Comment supprimer le virus PUA/InstallCore.Gen7 définitivement ?

Fermé

Pipouune Messages postés 18 Date d'inscription vendredi 24 juillet 2015 Statut Membre Dernière intervention 29 juillet 2015 - 24 juil. 2015 à 20:51
Pipouune Messages postés 18 Date d'inscription vendredi 24 juillet 2015 Statut Membre Dernière intervention 29 juillet 2015 - 25 juil. 2015 à 11:39

Bonjour, alors voilà depuis peu j'ai mon antivirus (Avira) qui détecte ce virus "PUA/InstallCore.Gen7" et à chaque fois que je clique sur supprimer, Avira relance des alertes sans cesse. Du coup j'ai regarder sur des forums pour voir comment je pourrai faire et ils y avait ecrits d'installer FRST64 pour faire un rapport et ensuite il fallait envoyer se rapport sur pijoint pour enfin le transmettre sur un forum.. Bref j'ai se rapport mais je sais pas trop quoi en faire..
Voilà donc si quelqu'un pourrait m'aider, Mercii :'(

A voir également:

Puadlmanager:win32/installcore
Puadi manager - Meilleures réponses
Puadi manager virus - Meilleures réponses
Comment supprimer une page sur word - Guide
Supprimer compte instagram - Guide
Compte facebook désactivé definitivement - Guide
Comment supprimer une conversation snap définitivement ✓ - Forum Snapchat
Comment supprimer fausse alerte virus mcafee - Accueil - Piratage

2 réponses

Réponse 1 / 2

Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 658
24 juil. 2015 à 20:56

Salut,

Donne le rapport de scan, probablement un setup dans ton dossier de Download.

Pipouune Messages postés 18 Date d'inscription vendredi 24 juillet 2015 Statut Membre Dernière intervention 29 juillet 2015
24 juil. 2015 à 21:15

https://pjjoint.malekal.com/files.php?id=20150717_y7k10u6u69

c'est ca ?

Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 658
24 juil. 2015 à 22:07

oui tu peux donner le additionnal.txt

tu as de adwares.

Pipouune Messages postés 18 Date d'inscription vendredi 24 juillet 2015 Statut Membre Dernière intervention 29 juillet 2015 > Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020
24 juil. 2015 à 23:12

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-07-2015
Ran by nanab_000 at 2015-07-18 02:11:42
Running from C:\Users\nanab_000\Music\11.06.2015
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrateur (S-1-5-21-4063324825-4206719115-4184313697-500 - Administrator - Disabled)
Invité (S-1-5-21-4063324825-4206719115-4184313697-501 - Limited - Disabled)
nanab_000 (S-1-5-21-4063324825-4206719115-4184313697-1005 - Administrator - Enabled) => C:\Users\nanab_000
user (S-1-5-21-4063324825-4206719115-4184313697-1001 - Administrator - Enabled) => C:\Users\user

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-4063324825-4206719115-4184313697-1005\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Apple Application Support (32 bits) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64 bits) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.11.579 - Avira Operations GmbH & Co. KG)
Bejeweled 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM\...\Broadcom 802.11 Wireless LAN Adapter) (Version: - Broadcom Corporation)
Broadcom Bluetooth Drivers (HKLM\...\{0A1B4690-E176-4533-8058-939480AEE1D0}) (Version: 12.0.0.9810 - Broadcom Corporation)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.110 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.7.4023 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.2.5308 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.1.5406 - CyberLink Corp.)
Cyberlink PhotoDirector (Version: 5.0.1.5406 - Nom de votre société) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.7.4016 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.1.3121 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.1.3121 - Nom de votre société) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4.4223 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.4.4218 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.3 (HKLM-x32\...\{E461B1AC-BC3C-11E3-B5B8-00163E98E7D6}) (Version: 5.3.0.3360 - Evernote Corp.)
Farm Frenzy (x32 Version: 3.0.2.59 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{00CD7D62-056A-4F0F-9143-44522D44E6DD}) (Version: 6.0.32.507 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.134 - Google Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{13133E99-B0D5-4143-B832-AAD55C62A41C}) (Version: 6.0.19.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{ADE2F6A7-E7BD-4955-BD66-30903B223DDF}) (Version: 2.20.41 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{416DDA39-F1B0-4BFF-A649-C997CCBA7A90}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7745.4851 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{7FE016CC-DAA9-4E21-BD2F-98390D1E6F3F}) (Version: 7.6.23.8 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{E20B0C89-ACCF-4EBB-909D-2E5BD4A9C024}) (Version: 1.1.11 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{DCD5C599-5CCC-4E37-8938-FBB548D780C6}) (Version: 2.5.3 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{B5ADC77D-81D7-483D-9373-3D00A69E5854}) (Version: 4.2.41.2710 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
Jeux WildTangent (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mises à jour NVIDIA 2.4.5.28 (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Mytubetheater Assistant (HKLM-x32\...\zz.853.mtt) (Version: 1.0.0 - CSDI)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Logiciel système PhysX 9.13.0927 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0927 - NVIDIA Corporation)
NVIDIA Pilote graphique 333.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 333.11 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{121727D5-FDF3-4723-BA57-EB383440ED72}) (Version: 4.11.9775 - Apache Software Foundation)
Panneau de configuration NVIDIA 333.11 (Version: 333.11 - NVIDIA Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.32.508.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7231 - Realtek Semiconductor Corp.)
Search App by Ask (HKLM-x32\...\{4254522D-5350-006A-76A7-A75C790C1D00}) (Version: 12.29.0.1481 - APN, LLC) <==== ATTENTION
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
shopperz 2.0.0.461 (HKLM\...\{72a94386-d7dd-4032-86b6-e013e104f0ab}_is1) (Version: 2.0.0.461 - shopperz) <==== ATTENTION
shopperz 2.0.0.461 (HKLM\...\{9c760b40-4718-40c3-a68d-2e4f21591d62}_is1) (Version: 2.0.0.461 - shopperz) <==== ATTENTION
Spotify (HKU\S-1-5-21-4063324825-4206719115-4184313697-1005\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.16 - Synaptics Incorporated)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{21498212-1146-4540-8A81-6A1328BA19F2}) (Version: 4.5.228.0 - Validity Sensors, Inc.)
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games App pour HP (x32 Version: 4.0.11.9 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

08-07-2015 10:44:09 Point de contrôle planifié
15-07-2015 11:19:54 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {17719867-AA23-4D5A-90C2-5AD68804A901} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-03] (Hewlett-Packard Company)
Task: {25E26B6D-4697-42B5-AFDD-1A7BBC7A8003} - System32\Tasks\Cpicxmn => C:\Program Files\shopperz\Eaueeexx.bat <==== ATTENTION
Task: {26CF0E3E-6E12-4287-9A2C-5312AFE26782} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-06-03] (Hewlett-Packard Company)
Task: {32C80526-081F-40C5-B2F8-4A4F8C5663A6} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2014-05-19] (Hewlett-Packard Development Company, L.P.)
Task: {3F0A7903-365A-4692-B156-66D730D6787A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {4C550607-ED6C-41A0-B60F-45BC9596C7E1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5778FDDA-9FE1-4460-AD12-A87CBE3B147B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-08] (Google Inc.)
Task: {5AFC9C96-2FD6-495C-9686-7AC7D523D3A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-06-16] (Hewlett-Packard)
Task: {5B0C2E54-3E35-42B8-B407-4909E22CB934} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-08] (Google Inc.)
Task: {632F5CA7-488D-4D28-85AF-BEEE98854CFA} - System32\Tasks\Ehebcnoee => C:\Program Files\shopperz\Eiefj.bat <==== ATTENTION
Task: {6611A00A-BBFA-4133-A880-41A722D6999C} - System32\Tasks\{F6087F6A-110E-4997-9AB4-11D9627097D5} => pcalua.exe -a C:\Users\nanab_000\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
Task: {96F71BAD-8964-43B6-B5CE-C790362511F9} - \WordShark Auto Updater 1.10.0.19 Core No Task File <==== ATTENTION
Task: {BA427FD8-D173-45E0-AEBC-1DF8983C9A52} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-06-18] (CyberLink Corp.)
Task: {C01217DF-904E-4C66-91A3-7DD3C71BD19A} - \WordShark Auto Updater 1.10.0.19 Pending Update No Task File <==== ATTENTION
Task: {D6EA12F6-7C53-4A25-80FE-EE92689ABAAB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {DE496A3F-BD5A-4E75-9181-2E1A76B1FAC3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {FDC885C6-0905-4F4B-AAEA-DD27259A85F6} - System32\Tasks\avastBCLRestartS-1-5-21-4063324825-4206719115-4184313697-1001 => Chrome.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2014-08-12 19:43 - 2014-04-29 19:11 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-28 13:31 - 2014-03-28 13:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-12-04 08:44 - 2013-12-04 08:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 08:44 - 2013-12-04 08:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 08:44 - 2013-12-04 08:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-08-12 20:24 - 2014-04-14 18:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-08-18 22:44 - 2015-08-18 22:44 - 00199168 _____ () C:\Users\nanab_000\AppData\Roaming\34444335-1439930651-4A34-4E50-8CDCD4716E3C\jnsk7DB9.tmp
2015-06-29 18:33 - 2015-06-29 18:33 - 00033992 _____ () C:\Program Files (x86)\MyTubeTheater_v50.853\MyTubeTheater_Assistant.exe
2014-03-28 13:36 - 2014-03-28 13:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-06-11 18:19 - 2014-06-11 18:19 - 00622080 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\JobCapsA.dll
2015-05-28 22:26 - 2015-05-23 03:48 - 00011920 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-08-12 19:31 - 2013-12-10 17:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-07-14 19:11 - 2015-07-13 23:55 - 01281864 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libglesv2.dll
2015-07-14 19:11 - 2015-07-13 23:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\libegl.dll
2015-07-14 19:11 - 2015-07-13 23:55 - 16308040 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.134\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\nanab_000\OneDrive:ms-properties
AlternateDataStreams: C:\Users\user\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4063324825-4206719115-4184313697-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\nanab_000\Pictures\10436154_655309744548366_8606445021418050505_n.jpg
DNS Servers: 212.27.40.240 - 212.27.40.241

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{175A9812-C76B-4F83-B9AE-E35C23E89077}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{D90A31D1-E578-41AC-8637-E4010886FC6C}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{B7AEDA8A-2995-473F-A2B5-4C25D88CA2B2}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{48ACC76A-5B52-4FDF-B450-094E3729D775}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{EE0F9ABC-9CDC-42B2-A1A5-47B4636B48D1}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D3430963-A021-4F8A-9C0D-3A1C2CB61FA0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{D51F13C2-5E37-486D-BC46-FEFD43A74F30}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{7F488766-C0E6-4F48-B6AC-2ADFD6C5C6D0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{42E1DC01-7F9C-414A-83AC-2A89D87CFBA9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0E49B9C1-B0C9-4A31-96EC-21C031387195}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DEA29C45-849E-4373-A714-1717F8EB9262}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{5A0A7620-5C81-48A8-A8D6-8310C1B85C0A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{AD6323BA-4B28-420C-A9CC-914BD7A599FD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{CE144644-D024-4594-B4EC-34579E96E53B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{742B8691-2C4C-4AED-850E-25B07B182FD2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{F5751EF6-194D-492F-A53E-3363648E0853}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{27DA6964-4D52-4293-A7A0-B0F1EFAFA29D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{2A26A519-6AFD-4FC1-9B3E-D31E78E8F206}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{75637170-2716-4859-A687-5D759243DA91}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [TCP Query User{E1DB3FD5-9190-45CB-B37A-1D776085057F}C:\users\user\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\user\appdata\roaming\cacaoweb\cacaoweb.exe
FirewallRules: [UDP Query User{84D697CB-1735-4257-B4C1-54F5A2FD52F4}C:\users\user\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\user\appdata\roaming\cacaoweb\cacaoweb.exe
FirewallRules: [TCP Query User{0A914136-33A6-4F8C-B6B9-D4C8F99CF2D0}C:\users\nanab_000\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\nanab_000\appdata\roaming\cacaoweb\cacaoweb.exe
FirewallRules: [UDP Query User{B6C7F796-2E7D-478A-B935-8A867E27C6E1}C:\users\nanab_000\appdata\roaming\cacaoweb\cacaoweb.exe] => (Allow) C:\users\nanab_000\appdata\roaming\cacaoweb\cacaoweb.exe
FirewallRules: [TCP Query User{9CE5D891-DFB4-46AA-944F-0E2586EBEFB0}C:\users\user\appdata\roaming\cacaoweb\cacaoweb.exe] => (Block) C:\users\user\appdata\roaming\cacaoweb\cacaoweb.exe
FirewallRules: [UDP Query User{A901D033-BBB5-42FA-9C33-48A1C55A037E}C:\users\user\appdata\roaming\cacaoweb\cacaoweb.exe] => (Block) C:\users\user\appdata\roaming\cacaoweb\cacaoweb.exe
FirewallRules: [TCP Query User{C52E857C-EBD0-431B-B980-C36DD27595BC}C:\users\nanab_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nanab_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{55C47726-F950-405C-8505-F943F6C4E2E0}C:\users\nanab_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nanab_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{813F8357-56EC-4C60-A1CA-6D3AAA1D983A}C:\users\nanab_000\appdata\roaming\cacaoweb\cacaoweb.exe] => (Block) C:\users\nanab_000\appdata\roaming\cacaoweb\cacaoweb.exe
FirewallRules: [UDP Query User{4D6771B9-BB5B-4A95-9B7E-E19970A92A51}C:\users\nanab_000\appdata\roaming\cacaoweb\cacaoweb.exe] => (Block) C:\users\nanab_000\appdata\roaming\cacaoweb\cacaoweb.exe
FirewallRules: [TCP Query User{14E8128E-C9E6-4E0D-85FF-8BCA83E736CB}C:\users\nanab_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nanab_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4C70C798-F971-4099-BA7E-BE747EE40CC4}C:\users\nanab_000\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nanab_000\appdata\roaming\spotify\spotify.exe
FirewallRules: [{0DA035ED-7ACC-4D11-ACF9-65E58BEE110D}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{5653FE54-8C95-4F5D-B518-91B80B739EB6}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{D4C95FD5-4724-4CDE-9445-8BC5A069DB08}] => (Allow) C:\Users\user\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{F26F6B74-1892-4240-B7C1-4E8CEC0FC09B}C:\users\nanab_000\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\nanab_000\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{F856BEC3-E7D9-421C-9741-615FF9F8716E}C:\users\nanab_000\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\nanab_000\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{6B831C30-9952-4032-91EA-63DA05ADC97E}C:\users\nanab_000\music\11.06.2015\cacaoweb.exe] => (Allow) C:\users\nanab_000\music\11.06.2015\cacaoweb.exe
FirewallRules: [UDP Query User{A0B25648-DDC4-4104-B348-205193CD999C}C:\users\nanab_000\music\11.06.2015\cacaoweb.exe] => (Allow) C:\users\nanab_000\music\11.06.2015\cacaoweb.exe
FirewallRules: [{0FA0CD70-A3CD-4BA6-AC02-BBB34AF75867}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{7CF6B78E-6D19-4116-9402-19A210912654}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{71CCCCF2-9E49-48EF-8B9E-C98BF7D09684}] => (Allow) C:\Users\user\AppData\Local\BoBrowser\Application\bobrowser.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/18/2015 02:17:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(d8:96:95:75:04:5c@fe80::da96:95ff:fe75:45c._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (07/18/2015 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (07/18/2015 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (07/18/2015 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (07/18/2015 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (07/18/2015 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (07/18/2015 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19

Error: (07/18/2015 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18

Error: (07/18/2015 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17

Error: (07/18/2015 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16

System errors:
=============
Error: (07/18/2015 01:41:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Kerning Down n'a pas pu démarrer en raison de l'erreur :
%%2

Error: (07/18/2015 01:40:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Windows Search n'a pas pu démarrer en raison de l'erreur :
%%3

Error: (07/18/2015 01:40:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Le service Windows Search n'a pas pu démarrer en raison de l'erreur :
%%1069

Error: (07/18/2015 01:40:43 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Le service WSearch n'a pas pu ouvrir de session en tant que NT AUTHORITY\SYSTEM avec le mot de passe actuellement configuré en raison de l'erreur suivante :
%%50

Pour vous assurer que le service est configuré correctement, utilisez le composant logiciel enfichable Services dans Microsoft Management Console (MMC).

Error: (07/18/2015 01:40:43 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORITE NT)
Description: Le module d'extensibilité WLAN s'est arrêté de façon inattendue.

Chemin d'accès du module : C:\Windows\System32\bcmihvsrv64.dll

Error: (07/18/2015 01:40:43 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORITE NT)
Description: Le module d'extensibilité WLAN s'est arrêté de façon inattendue.

Chemin d'accès du module : C:\Windows\System32\bcmihvsrv64.dll

Error: (07/18/2015 01:40:35 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: AUTORITE NT)
Description: Le module d'extensibilité WLAN s'est arrêté de façon inattendue.

Chemin d'accès du module : C:\Windows\System32\bcmihvsrv64.dll

Error: (07/18/2015 01:40:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Intel(R) Smart Connect Technology Agent s'est terminé de manière inattendue. Ceci s'est produit 2 fois. L'action corrective suivante va être effectuée dans 5000 millisecondes : Redémarrer le service.

Error: (07/18/2015 01:40:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Spouleur d'impression s'est terminé de manière inattendue. Ceci s'est produit 2 fois. L'action corrective suivante va être effectuée dans 5000 millisecondes : Redémarrer le service.

Error: (07/18/2015 01:40:21 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Windows Search s'est terminé de manière inattendue. Ceci s'est produit 2 fois. L'action corrective suivante va être effectuée dans 30000 millisecondes : Redémarrer le service.

Microsoft Office:
=========================
Error: (07/18/2015 02:17:27 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(d8:96:95:75:04:5c@fe80::da96:95ff:fe75:45c._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

Error: (07/18/2015 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24

Error: (07/18/2015 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23

Error: (07/18/2015 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22

Error: (07/18/2015 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21

Error: (07/18/2015 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20

Error: (07/18/2015 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19

Error: (07/18/2015 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18

Error: (07/18/2015 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17

Error: (07/18/2015 02:14:21 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 48%
Total physical RAM: 4026.15 MB
Available physical RAM: 2075.53 MB
Total Virtual: 4794.15 MB
Available Virtual: 2310.23 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:675.9 GB) (Free:558.6 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:21.72 GB) (Free:2.42 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 06AB8717)

Partition: GPT Partition Type.

==================== End of log ============================

Pipouune Messages postés 18 Date d'inscription vendredi 24 juillet 2015 Statut Membre Dernière intervention 29 juillet 2015
24 juil. 2015 à 23:37

Maintenant avira ma trouvé ce virus Adware/EoRezo.gen, je vais jamais en finir ...

Réponse 2 / 2

Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 658
25 juil. 2015 à 09:40

Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :

Task: {6611A00A-BBFA-4133-A880-41A722D6999C} - System32\Tasks\{F6087F6A-110E-4997-9AB4-11D9627097D5} => pcalua.exe -a C:\Users\nanab_000\AppData\Roaming\sweet-page\UninstallManager.exe -c -ptid=cor
Task: {632F5CA7-488D-4D28-85AF-BEEE98854CFA} - System32\Tasks\Ehebcnoee => C:\Program Files\shopperz\Eiefj.bat <==== ATTENTION
Task: {25E26B6D-4697-42B5-AFDD-1A7BBC7A8003} - System32\Tasks\Cpicxmn => C:\Program Files\shopperz\Eaueeexx.bat <==== ATTENTION
HKLM\...\Run: [shopperz] => C:\Program Files\shopperz\Jkuixmkv.exe
HKLM\...\Run: [shopperz64] => C:\Program Files\shopperz\Jkuixmkv64.exe
HKLM-x32\...\RunOnce: [MyTubeTheater_v50.853] => C:\Program Files (x86)\MyTubeTheater_v50.853\MyTubeTheater_Assistant.exe [33992 2015-06-29] ()
BHO: shopperz -> {9c760b40-4718-40c3-a68d-2e4f21591d62} -> C:\Program Files\shopperz\Cdwyagsnp64.dll No File
BHO-x32: shopperz -> {9c760b40-4718-40c3-a68d-2e4f21591d62} -> C:\Program Files\shopperz\Cdwyagsnp.dll No File
R2 zejytose; C:\Users\nanab_000\AppData\Roaming\34444335-1439930651-4A34-4E50-8CDCD4716E3C\jnsk7DB9.tmp [199168 2015-08-18] () [File not signed]
S2 gopibeko; C:\Users\nanab_000\AppData\Local\34444335-1439938046-4A34-4E50-8CDCD4716E3C\snsg21C2.tmp [X]
2015-08-22 20:41 - 2015-08-22 20:41 - 00613255 _____ (CMI Limited) C:\Users\user\AppData\Local\nsuA91D.tmp
2015-08-22 20:35 - 2015-08-22 21:46 - 00000000 ____D C:\Program Files (x86)\MyTubeTheater
2015-08-22 20:35 - 2015-08-22 20:35 - 00003624 _____ C:\Windows\System32\Tasks\Cpicxmn
2015-08-22 20:35 - 2015-08-22 20:35 - 00000000 ____D C:\Program Files (x86)\MyTubeTheater_v50.853
2015-08-21 00:16 - 2015-08-21 00:16 - 00532784 _____ C:\Users\nanab_000\Downloads\cacaoweb.exe
2015-08-19 15:00 - 2015-07-18 01:40 - 00000000 ____D C:\AdwCleaner
2015-08-19 12:34 - 2015-08-19 12:34 - 00613255 _____ (CMI Limited) C:\Users\nanab_000\AppData\Local\nssCDE5.tmp
2015-08-18 23:00 - 2015-08-18 23:00 - 00613255 _____ (CMI Limited) C:\Users\nanab_000\AppData\Local\nsi4E64.tmp
2015-08-18 22:56 - 2015-08-22 20:35 - 00000045 _____ C:\user.js
2015-08-18 22:56 - 2015-08-18 22:56 - 00003628 _____ C:\Windows\System32\Tasks\Ehebcnoee
2015-08-18 22:44 - 2015-08-23 10:46 - 00000000 ____D C:\Users\nanab_000\AppData\Roaming\34444335-1439930651-4A34-4E50-8CDCD4716E3C
2015-08-18 22:44 - 2015-08-18 22:44 - 02560346 _____ (BlueStack Systems Inc.) C:\Users\nanab_000\Downloads\Non confirmé 985220.crdownload
2015-08-18 22:44 - 2015-08-18 22:44 - 00000000 _____ C:\Windows\prleth.sys
2015-08-18 22:44 - 2015-08-18 22:44 - 00000000 _____ C:\Windows\hgfs.sys

Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur

puis réinitialise tes navigateurs:
==================================
Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :

Internet Explorer et modules complémentaires / moteurs de recherche : https://forum.malekal.com/viewtopic.php?t=41399&start=
Firefox : https://www.malekal.com/reparer-firefox/?t=36057&start=
Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=

Pipouune Messages postés 18 Date d'inscription vendredi 24 juillet 2015 Statut Membre Dernière intervention 29 juillet 2015
25 juil. 2015 à 11:39

J'ai fais tout ce que tu m'as dit mais quand le pc a redemmaré aprés FRST je n'ai pas eu de fichier texte

Discussions similaires

pup.optional.installcore

win 32:PUP-gen(PUP)

PUA:Win32/InstallCore detecté par windows sécurité

Detection PUA: win32 Installcore

Virus - trojan - hacktool - pua win32 - superscan - comment supprimer