Sarah 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-07-09]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Sarah 2\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 ac0423ae; c:\Program Files\SystemPlus\SystemPlus.dll [1774080 2015-07-05] () [File not signed]
R2 bovumecu; C:\Users\Sarah\AppData\Local\C3ECC8F3-1432673997-11E0-3F80-6D9910325D29\snswB9DE.tmp [305152 2015-05-26] () [File not signed]
R2 comituce; C:\Users\Sarah\AppData\Roaming\C3ECC8F3-1432666554-11E0-3F80-6D9910325D29\nseD4F5.tmp [663040 2015-06-02] () [File not signed]
R2 f1943dfc; c:\Program Files\TampaEdit\TampaEdit.dll [3041792 2015-07-08] () [File not signed]
R2 FEsYPcKUH; C:\ProgramData\XbrAREfOu\FEsYPcKUH.exe [2731488 2015-06-03] (Useful Technology)
R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system)
R2 kexiduse; C:\Users\Sarah\AppData\Roaming\C3ECC8F3-1432671102-11E0-3F80-6D9910325D29\hnso3F9.tmp [334848 2015-05-26] () [File not signed]
R2 mesimoqi; C:\Users\Sarah\AppData\Local\C3ECC8F3-1432673978-11E0-3F80-6D9910325D29\cnsg7C92.tmp [243200 2015-05-26] () [File not signed]
R2 pekudyho; C:\Users\Sarah\AppData\Roaming\C3ECC8F3-1432666554-11E0-3F80-6D9910325D29\hnsk9DD5.tmp [334848 2015-05-26] () [File not signed]
R2 rewisezu; C:\Users\Sarah\AppData\Roaming\C3ECC8F3-1432666554-11E0-3F80-6D9910325D29\jnsf84B8.tmp [307712 2015-05-26] () [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [707240 2015-07-09] (DTools LIMITED) <==== ATTENTION
S1 innfd_1_10_0_13; system32\drivers\innfd_1_10_0_13.sys [X]
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
S1 scfd_1_10_0_16; system32\drivers\scfd_1_10_0_16.sys [X]
2015-07-09 14:45 - 2015-07-09 14:45 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010026
2015-07-09 14:45 - 2015-07-09 14:45 - 00000000 ____D C:\Program Files\gmsd_fr_005010026
2015-07-09 02:08 - 2015-07-09 14:12 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-07-09 02:08 - 2015-07-09 14:12 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-07-09 02:08 - 2015-07-09 02:33 - 00000366 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-07-09 02:08 - 2015-07-09 02:08 - 00000000 ____D C:\Users\Sarah 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-07-09 02:07 - 2015-07-09 02:08 - 00000000 ____D C:\Program Files\AnyProtectEx
2015-07-09 02:07 - 2015-07-09 02:07 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsk1756.tmp
2015-07-09 02:07 - 2015-07-09 02:07 - 00000000 __SHD C:\Users\Sarah 2\AppData\Roaming\AnyProtectEx
2015-07-09 02:01 - 2015-07-09 14:45 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010025
2015-07-09 02:01 - 2015-07-09 02:01 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-07-09 02:01 - 2015-07-09 02:01 - 00000000 ____D C:\Program Files\gmsd_fr_005010025
2015-07-09 01:59 - 2015-07-09 01:59 - 00000000 ____D C:\Users\Sarah 2\AppData\Roaming\mystartsearch
2015-07-09 01:59 - 2015-07-09 01:59 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-07-09 01:34 - 2015-07-09 01:34 - 00000000 ____D C:\Program Files\predm
2015-07-08 20:56 - 2015-07-08 20:56 - 00000000 ____D C:\Program Files\TampaEdit
2015-07-08 20:54 - 2015-07-08 20:54 - 00000000 ____D C:\Program Files\ZIP Converter Start
2015-07-08 20:54 - 2015-07-08 20:54 - 00000000 ____D C:\Program Files\youtubeadblocker
2015-07-08 20:53 - 2015-07-08 20:53 - 00000000 ____D C:\Program Files\PricELesss
2015-07-08 20:52 - 2015-07-09 14:52 - 00000340 _____ C:\Windows\Tasks\Navig8.job
2015-07-08 20:52 - 2015-07-09 01:59 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\SmartWeb
2015-07-08 20:52 - 2015-07-08 20:52 - 00000000 ____D C:\ProgramData\{419184f9-00bb-0eda-4191-184f900b13e4}
2015-07-08 20:52 - 2015-07-08 20:52 - 00000000 _____ C:\dummy.htm
2015-07-08 20:27 - 2015-07-09 17:55 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\BreakingNewsAlert
2015-07-08 01:15 - 2015-07-08 01:15 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nst986A.tmp
2015-07-08 01:12 - 2015-07-09 02:01 - 00000000 ____D C:\Program Files\MiuiTab
2015-07-08 01:10 - 2015-07-08 20:18 - 00000000 ____D C:\Program Files\WordSurfer_1.10.0.19
2015-07-08 00:24 - 2015-07-08 00:24 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsnF2E.tmp
2015-07-07 13:25 - 2015-07-07 23:28 - 00000000 ____D C:\ProgramData\abc
2015-07-07 13:20 - 2015-07-08 20:18 - 00000000 ____D C:\ProgramData\2988696b-294c-4054-b34f-e97ca58a10e8
2015-07-07 13:20 - 2015-07-08 20:18 - 00000000 ____D C:\Program Files\Common Files\2988696b-294c-4054-b34f-e97ca58a10e8
2015-07-07 12:39 - 2015-07-07 12:39 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsnB243.tmp
2015-07-07 12:36 - 2015-07-07 12:36 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\23592
2015-07-07 12:13 - 2015-07-07 12:13 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\GWX
2015-07-07 11:57 - 2015-07-07 11:57 - 00000000 _____ C:\Windows\prleth.sys
2015-07-07 11:57 - 2015-07-07 11:57 - 00000000 _____ C:\Windows\hgfs.sys
2015-07-07 11:54 - 2015-07-07 11:54 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsuC9E2.tmp
2015-07-05 17:08 - 2015-07-05 17:08 - 00000000 ____D C:\Program Files\SystemPlus
2015-07-05 16:59 - 2015-07-09 17:33 - 00000354 _____ C:\Windows\Tasks\CandyClues.job
2015-07-05 16:59 - 2015-07-05 16:59 - 00000000 ____D C:\ProgramData\{9c4b19f9-882e-559f-9c4b-b19f988267e6}
2015-07-05 16:58 - 2015-07-09 17:33 - 00000354 _____ C:\Windows\Tasks\CodingWizard.job
2015-07-05 16:58 - 2015-07-05 16:59 - 00000000 ____D C:\ProgramData\{dab22f44-e588-e233-dab2-22f44e58bd13}
2015-06-16 22:37 - 2015-06-16 22:37 - 01498248 _____ C:\ProgramData\setup_366d93a9537e4c6b884441cd1a848e20.exe
2015-06-16 22:24 - 2015-06-16 22:24 - 00000000 ____D C:\69a9054132edc5ff7408
2015-06-16 22:20 - 2015-07-05 17:03 - 00000000 ____D C:\Program Files\LinkFunc
2015-07-09 01:32 - 2015-05-29 14:57 - 00000000 ____D C:\ProgramData\Iargrutrowo
2015-07-08 20:55 - 2015-06-02 15:32 - 00000000 ____D C:\ProgramData\12782418110637309928
2015-07-09 14:17 - 2015-05-26 20:59 - 00000000 ____D C:\Users\Sarah\AppData\Local\C3ECC8F3-1432673997-11E0-3F80-6D9910325D29
2015-07-09 02:07 - 2015-07-09 02:07 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsk1756.tmp
2015-07-07 12:39 - 2015-07-07 12:39 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsnB243.tmp
2015-07-08 00:24 - 2015-07-08 00:24 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsnF2E.tmp
2015-07-08 01:15 - 2015-07-08 01:15 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nst986A.tmp
2015-07-07 11:54 - 2015-07-07 11:54 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsuC9E2.tmp
2015-06-16 22:37 - 2015-06-16 22:37 - 1498248 _____ () C:\ProgramData\setup_366d93a9537e4c6b884441cd1a848e20.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job => c:\programdata\{3eb73ccb-bd7c-8a9f-3eb7-73ccbbd7f32e}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task[d492].job => c:\programdata\{da0d15a0-cbee-e994-da0d-d15a0cbe5683}\priceless_p_soft_partner.exe <==== ATTENTION
Task: C:\Windows\Tasks\CandyClues.job => c:\programdata\{9c4b19f9-882e-559f-9c4b-b19f988267e6}\6056640203960042688e.exe <==== ATTENTION
Task: C:\Windows\Tasks\CodingWizard.job => c:\programdata\{dab22f44-e588-e233-dab2-22f44e58bd13}\3566228733109764371b.exe <==== ATTENTION
Task: C:\Windows\Tasks\Navig8.job => c:\programdata\{419184f9-00bb-0eda-4191-184f900b13e4}\nsc6cd8.tmp.exe <==== ATTENTION
Task: {11B09414-0690-4200-921A-540A567C8EC9} - System32\Tasks\CodingWizard => c:\programdata\{dab22f44-e588-e233-dab2-22f44e58bd13}\3566228733109764371b.exe [2014-07-05] () <==== ATTENTION
Task: {1A8B293C-48C5-4A98-AB92-E5E3DAAD48DD} - System32\Tasks\Navig8 => c:\programdata\{419184f9-00bb-0eda-4191-184f900b13e4}\nsc6cd8.tmp.exe [2014-07-08] () <==== ATTENTION
Task: {1E850965-8ACA-4DE1-866C-3718700B92C5} - System32\Tasks\Bidaily Synchronize Task[d492] => c:\programdata\{da0d15a0-cbee-e994-da0d-d15a0cbe5683}\priceless_p_soft_partner.exe [2014-06-02] () <==== ATTENTION
Task: {2262D782-8A47-46FC-9CCF-A238B730B2E0} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Sarah 2\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {5D89A2D4-3540-4672-891A-62E6CFE51ADF} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe [2015-07-09] (AnyProtect.com) <==== ATTENTION
Task: {66682B65-27D5-4CDD-B2B2-AEB5796F115E} - System32\Tasks\{BD3EFF15-FC1E-473F-924E-967F84E033BE} => pcalua.exe -a C:\Users\Sarah\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=cmi
Task: {721132E7-C355-485F-83D2-3F7C36747CE9} - System32\Tasks\Iargrutrowo => C:\ProgramData\Iargrutrowo\1.0.4.1\alprobse.exe [2015-07-09] ()
Task: {7921990D-E2A2-4385-94FB-BE9D43B2F463} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe [2015-07-09] (AnyProtect.com) <==== ATTENTION
Task: {AAEF012D-381C-4368-BB9B-366560AD2DCB} - System32\Tasks\CandyClues => c:\programdata\{9c4b19f9-882e-559f-9c4b-b19f988267e6}\6056640203960042688e.exe [2014-07-05] () <==== ATTENTION
Task: {B7275CFA-4919-4E66-A065-165276049298} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe [2015-07-09] (AnyProtect.com) <==== ATTENTION
Task: {E6763948-11F4-4738-BD51-594C3A5118BF} - System32\Tasks\Bidaily Synchronize Task[74c7] => c:\programdata\{3eb73ccb-bd7c-8a9f-3eb7-73ccbbd7f32e}\hqghumeaylnlf.exe [2014-06-02] (Super PC Tools Ltd) <==== ATTENTION
Task: {FDDA319E-FB61-4775-AD8A-587C59182635} - System32\Tasks\{2A9F25BC-C2D7-4E1D-ACA0-FE72F13ACB9D} => pcalua.exe -a C:\Users\Sarah\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=ima


Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur


puis réinitialise tes navigateurs:
==================================
Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :



Messages postés
5
Date d'inscription
jeudi 9 juillet 2015
Statut
Membre
Dernière intervention
9 juillet 2015

voici le contenu du FIXLOG :

Fix result of Farbar Recovery Scan Tool (x86) Version: 05-07-2015
Ran by Sarah 2 at 2015-07-09 18:35:29 Run:1
Running from C:\Users\Sarah 2\Desktop
Loaded Profiles: Sarah 2 (Available Profiles: Sarah 2)
Boot Mode: Normal

==============================================

fixlist content:

HKLM\...\Run: [gmsd_fr_575] => [X]
HKLM\...\Run: [gmsd_us_640] => [X]
HKLM\...\Run: [gmsd_fr_005010025] => C:\Program Files\gmsd_fr_005010025\gmsd_fr_005010025.exe [3988624 2015-07-08] ()
HKLM\...\Run: [SmartWeb] => C:\Users\Sarah 2\AppData\Local\SmartWeb\SmartWebHelper.exe [270368 2015-02-17] (SoftBrain Technologies Ltd.)
HKLM\...\Run: [gmsd_fr_005010026] => C:\Program Files\gmsd_fr_005010026\gmsd_fr_005010026.exe [3986064 2015-07-09] ()
HKLM\...\RunOnce: [upgmsd_fr_005010025.exe] => C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010025\upgmsd_fr_005010025.exe [3297424 2015-07-08] ()
HKLM\...\RunOnce: [upgmsd_fr_005010026.exe] => C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010025\upgmsd_fr_005010026.exe -runonce
Startup: C:\Users\Sarah 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-07-09]
ShortcutTarget: SmartWeb.lnk -> C:\Users\Sarah 2\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 ac0423ae; c:\Program Files\SystemPlus\SystemPlus.dll [1774080 2015-07-05] () [File not signed]
R2 bovumecu; C:\Users\Sarah\AppData\Local\C3ECC8F3-1432673997-11E0-3F80-6D9910325D29\snswB9DE.tmp [305152 2015-05-26] () [File not signed]
R2 comituce; C:\Users\Sarah\AppData\Roaming\C3ECC8F3-1432666554-11E0-3F80-6D9910325D29\nseD4F5.tmp [663040 2015-06-02] () [File not signed]
R2 f1943dfc; c:\Program Files\TampaEdit\TampaEdit.dll [3041792 2015-07-08] () [File not signed]
R2 FEsYPcKUH; C:\ProgramData\XbrAREfOu\FEsYPcKUH.exe [2731488 2015-06-03] (Useful Technology)
R2 IHProtect Service; C:\Program Files\MiuiTab\ProtectService.exe [125112 2015-06-24] (XTab system)
R2 kexiduse; C:\Users\Sarah\AppData\Roaming\C3ECC8F3-1432671102-11E0-3F80-6D9910325D29\hnso3F9.tmp [334848 2015-05-26] () [File not signed]
R2 mesimoqi; C:\Users\Sarah\AppData\Local\C3ECC8F3-1432673978-11E0-3F80-6D9910325D29\cnsg7C92.tmp [243200 2015-05-26] () [File not signed]
R2 pekudyho; C:\Users\Sarah\AppData\Roaming\C3ECC8F3-1432666554-11E0-3F80-6D9910325D29\hnsk9DD5.tmp [334848 2015-05-26] () [File not signed]
R2 rewisezu; C:\Users\Sarah\AppData\Roaming\C3ECC8F3-1432666554-11E0-3F80-6D9910325D29\jnsf84B8.tmp [307712 2015-05-26] () [File not signed]
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [707240 2015-07-09] (DTools LIMITED) <==== ATTENTION
S1 innfd_1_10_0_13; system32\drivers\innfd_1_10_0_13.sys [X]
S1 innfd_1_10_0_14; system32\drivers\innfd_1_10_0_14.sys [X]
S1 scfd_1_10_0_16; system32\drivers\scfd_1_10_0_16.sys [X]
2015-07-09 14:45 - 2015-07-09 14:45 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010026
2015-07-09 14:45 - 2015-07-09 14:45 - 00000000 ____D C:\Program Files\gmsd_fr_005010026
2015-07-09 02:08 - 2015-07-09 14:12 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-07-09 02:08 - 2015-07-09 14:12 - 00000364 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-07-09 02:08 - 2015-07-09 02:33 - 00000366 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-07-09 02:08 - 2015-07-09 02:08 - 00000000 ____D C:\Users\Sarah 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-07-09 02:07 - 2015-07-09 02:08 - 00000000 ____D C:\Program Files\AnyProtectEx
2015-07-09 02:07 - 2015-07-09 02:07 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsk1756.tmp
2015-07-09 02:07 - 2015-07-09 02:07 - 00000000 __SHD C:\Users\Sarah 2\AppData\Roaming\AnyProtectEx
2015-07-09 02:01 - 2015-07-09 14:45 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010025
2015-07-09 02:01 - 2015-07-09 02:01 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-07-09 02:01 - 2015-07-09 02:01 - 00000000 ____D C:\Program Files\gmsd_fr_005010025
2015-07-09 01:59 - 2015-07-09 01:59 - 00000000 ____D C:\Users\Sarah 2\AppData\Roaming\mystartsearch
2015-07-09 01:59 - 2015-07-09 01:59 - 00000000 ____D C:\ProgramData\WindowsMangerProtect
2015-07-09 01:34 - 2015-07-09 01:34 - 00000000 ____D C:\Program Files\predm
2015-07-08 20:56 - 2015-07-08 20:56 - 00000000 ____D C:\Program Files\TampaEdit
2015-07-08 20:54 - 2015-07-08 20:54 - 00000000 ____D C:\Program Files\ZIP Converter Start
2015-07-08 20:54 - 2015-07-08 20:54 - 00000000 ____D C:\Program Files\youtubeadblocker
2015-07-08 20:53 - 2015-07-08 20:53 - 00000000 ____D C:\Program Files\PricELesss
2015-07-08 20:52 - 2015-07-09 14:52 - 00000340 _____ C:\Windows\Tasks\Navig8.job
2015-07-08 20:52 - 2015-07-09 01:59 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\SmartWeb
2015-07-08 20:52 - 2015-07-08 20:52 - 00000000 ____D C:\ProgramData\{419184f9-00bb-0eda-4191-184f900b13e4}
2015-07-08 20:52 - 2015-07-08 20:52 - 00000000 _____ C:\dummy.htm
2015-07-08 20:27 - 2015-07-09 17:55 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\BreakingNewsAlert
2015-07-08 01:15 - 2015-07-08 01:15 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nst986A.tmp
2015-07-08 01:12 - 2015-07-09 02:01 - 00000000 ____D C:\Program Files\MiuiTab
2015-07-08 01:10 - 2015-07-08 20:18 - 00000000 ____D C:\Program Files\WordSurfer_1.10.0.19
2015-07-08 00:24 - 2015-07-08 00:24 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsnF2E.tmp
2015-07-07 13:25 - 2015-07-07 23:28 - 00000000 ____D C:\ProgramData\abc
2015-07-07 13:20 - 2015-07-08 20:18 - 00000000 ____D C:\ProgramData\2988696b-294c-4054-b34f-e97ca58a10e8
2015-07-07 13:20 - 2015-07-08 20:18 - 00000000 ____D C:\Program Files\Common Files\2988696b-294c-4054-b34f-e97ca58a10e8
2015-07-07 12:39 - 2015-07-07 12:39 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsnB243.tmp
2015-07-07 12:36 - 2015-07-07 12:36 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\23592
2015-07-07 12:13 - 2015-07-07 12:13 - 00000000 ____D C:\Users\Sarah 2\AppData\Local\GWX
2015-07-07 11:57 - 2015-07-07 11:57 - 00000000 _____ C:\Windows\prleth.sys
2015-07-07 11:57 - 2015-07-07 11:57 - 00000000 _____ C:\Windows\hgfs.sys
2015-07-07 11:54 - 2015-07-07 11:54 - 00613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsuC9E2.tmp
2015-07-05 17:08 - 2015-07-05 17:08 - 00000000 ____D C:\Program Files\SystemPlus
2015-07-05 16:59 - 2015-07-09 17:33 - 00000354 _____ C:\Windows\Tasks\CandyClues.job
2015-07-05 16:59 - 2015-07-05 16:59 - 00000000 ____D C:\ProgramData\{9c4b19f9-882e-559f-9c4b-b19f988267e6}
2015-07-05 16:58 - 2015-07-09 17:33 - 00000354 _____ C:\Windows\Tasks\CodingWizard.job
2015-07-05 16:58 - 2015-07-05 16:59 - 00000000 ____D C:\ProgramData\{dab22f44-e588-e233-dab2-22f44e58bd13}
2015-06-16 22:37 - 2015-06-16 22:37 - 01498248 _____ C:\ProgramData\setup_366d93a9537e4c6b884441cd1a848e20.exe
2015-06-16 22:24 - 2015-06-16 22:24 - 00000000 ____D C:\69a9054132edc5ff7408
2015-06-16 22:20 - 2015-07-05 17:03 - 00000000 ____D C:\Program Files\LinkFunc
2015-07-09 01:32 - 2015-05-29 14:57 - 00000000 ____D C:\ProgramData\Iargrutrowo
2015-07-08 20:55 - 2015-06-02 15:32 - 00000000 ____D C:\ProgramData\12782418110637309928
2015-07-09 14:17 - 2015-05-26 20:59 - 00000000 ____D C:\Users\Sarah\AppData\Local\C3ECC8F3-1432673997-11E0-3F80-6D9910325D29
2015-07-09 02:07 - 2015-07-09 02:07 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsk1756.tmp
2015-07-07 12:39 - 2015-07-07 12:39 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsnB243.tmp
2015-07-08 00:24 - 2015-07-08 00:24 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsnF2E.tmp
2015-07-08 01:15 - 2015-07-08 01:15 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nst986A.tmp
2015-07-07 11:54 - 2015-07-07 11:54 - 0613255 _____ (CMI Limited) C:\Users\Sarah 2\AppData\Local\nsuC9E2.tmp
2015-06-16 22:37 - 2015-06-16 22:37 - 1498248 _____ () C:\ProgramData\setup_366d93a9537e4c6b884441cd1a848e20.exe
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job => c:\programdata\{3eb73ccb-bd7c-8a9f-3eb7-73ccbbd7f32e}\hqghumeaylnlf.exe <==== ATTENTION
Task: C:\Windows\Tasks\Bidaily Synchronize Task[d492].job => c:\programdata\{da0d15a0-cbee-e994-da0d-d15a0cbe5683}\priceless_p_soft_partner.exe <==== ATTENTION
Task: C:\Windows\Tasks\CandyClues.job => c:\programdata\{9c4b19f9-882e-559f-9c4b-b19f988267e6}\6056640203960042688e.exe <==== ATTENTION
Task: C:\Windows\Tasks\CodingWizard.job => c:\programdata\{dab22f44-e588-e233-dab2-22f44e58bd13}\3566228733109764371b.exe <==== ATTENTION
Task: C:\Windows\Tasks\Navig8.job => c:\programdata\{419184f9-00bb-0eda-4191-184f900b13e4}\nsc6cd8.tmp.exe <==== ATTENTION
Task: {11B09414-0690-4200-921A-540A567C8EC9} - System32\Tasks\CodingWizard => c:\programdata\{dab22f44-e588-e233-dab2-22f44e58bd13}\3566228733109764371b.exe [2014-07-05] () <==== ATTENTION
Task: {1A8B293C-48C5-4A98-AB92-E5E3DAAD48DD} - System32\Tasks\Navig8 => c:\programdata\{419184f9-00bb-0eda-4191-184f900b13e4}\nsc6cd8.tmp.exe [2014-07-08] () <==== ATTENTION
Task: {1E850965-8ACA-4DE1-866C-3718700B92C5} - System32\Tasks\Bidaily Synchronize Task[d492] => c:\programdata\{da0d15a0-cbee-e994-da0d-d15a0cbe5683}\priceless_p_soft_partner.exe [2014-06-02] () <==== ATTENTION
Task: {2262D782-8A47-46FC-9CCF-A238B730B2E0} - System32\Tasks\SmartWeb Upgrade Trigger Task => C:\Users\Sarah 2\AppData\Local\SmartWeb\SmartWebHelper.exe [2015-02-17] (SoftBrain Technologies Ltd.) <==== ATTENTION
Task: {5D89A2D4-3540-4672-891A-62E6CFE51ADF} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe [2015-07-09] (AnyProtect.com) <==== ATTENTION
Task: {66682B65-27D5-4CDD-B2B2-AEB5796F115E} - System32\Tasks\{BD3EFF15-FC1E-473F-924E-967F84E033BE} => pcalua.exe -a C:\Users\Sarah\AppData\Roaming\oursurfing\UninstallManager.exe -c -ptid=cmi
Task: {721132E7-C355-485F-83D2-3F7C36747CE9} - System32\Tasks\Iargrutrowo => C:\ProgramData\Iargrutrowo\1.0.4.1\alprobse.exe [2015-07-09] ()
Task: {7921990D-E2A2-4385-94FB-BE9D43B2F463} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe [2015-07-09] (AnyProtect.com) <==== ATTENTION
Task: {AAEF012D-381C-4368-BB9B-366560AD2DCB} - System32\Tasks\CandyClues => c:\programdata\{9c4b19f9-882e-559f-9c4b-b19f988267e6}\6056640203960042688e.exe [2014-07-05] () <==== ATTENTION
Task: {B7275CFA-4919-4E66-A065-165276049298} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe [2015-07-09] (AnyProtect.com) <==== ATTENTION
Task: {E6763948-11F4-4738-BD51-594C3A5118BF} - System32\Tasks\Bidaily Synchronize Task[74c7] => c:\programdata\{3eb73ccb-bd7c-8a9f-3eb7-73ccbbd7f32e}\hqghumeaylnlf.exe [2014-06-02] (Super PC Tools Ltd) <==== ATTENTION
Task: {FDDA319E-FB61-4775-AD8A-587C59182635} - System32\Tasks\{2A9F25BC-C2D7-4E1D-ACA0-FE72F13ACB9D} => pcalua.exe -a C:\Users\Sarah\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=ima


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_575 => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_us_640 => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_005010025 => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SmartWeb => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_005010026 => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\upgmsd_fr_005010025.exe => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\upgmsd_fr_005010026.exe => value removed successfully.
C:\Users\Sarah 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk => moved successfully.
C:\Users\Sarah 2\AppData\Local\SmartWeb\SmartWebHelper.exe => moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully.
ac0423ae => Service removed successfully.
bovumecu => Service stopped successfully.
bovumecu => Service removed successfully.
comituce => Service stopped successfully.
comituce => Service removed successfully.
f1943dfc => Service removed successfully.
FEsYPcKUH => Unable to stop service.
FEsYPcKUH => Service removed successfully.
IHProtect Service => Service stopped successfully.
IHProtect Service => Service removed successfully.
kexiduse => Service stopped successfully.
kexiduse => Service removed successfully.
mesimoqi => Service stopped successfully.
mesimoqi => Service removed successfully.
pekudyho => Service stopped successfully.
pekudyho => Service removed successfully.
rewisezu => Service stopped successfully.
rewisezu => Service removed successfully.
WindowsMangerProtect => Service stopped successfully.
WindowsMangerProtect => Service removed successfully.
innfd_1_10_0_13 => Service removed successfully.
innfd_1_10_0_14 => Service removed successfully.
scfd_1_10_0_16 => Service removed successfully.

"C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010026" folder move:

Could not move "C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010026" folder => Scheduled to move on reboot.


"C:\Program Files\gmsd_fr_005010026" folder move:

Could not move "C:\Program Files\gmsd_fr_005010026" folder => Scheduled to move on reboot.

C:\Windows\Tasks\APSnotifierPP3.job => moved successfully.
C:\Windows\Tasks\APSnotifierPP2.job => moved successfully.
C:\Windows\Tasks\APSnotifierPP1.job => moved successfully.
C:\Users\Sarah 2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup => moved successfully.
C:\Program Files\AnyProtectEx => moved successfully.
C:\Users\Sarah 2\AppData\Local\nsk1756.tmp => moved successfully.
C:\Users\Sarah 2\AppData\Roaming\AnyProtectEx => moved successfully.
C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010025 => moved successfully.
C:\ProgramData\IHProtectUpDate => moved successfully.
C:\Program Files\gmsd_fr_005010025 => moved successfully.
C:\Users\Sarah 2\AppData\Roaming\mystartsearch => moved successfully.
C:\ProgramData\WindowsMangerProtect => moved successfully.
C:\Program Files\predm => moved successfully.
C:\Program Files\TampaEdit => moved successfully.
C:\Program Files\ZIP Converter Start => moved successfully.
C:\Program Files\youtubeadblocker => moved successfully.
C:\Program Files\PricELesss => moved successfully.
C:\Windows\Tasks\Navig8.job => moved successfully.
C:\Users\Sarah 2\AppData\Local\SmartWeb => moved successfully.
C:\ProgramData\{419184f9-00bb-0eda-4191-184f900b13e4} => moved successfully.
C:\dummy.htm => moved successfully.
C:\Users\Sarah 2\AppData\Local\BreakingNewsAlert => moved successfully.
C:\Users\Sarah 2\AppData\Local\nst986A.tmp => moved successfully.
C:\Program Files\MiuiTab => moved successfully.
C:\Program Files\WordSurfer_1.10.0.19 => moved successfully.
C:\Users\Sarah 2\AppData\Local\nsnF2E.tmp => moved successfully.
C:\ProgramData\abc => moved successfully.
C:\ProgramData\2988696b-294c-4054-b34f-e97ca58a10e8 => moved successfully.
C:\Program Files\Common Files\2988696b-294c-4054-b34f-e97ca58a10e8 => moved successfully.
C:\Users\Sarah 2\AppData\Local\nsnB243.tmp => moved successfully.
C:\Users\Sarah 2\AppData\Local\23592 => moved successfully.
C:\Users\Sarah 2\AppData\Local\GWX => moved successfully.
C:\Windows\prleth.sys => moved successfully.
C:\Windows\hgfs.sys => moved successfully.
C:\Users\Sarah 2\AppData\Local\nsuC9E2.tmp => moved successfully.
C:\Program Files\SystemPlus => moved successfully.
C:\Windows\Tasks\CandyClues.job => moved successfully.
C:\ProgramData\{9c4b19f9-882e-559f-9c4b-b19f988267e6} => moved successfully.
C:\Windows\Tasks\CodingWizard.job => moved successfully.
C:\ProgramData\{dab22f44-e588-e233-dab2-22f44e58bd13} => moved successfully.
C:\ProgramData\setup_366d93a9537e4c6b884441cd1a848e20.exe => moved successfully.
C:\69a9054132edc5ff7408 => moved successfully.
C:\Program Files\LinkFunc => moved successfully.
C:\ProgramData\Iargrutrowo => moved successfully.
C:\ProgramData\12782418110637309928 => moved successfully.
C:\Users\Sarah\AppData\Local\C3ECC8F3-1432673997-11E0-3F80-6D9910325D29 => moved successfully.
"C:\Users\Sarah 2\AppData\Local\nsk1756.tmp" => File/Folder not found.
"C:\Users\Sarah 2\AppData\Local\nsnB243.tmp" => File/Folder not found.
"C:\Users\Sarah 2\AppData\Local\nsnF2E.tmp" => File/Folder not found.
"C:\Users\Sarah 2\AppData\Local\nst986A.tmp" => File/Folder not found.
"C:\Users\Sarah 2\AppData\Local\nsuC9E2.tmp" => File/Folder not found.
"C:\ProgramData\setup_366d93a9537e4c6b884441cd1a848e20.exe" => File/Folder not found.
C:\Windows\Tasks\APSnotifierPP1.job not found.
C:\Windows\Tasks\APSnotifierPP2.job not found.
C:\Windows\Tasks\APSnotifierPP3.job not found.
C:\Windows\Tasks\Bidaily Synchronize Task[74c7].job => moved successfully.
C:\Windows\Tasks\Bidaily Synchronize Task[d492].job => moved successfully.
C:\Windows\Tasks\CandyClues.job not found.
C:\Windows\Tasks\CodingWizard.job not found.
C:\Windows\Tasks\Navig8.job not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11B09414-0690-4200-921A-540A567C8EC9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11B09414-0690-4200-921A-540A567C8EC9}" => key removed successfully.
C:\Windows\System32\Tasks\CodingWizard => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CodingWizard" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A8B293C-48C5-4A98-AB92-E5E3DAAD48DD}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A8B293C-48C5-4A98-AB92-E5E3DAAD48DD}" => key removed successfully.
C:\Windows\System32\Tasks\Navig8 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Navig8" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E850965-8ACA-4DE1-866C-3718700B92C5}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E850965-8ACA-4DE1-866C-3718700B92C5}" => key removed successfully.
C:\Windows\System32\Tasks\Bidaily Synchronize Task[d492] => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[d492]" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2262D782-8A47-46FC-9CCF-A238B730B2E0}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2262D782-8A47-46FC-9CCF-A238B730B2E0}" => key removed successfully.
C:\Windows\System32\Tasks\SmartWeb Upgrade Trigger Task => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D89A2D4-3540-4672-891A-62E6CFE51ADF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D89A2D4-3540-4672-891A-62E6CFE51ADF}" => key removed successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66682B65-27D5-4CDD-B2B2-AEB5796F115E}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66682B65-27D5-4CDD-B2B2-AEB5796F115E}" => key removed successfully.
C:\Windows\System32\Tasks\{BD3EFF15-FC1E-473F-924E-967F84E033BE} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BD3EFF15-FC1E-473F-924E-967F84E033BE}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{721132E7-C355-485F-83D2-3F7C36747CE9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{721132E7-C355-485F-83D2-3F7C36747CE9}" => key removed successfully.
C:\Windows\System32\Tasks\Iargrutrowo => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Iargrutrowo" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7921990D-E2A2-4385-94FB-BE9D43B2F463}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7921990D-E2A2-4385-94FB-BE9D43B2F463}" => key removed successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAEF012D-381C-4368-BB9B-366560AD2DCB}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAEF012D-381C-4368-BB9B-366560AD2DCB}" => key removed successfully.
C:\Windows\System32\Tasks\CandyClues => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CandyClues" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7275CFA-4919-4E66-A065-165276049298}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7275CFA-4919-4E66-A065-165276049298}" => key removed successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6763948-11F4-4738-BD51-594C3A5118BF}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6763948-11F4-4738-BD51-594C3A5118BF}" => key removed successfully.
C:\Windows\System32\Tasks\Bidaily Synchronize Task[74c7] => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Bidaily Synchronize Task[74c7]" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDDA319E-FB61-4775-AD8A-587C59182635}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDDA319E-FB61-4775-AD8A-587C59182635}" => key removed successfully.
C:\Windows\System32\Tasks\{2A9F25BC-C2D7-4E1D-ACA0-FE72F13ACB9D} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2A9F25BC-C2D7-4E1D-ACA0-FE72F13ACB9D}" => key removed successfully.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-07-09 18:38:09)<=

C:\Users\Sarah 2\AppData\Local\gmsd_fr_005010026 => is moved successfully
C:\Program Files\gmsd_fr_005010026 => is moved successfully

End of Fixlog 18:38:09

Messages postés
5
Date d'inscription
jeudi 9 juillet 2015
Statut
Membre
Dernière intervention
9 juillet 2015

Après avoir tout suivi, j'espère que je n'aurai plus de soucis.
Je vais naviguer sur internet comme d'habitude et voir si tout est ok.
Je vous remercie pour votre aide.
Messages postés
180261
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 119
=)


Voila, c'est terminé, tu peux supprimer les programmes utilisés.

Quelques conseils :


Pour prévenir les sites malicieux, tu peux installer Blockulicious : https://forum.malekal.com/viewtopic.php?t=46656&start=


Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/
(Surtout active les détections LPIs pour détecter les programmes parasites et publicitaires)


Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html


Messages postés
3
Date d'inscription
mardi 1 septembre 2015
Statut
Membre
Dernière intervention
3 septembre 2015

Bonjour,

J'ai le même problème que Sarah. Pouvez vous m'aider svp ???

Voici les liens FRST :

FRST : https://pjjoint.malekal.com/files.php?id=20150901_l14i9z11t10p11
Addition : https://pjjoint.malekal.com/files.php?id=20150901_d14c9u15r10i7
Shortcut : https://pjjoint.malekal.com/files.php?id=20150901_z9z13k13i12k7

Merci d'avance !
Messages postés
180261
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 119
Salut,

Désinstalle SpyHunter, Avast! et Malwarebytes, c'est largement suffisant.



Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :


HKLM\...\Run: [3D BubbleSound] => C:\Program Files\BubbleSound\3D BubbleSound.exe
HKU\S-1-5-21-845023093-2508282223-2783293402-1002\...\Run: [WindApp] => C:\Users\Juju\AppData\Roaming\Store\WindApp\WindApp.exe /winstartup
HKLM-x32\...\Run: [mbot_fr_014010075] => [X]
HKLM-x32\...\Run: [gmsd_fr_005010075] => [X]
HKLM-x32\...\Run: [gmsd_fr_005010076] => [X]
R2 CoupoonService64; C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [172344 2015-04-03] ()
R2 IHProtect Service; C:\Program Files (x86)\MiniLite\ProtectService.exe [132768 2015-08-24] (MiniLite system)
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-08-31] ()
2 WdsManPro; C:\ProgramData\4WdsManPro4\WdsManPro.exe [709288 2015-08-31] (DTools LIMITED)
R2 xewyzypu; C:\Program Files (x86)\EAA5F260-1440929070-81E3-24AF-0C54A5B3F383\knsf8D7C.tmp [762880 2015-08-31] () [Fichier non signé]
2015-09-01 14:14 - 2015-09-01 14:14 - 00003334 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-09-01 14:14 - 2015-09-01 14:14 - 00002278 _____ C:\Users\Juju\Desktop\SpyHunter.lnk
2015-09-01 14:14 - 2015-09-01 14:14 - 00000000 ____D C:\Users\Juju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-08-31 19:50 - 2015-09-01 09:58 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-08-31 19:50 - 2015-09-01 09:58 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-08-31 19:50 - 2015-08-31 20:10 - 00000378 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-08-31 19:50 - 2015-08-31 19:50 - 00001037 _____ C:\Users\Juju\Desktop\AnyProtect.lnk
2015-08-31 19:50 - 2015-08-31 19:50 - 00000000 ____D C:\Users\Juju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-08-31 19:49 - 2015-08-31 19:50 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
2015-08-31 19:49 - 2015-08-31 19:49 - 00613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nsyF5AB.tmp
2015-08-31 19:45 - 2015-08-31 19:46 - 00000000 ____D C:\ProgramData\4WdsManPro4
2015-08-31 19:12 - 2015-08-31 19:12 - 00481944 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-31 19:12 - 2015-08-31 19:12 - 00000000 ____D C:\Program Files\Coupoon
2015-08-31 18:55 - 2015-08-31 18:55 - 00003144 _____ C:\Windows\System32\Tasks\{B868F541-76C9-4521-8349-F4D77A8375C5}
2015-08-31 18:54 - 2015-08-31 18:54 - 00613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nswCB46.tmp
2015-08-31 18:53 - 2015-08-31 18:53 - 00000000 ____D C:\ProgramData\Usevlamsa
2015-08-31 18:46 - 2015-08-31 18:55 - 00000000 ____D C:\Users\Juju\AppData\Roaming\istartsurf
2015-08-31 18:46 - 2015-08-31 18:46 - 00000000 ____D C:\ProgramData\HWdsManProH
2015-08-30 20:59 - 2015-08-30 20:59 - 00613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nsz7347.tmp
2015-08-30 20:33 - 2015-08-30 20:34 - 00000000 ____D C:\ProgramData\XWdsManProX
2015-08-30 13:23 - 2015-08-30 13:23 - 00000000 ____D C:\Program Files (x86)\Exploremedia
2015-08-30 13:22 - 2015-08-30 13:22 - 00000000 ____D C:\Program Files (x86)\predm
2015-08-30 12:38 - 2015-08-30 13:12 - 00000000 ____D C:\ProgramData\abc
2015-08-30 12:38 - 2015-08-30 12:38 - 00000000 ____D C:\ProgramData\cWdsManProc
2015-08-30 12:37 - 2015-09-01 14:10 - 00000000 ____D C:\Users\Juju\AppData\Roaming\mystartsearch
2015-08-30 12:37 - 2015-08-31 20:24 - 00000000 ____D C:\Program Files (x86)\Coupoon
2015-08-30 12:08 - 2015-08-30 12:43 - 00000000 ____D C:\Users\Juju\AppData\Roaming\Opera Software
2015-08-30 12:08 - 2015-08-30 12:43 - 00000000 ____D C:\Users\Juju\AppData\Local\Opera Software
2015-08-30 12:05 - 2015-08-30 12:43 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-30 12:04 - 2015-08-31 17:45 - 00000000 ____D C:\Program Files (x86)\EAA5F260-1440929070-81E3-24AF-0C54A5B3F383
2015-08-30 12:03 - 2015-08-30 15:56 - 00000000 ____D C:\Users\Juju\AppData\Roaming\WTools
2015-08-30 12:03 - 2015-08-30 13:31 - 00000000 ____D C:\Users\Juju\AppData\Roaming\Store
2015-08-30 12:03 - 2015-08-30 12:03 - 00005706 _____ C:\Users\Juju\AppData\Roaming\Bubble Dock.installation.log
2015-08-30 12:03 - 2015-08-30 12:03 - 00000078 _____ C:\Users\Juju\AppData\Roaming\WindApp.installation.log
2015-08-30 12:03 - 2015-08-30 12:03 - 00000078 _____ C:\Users\Juju\AppData\Roaming\Selection Tools.installation.log
2015-08-30 12:02 - 2015-08-30 12:03 - 00001270 _____ C:\Users\Juju\AppData\Roaming\Bubble Dock.boostrap.log
2015-08-30 12:02 - 2015-08-30 12:02 - 00000097 _____ C:\Users\Juju\AppData\Roaming\WindApp.boostrap.log
2015-08-30 12:01 - 2015-08-31 19:45 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-08-30 12:01 - 2015-08-31 19:45 - 00000000 ____D C:\Program Files (x86)\MiniLite
2015-08-30 12:01 - 2015-08-31 18:48 - 00000000 ____D C:\ProgramData\update
2015-08-30 12:01 - 2015-08-30 12:32 - 00000000 ____D C:\Users\Juju\AppData\Roaming\oursurfing
2015-08-30 12:01 - 2015-08-30 12:02 - 00000000 ____D C:\ProgramData\lWdsManProl
2015-08-31 19:50 - 2014-10-27 13:11 - 00002806 _____ C:\Windows\System32\Tasks\APSnotifierPP1
2015-08-31 19:50 - 2014-10-27 13:11 - 00002804 _____ C:\Windows\System32\Tasks\APSnotifierPP3
2015-08-31 19:50 - 2014-10-27 13:11 - 00002804 _____ C:\Windows\System32\Tasks\APSnotifierPP2
2015-08-14 22:31 - 2014-03-10 20:26 - 00000000 ____D C:\Program Files (x86)\Plus-HD-9.3
2015-08-14 22:09 - 2014-03-10 20:25 - 00000000 ____D C:\Users\Juju\AppData\Roaming\SupTab
2015-08-14 22:09 - 2014-03-10 20:25 - 00000000 ____D C:\Program Files (x86)\SupTab
2014-10-27 13:09 - 2014-10-27 13:09 - 0627760 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nss5AEC.tmp
2015-08-31 18:54 - 2015-08-31 18:54 - 0613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nswCB46.tmp
2015-08-31 19:49 - 2015-08-31 19:49 - 0613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nsyF5AB.tmp
2015-08-30 20:59 - 2015-08-30 20:59 - 0613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nsz7347.tmp
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Program Files\BubbleSound


Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

Relance FRST et clic sur le bouton Corriger / Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur



puis réinitialise tes navigateurs:
==================================
Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :
Messages postés
3
Date d'inscription
mardi 1 septembre 2015
Statut
Membre
Dernière intervention
3 septembre 2015
>
Messages postés
180261
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021

Voici les résultats !
Merci beaucoup !

Résultats de correction de Farbar Recovery Scan Tool (x64) Version:31-08-2015
Exécuté par Juju (2015-09-01 18:02:39) Run:1
Exécuté depuis C:\Users\Juju\Desktop
Profils chargés: UpdatusUser & Juju & (Profils disponibles: UpdatusUser & Juju)
Mode d'amorçage: Normal
==============================================

fixlist contenu:

HKLM\...\Run: [3D BubbleSound] => C:\Program Files\BubbleSound\3D BubbleSound.exe
HKU\S-1-5-21-845023093-2508282223-2783293402-1002\...\Run: [WindApp] => C:\Users\Juju\AppData\Roaming\Store\WindApp\WindApp.exe /winstartup
HKLM-x32\...\Run: [mbot_fr_014010075] => [X]
HKLM-x32\...\Run: [gmsd_fr_005010075] => [X]
HKLM-x32\...\Run: [gmsd_fr_005010076] => [X]
R2 CoupoonService64; C:\Program Files (x86)\coupoon\iiwjljrnpc64.exe [172344 2015-04-03] ()
R2 IHProtect Service; C:\Program Files (x86)\MiniLite\ProtectService.exe [132768 2015-08-24] (MiniLite system)
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
R2 UpdateCheck; C:\Program Files (x86)\Coupoon\UpdateCheck.exe [53040 2015-08-31] ()
2 WdsManPro; C:\ProgramData\4WdsManPro4\WdsManPro.exe [709288 2015-08-31] (DTools LIMITED)
R2 xewyzypu; C:\Program Files (x86)\EAA5F260-1440929070-81E3-24AF-0C54A5B3F383\knsf8D7C.tmp [762880 2015-08-31] () [Fichier non signé]
2015-09-01 14:14 - 2015-09-01 14:14 - 00003334 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2015-09-01 14:14 - 2015-09-01 14:14 - 00002278 _____ C:\Users\Juju\Desktop\SpyHunter.lnk
2015-09-01 14:14 - 2015-09-01 14:14 - 00000000 ____D C:\Users\Juju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-08-31 19:50 - 2015-09-01 09:58 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP3.job
2015-08-31 19:50 - 2015-09-01 09:58 - 00000376 _____ C:\Windows\Tasks\APSnotifierPP2.job
2015-08-31 19:50 - 2015-08-31 20:10 - 00000378 _____ C:\Windows\Tasks\APSnotifierPP1.job
2015-08-31 19:50 - 2015-08-31 19:50 - 00001037 _____ C:\Users\Juju\Desktop\AnyProtect.lnk
2015-08-31 19:50 - 2015-08-31 19:50 - 00000000 ____D C:\Users\Juju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-08-31 19:49 - 2015-08-31 19:50 - 00000000 ____D C:\Program Files (x86)\AnyProtectEx
2015-08-31 19:49 - 2015-08-31 19:49 - 00613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nsyF5AB.tmp
2015-08-31 19:45 - 2015-08-31 19:46 - 00000000 ____D C:\ProgramData\4WdsManPro4
2015-08-31 19:12 - 2015-08-31 19:12 - 00481944 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-31 19:12 - 2015-08-31 19:12 - 00000000 ____D C:\Program Files\Coupoon
2015-08-31 18:55 - 2015-08-31 18:55 - 00003144 _____ C:\Windows\System32\Tasks\{B868F541-76C9-4521-8349-F4D77A8375C5}
2015-08-31 18:54 - 2015-08-31 18:54 - 00613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nswCB46.tmp
2015-08-31 18:53 - 2015-08-31 18:53 - 00000000 ____D C:\ProgramData\Usevlamsa
2015-08-31 18:46 - 2015-08-31 18:55 - 00000000 ____D C:\Users\Juju\AppData\Roaming\istartsurf
2015-08-31 18:46 - 2015-08-31 18:46 - 00000000 ____D C:\ProgramData\HWdsManProH
2015-08-30 20:59 - 2015-08-30 20:59 - 00613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nsz7347.tmp
2015-08-30 20:33 - 2015-08-30 20:34 - 00000000 ____D C:\ProgramData\XWdsManProX
2015-08-30 13:23 - 2015-08-30 13:23 - 00000000 ____D C:\Program Files (x86)\Exploremedia
2015-08-30 13:22 - 2015-08-30 13:22 - 00000000 ____D C:\Program Files (x86)\predm
2015-08-30 12:38 - 2015-08-30 13:12 - 00000000 ____D C:\ProgramData\abc
2015-08-30 12:38 - 2015-08-30 12:38 - 00000000 ____D C:\ProgramData\cWdsManProc
2015-08-30 12:37 - 2015-09-01 14:10 - 00000000 ____D C:\Users\Juju\AppData\Roaming\mystartsearch
2015-08-30 12:37 - 2015-08-31 20:24 - 00000000 ____D C:\Program Files (x86)\Coupoon
2015-08-30 12:08 - 2015-08-30 12:43 - 00000000 ____D C:\Users\Juju\AppData\Roaming\Opera Software
2015-08-30 12:08 - 2015-08-30 12:43 - 00000000 ____D C:\Users\Juju\AppData\Local\Opera Software
2015-08-30 12:05 - 2015-08-30 12:43 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-30 12:04 - 2015-08-31 17:45 - 00000000 ____D C:\Program Files (x86)\EAA5F260-1440929070-81E3-24AF-0C54A5B3F383
2015-08-30 12:03 - 2015-08-30 15:56 - 00000000 ____D C:\Users\Juju\AppData\Roaming\WTools
2015-08-30 12:03 - 2015-08-30 13:31 - 00000000 ____D C:\Users\Juju\AppData\Roaming\Store
2015-08-30 12:03 - 2015-08-30 12:03 - 00005706 _____ C:\Users\Juju\AppData\Roaming\Bubble Dock.installation.log
2015-08-30 12:03 - 2015-08-30 12:03 - 00000078 _____ C:\Users\Juju\AppData\Roaming\WindApp.installation.log
2015-08-30 12:03 - 2015-08-30 12:03 - 00000078 _____ C:\Users\Juju\AppData\Roaming\Selection Tools.installation.log
2015-08-30 12:02 - 2015-08-30 12:03 - 00001270 _____ C:\Users\Juju\AppData\Roaming\Bubble Dock.boostrap.log
2015-08-30 12:02 - 2015-08-30 12:02 - 00000097 _____ C:\Users\Juju\AppData\Roaming\WindApp.boostrap.log
2015-08-30 12:01 - 2015-08-31 19:45 - 00000102 _____ C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat
2015-08-30 12:01 - 2015-08-31 19:45 - 00000000 ____D C:\Program Files (x86)\MiniLite
2015-08-30 12:01 - 2015-08-31 18:48 - 00000000 ____D C:\ProgramData\update
2015-08-30 12:01 - 2015-08-30 12:32 - 00000000 ____D C:\Users\Juju\AppData\Roaming\oursurfing
2015-08-30 12:01 - 2015-08-30 12:02 - 00000000 ____D C:\ProgramData\lWdsManProl
2015-08-31 19:50 - 2014-10-27 13:11 - 00002806 _____ C:\Windows\System32\Tasks\APSnotifierPP1
2015-08-31 19:50 - 2014-10-27 13:11 - 00002804 _____ C:\Windows\System32\Tasks\APSnotifierPP3
2015-08-31 19:50 - 2014-10-27 13:11 - 00002804 _____ C:\Windows\System32\Tasks\APSnotifierPP2
2015-08-14 22:31 - 2014-03-10 20:26 - 00000000 ____D C:\Program Files (x86)\Plus-HD-9.3
2015-08-14 22:09 - 2014-03-10 20:25 - 00000000 ____D C:\Users\Juju\AppData\Roaming\SupTab
2015-08-14 22:09 - 2014-03-10 20:25 - 00000000 ____D C:\Program Files (x86)\SupTab
2014-10-27 13:09 - 2014-10-27 13:09 - 0627760 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nss5AEC.tmp
2015-08-31 18:54 - 2015-08-31 18:54 - 0613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nswCB46.tmp
2015-08-31 19:49 - 2015-08-31 19:49 - 0613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nsyF5AB.tmp
2015-08-30 20:59 - 2015-08-30 20:59 - 0613255 _____ (CMI Limited) C:\Users\Juju\AppData\Local\nsz7347.tmp
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
C:\Program Files\BubbleSound


HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\3D BubbleSound => valeur supprimé(es) avec succès
HKU\S-1-5-21-845023093-2508282223-2783293402-1002\Software\Microsoft\Windows\CurrentVersion\Run\\WindApp => valeur supprimé(es) avec succès
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mbot_fr_014010075 => valeur supprimé(es) avec succès
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_005010075 => valeur supprimé(es) avec succès
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_005010076 => valeur supprimé(es) avec succès
CoupoonService64 => service supprimé(es) avec succès
IHProtect Service => Impossible d'arrêter le service.
IHProtect Service => service supprimé(es) avec succès
SpyHunter 4 Service => service non trouvé(e).
UpdateCheck => Impossible d'arrêter le service.
UpdateCheck => service supprimé(es) avec succès
2 WdsManPro; C:\ProgramData\4WdsManPro4\WdsManPro.exe [709288 2015-08-31] (DTools LIMITED) => Erreur: Pas de correction automatique trouvée pour cet élément.
xewyzypu => Impossible d'arrêter le service.
xewyzypu => service supprimé(es) avec succès
"C:\Windows\System32\Tasks\SpyHunter4Startup" => Fichier/Dossier non trouvé(e).
"C:\Users\Juju\Desktop\SpyHunter.lnk" => Fichier/Dossier non trouvé(e).
"C:\Users\Juju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter" => Fichier/Dossier non trouvé(e).
C:\Windows\Tasks\APSnotifierPP3.job => déplacé(es) avec succès
C:\Windows\Tasks\APSnotifierPP2.job => déplacé(es) avec succès
C:\Windows\Tasks\APSnotifierPP1.job => déplacé(es) avec succès
C:\Users\Juju\Desktop\AnyProtect.lnk => déplacé(es) avec succès
C:\Users\Juju\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup => déplacé(es) avec succès
C:\Program Files (x86)\AnyProtectEx => déplacé(es) avec succès
C:\Users\Juju\AppData\Local\nsyF5AB.tmp => déplacé(es) avec succès
C:\ProgramData\4WdsManPro4 => déplacé(es) avec succès
C:\Windows\system32\FNTCACHE.DAT => déplacé(es) avec succès
C:\Program Files\Coupoon => déplacé(es) avec succès
C:\Windows\System32\Tasks\{B868F541-76C9-4521-8349-F4D77A8375C5} => déplacé(es) avec succès
C:\Users\Juju\AppData\Local\nswCB46.tmp => déplacé(es) avec succès
C:\ProgramData\Usevlamsa => déplacé(es) avec succès
C:\Users\Juju\AppData\Roaming\istartsurf => déplacé(es) avec succès
C:\ProgramData\HWdsManProH => déplacé(es) avec succès
C:\Users\Juju\AppData\Local\nsz7347.tmp => déplacé(es) avec succès
C:\ProgramData\XWdsManProX => déplacé(es) avec succès
C:\Program Files (x86)\Exploremedia => déplacé(es) avec succès
C:\Program Files (x86)\predm => déplacé(es) avec succès
C:\ProgramData\abc => déplacé(es) avec succès
C:\ProgramData\cWdsManProc => déplacé(es) avec succès
C:\Users\Juju\AppData\Roaming\mystartsearch => déplacé(es) avec succès
C:\Program Files (x86)\Coupoon => déplacé(es) avec succès
C:\Users\Juju\AppData\Roaming\Opera Software => déplacé(es) avec succès
C:\Users\Juju\AppData\Local\Opera Software => déplacé(es) avec succès
C:\Program Files (x86)\Opera => déplacé(es) avec succès
C:\Program Files (x86)\EAA5F260-1440929070-81E3-24AF-0C54A5B3F383 => déplacé(es) avec succès
C:\Users\Juju\AppData\Roaming\WTools => déplacé(es) avec succès
C:\Users\Juju\AppData\Roaming\Store => déplacé(es) avec succès
C:\Users\Juju\AppData\Roaming\Bubble Dock.installation.log => déplacé(es) avec succès
C:\Users\Juju\AppData\Roaming\WindApp.installation.log => déplacé(es) avec succès
C:\Users\Juju\AppData\Roaming\Selection Tools.installation.log => déplacé(es) avec succès
C:\Users\Juju\AppData\Roaming\Bubble Dock.boostrap.log => déplacé(es) avec succès
C:\Users\Juju\AppData\Roaming\WindApp.boostrap.log => déplacé(es) avec succès
C:\ProgramData\{262E20B8-6E20-4CEF-B1FD-D022AB1085F5}.dat => déplacé(es) avec succès
C:\Program Files (x86)\MiniLite => déplacé(es) avec succès
C:\ProgramData\update => déplacé(es) avec succès
C:\Users\Juju\AppData\Roaming\oursurfing => déplacé(es) avec succès
C:\ProgramData\lWdsManProl => déplacé(es) avec succès
C:\Windows\System32\Tasks\APSnotifierPP1 => déplacé(es) avec succès
C:\Windows\System32\Tasks\APSnotifierPP3 => déplacé(es) avec succès
C:\Windows\System32\Tasks\APSnotifierPP2 => déplacé(es) avec succès
C:\Program Files (x86)\Plus-HD-9.3 => déplacé(es) avec succès
C:\Users\Juju\AppData\Roaming\SupTab => déplacé(es) avec succès
C:\Program Files (x86)\SupTab => déplacé(es) avec succès
C:\Users\Juju\AppData\Local\nss5AEC.tmp => déplacé(es) avec succès
"C:\Users\Juju\AppData\Local\nswCB46.tmp" => Fichier/Dossier non trouvé(e).
"C:\Users\Juju\AppData\Local\nsyF5AB.tmp" => Fichier/Dossier non trouvé(e).
"C:\Users\Juju\AppData\Local\nsz7347.tmp" => Fichier/Dossier non trouvé(e).
C:\Windows\Tasks\APSnotifierPP1.job => non trouvé(e).
C:\Windows\Tasks\APSnotifierPP2.job => non trouvé(e).
C:\Windows\Tasks\APSnotifierPP3.job => non trouvé(e).
"C:\Program Files\BubbleSound" => Fichier/Dossier non trouvé(e).


Le système a dû redémarrer..

Fin de Fixlog 18:02:57

Messages postés
180261
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 119
Malwarebytes (temps : environ 40min de scan):
==================================================
Télécharge et installe Malwarebyte.
Il existe une version gratuite qui permet de nettoyer son ordinateur (décoche bien la proposition d'essai de la version Premium à la fin de l'installation) :

Mets Malwarebytes à jour puis lance un examen.

A la fin du scan, clic sur "Supprimer Selection" en bas à gauche.
Redémarre l'ordinateur si besoin.
Après redémarrage, relance Malwarebytes.
Vas chercher le rapport dans l'onglet Historique.
A gauche Journal d'analyse.
Doube-clic sur l'examen dans la liste.
Puis en bas Copier dans le presse papier
Vas sur http://pjjoint.malekal.com et en bas, clic droit / coller pour coller le rapport du scan Malwarebytes.
Clic sur envoyer.
Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.
Messages postés
3
Date d'inscription
mardi 1 septembre 2015
Statut
Membre
Dernière intervention
3 septembre 2015
>
Messages postés
180261
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021

Messages postés
180261
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
26 mars 2021
24 119
il reste quel problème et sur quel navigateur WEB ?