A voir également:
- Logiciels qui s'installent tout seuls
- Télécharger logiciels gratuits pour pc - Télécharger - Montage photo
- FL Studio - Télécharger - Édition & Montage
- Assistant google se lance tout seul avec écouteurs - Forum Accessoires & objets connectés
- Télé qui s'allume toute seule à 3h - Forum TV & Vidéo
- OpenOffice - Télécharger - Suite bureautique
3 réponses
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 658
2 août 2015 à 10:46
2 août 2015 à 10:46
Salut,
Je regarde les rapports.
Je regarde les rapports.
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 658
Modifié par Malekal_morte- le 2/08/2015 à 11:02
Modifié par Malekal_morte- le 2/08/2015 à 11:02
Désinstalle McAfee Security Scan.
Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix
Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :
HKLM\...\Run: [shopperz29072015] => C:\Program Files\shopperz29072015\Dyrcb.exe [433528 2015-07-29] ()
HKLM\...\Run: [shopperz2907201564] => C:\Program Files\shopperz29072015\Dyrcb64.exe [464760 2015-07-29] ()
HKLM-x32\...\Run: [mbot_fr_014010048] => [X]
HKLM-x32\...\Run: [gmsd_fr_005010048] => C:\Program Files (x86)\gmsd_fr_005010048\gmsd_fr_005010048.exe [3984016 2015-08-01] ()
HKLM-x32\...\RunOnce: [upgmsd_fr_005010048.exe] => C:\Users\RomaneG.000\AppData\Local\gmsd_fr_005010048\upgmsd_fr_005010048.exe [3298960 2015-08-01] ()
HKU\S-1-5-21-846728343-4086004346-2084775253-1002\...\Run: [GoogleChromeAutoLaunch_1A8DB1FEFD5ACB1A2C9F3A2DCFFD5865] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
Startup: C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-08-01]
Startup: C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-08-01]
ShortcutTarget: SmartWeb.lnk -> C:\Users\RomaneG.000\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
Startup: C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-08-01]
Startup: C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-08-01]
ShortcutTarget: SmartWeb.lnk -> C:\Users\RomaneG.000\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51375;https=127.0.0.1:51375 [Attention - Possible Proxy Malicieux]
SearchScopes: HKU\S-1-5-21-846728343-4086004346-2084775253-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 69.28.57.26]
SearchScopes: HKU\S-1-5-21-846728343-4086004346-2084775253-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 69.28.57.26]
BHO: shopperz29072015 -> {95908f40-bf10-44e2-92d7-4b053ae06408} -> C:\Program Files\shopperz29072015\Ussre64.dll [2015-07-29] ()
BHO-x32: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-07-30] (Thinkgood Co. Limited)
BHO-x32: shopperz29072015 -> {95908f40-bf10-44e2-92d7-4b053ae06408} -> C:\Program Files\shopperz29072015\Ussre.dll [2015-07-29] ()
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
R2 c1de1b0b-52fd-4735-b9b6-5aec35b581e3; C:\Program Files\shopperz29072015\Mmeulsm.exe [285560 2015-07-29] ()
R2 comyninu; C:\Program Files (x86)\32444335-1438459818-4630-5339-84349780EA5B\hnsq4253.tmp [161792 2015-08-01] () [File not signed]
R2 csrcc; C:\Program Files\shopperz29072015\csrcc.exe [1448824 2015-07-29] ()
R2 FahwLudsaj; C:\Program Files\shopperz29072015\ByodtuCifnyw.exe [171848 2015-07-29] () [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125112 2015-07-30] (XTab system)
R3 Shjencueit; C:\Program Files\shopperz29072015\Shjencueit.exe [2024776 2015-07-29] () [File not signed]
R2 shopperz29072015 Updater; C:\Program Files\shopperz29072015\Zeezwb.exe [174968 2015-07-29] ()
R2 wsasvc_1.10.0.19; C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe [299608 2015-06-16] (Word Surfer)
R2 qutoqewe; C:\Program Files (x86)\32444335-1438459818-4630-5339-84349780EA5B\knsjF0D0.tmpfs [X]
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-06-18] (Cherimoya Ltd)
R1 wsafd_1_10_0_19; C:\Windows\System32\drivers\wsafd_1_10_0_19.sys [57728 2015-06-16] (Word Surfer)
S1 ppfd_vw_1_10_0_21; system32\drivers\ppfd_vw_1_10_0_21.sys [X]
2015-08-02 10:29 - 2015-08-02 10:31 - 00000378 _____ C:\WINDOWS\Tasks\APSnotifierPP1.job
2015-08-02 10:29 - 2015-08-02 10:31 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP3.job
2015-08-02 10:29 - 2015-08-02 10:31 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP2.job
2015-08-02 10:29 - 2015-08-02 10:29 - 00002812 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP1
2015-08-02 10:29 - 2015-08-02 10:29 - 00002810 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP3
2015-08-02 10:29 - 2015-08-02 10:29 - 00002810 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP2
2015-08-02 10:29 - 2015-08-02 10:29 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-08-02 10:27 - 2015-08-02 10:27 - 00613255 _____ (CMI Limited) C:\Users\RomaneG.000\AppData\Local\nsb36B.tmp
2015-08-02 10:27 - 2015-08-02 10:27 - 00000000 __SHD C:\Users\RomaneG.000\AppData\Roaming\AnyProtectEx
2015-08-02 10:26 - 2015-08-02 10:26 - 01950720 _____ C:\Users\RomaneG.000\Downloads\AdwCleaner Setup.exe
2015-08-02 10:26 - 2015-08-02 10:26 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\Setup2432296
2015-08-02 10:26 - 2015-08-02 10:26 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\cere
2015-08-02 10:25 - 2015-08-02 10:32 - 00004728 _____ C:\WINDOWS\SysWOW64\Shjencueit.ini
2015-08-02 10:25 - 2015-08-02 10:32 - 00002448 _____ C:\WINDOWS\SysWOW64\ShjencueitOff.ini
2015-08-02 10:25 - 2015-08-02 10:32 - 00002448 _____ C:\WINDOWS\system32\ShjencueitOff.ini
2015-08-02 10:25 - 2015-07-29 14:21 - 00353608 _____ C:\WINDOWS\system32\Shjencueit64.dll
2015-08-02 10:25 - 2015-07-29 14:20 - 00283464 _____ C:\WINDOWS\SysWOW64\Shjencueit.dll
2015-08-02 10:22 - 2015-08-02 10:22 - 00034712 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2015-08-02 10:20 - 2015-08-02 10:35 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\gmsd_fr_005010048
2015-08-02 10:20 - 2015-08-02 10:20 - 00000000 ____D C:\Program Files (x86)\gmsd_fr_005010048
2015-08-02 10:19 - 2015-08-02 10:19 - 00003646 _____ C:\WINDOWS\System32\Tasks\Elazt
2015-08-02 10:19 - 2015-08-02 10:19 - 00000000 ____D C:\Program Files (x86)\FriendlyError
2015-08-02 10:18 - 2015-08-02 10:22 - 00000000 ____D C:\Program Files\shopperz29072015
2015-08-02 10:18 - 2015-08-02 10:18 - 00000045 _____ C:\user.js
2015-08-02 10:18 - 2015-08-02 10:18 - 00000000 ____D C:\ProgramData\9WinManPro9
2015-08-02 10:18 - 2015-06-18 12:08 - 00061336 _____ (Cherimoya Ltd) C:\WINDOWS\system32\Drivers\cherimoya.sys
2015-08-01 23:59 - 2015-08-02 10:32 - 00001074 _____ C:\WINDOWS\Tasks\Crossbrowse.job
2015-08-01 23:59 - 2015-08-01 23:59 - 00004074 _____ C:\WINDOWS\System32\Tasks\Crossbrowse
2015-08-01 23:59 - 2015-08-01 23:59 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\SmartWeb
2015-08-01 23:59 - 2015-08-01 23:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-08-01 23:59 - 2015-08-01 23:59 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-08-01 23:58 - 2015-08-02 10:19 - 00000000 ____D C:\Program Files (x86)\MiuiTab
2015-08-01 23:58 - 2015-08-01 23:58 - 00000000 ____D C:\ProgramData\nWinManPron
2015-08-01 23:58 - 2015-08-01 23:58 - 00000000 ____D C:\Program Files (x86)\Crossbrowse
2015-08-01 23:56 - 2015-08-01 23:56 - 00004182 _____ C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update
2015-08-01 23:56 - 2015-08-01 23:56 - 00004170 _____ C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core
2015-08-01 23:56 - 2015-08-01 23:56 - 00000000 ____D C:\Program Files (x86)\WordSurfer_1.10.0.19
2015-08-01 23:24 - 2015-08-02 10:31 - 00000231 _____ C:\WINDOWS\setupact.log
2015-08-01 23:24 - 2015-08-01 23:24 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-01 23:13 - 2015-08-02 10:31 - 00013716 _____ C:\WINDOWS\PFRO.log
2015-08-01 23:01 - 2015-08-01 23:01 - 00000000 ____D C:\ZombieNews
2015-08-01 23:01 - 2015-08-01 23:01 - 00000000 ____D C:\Users\RomaneG.000\SupTab
2015-08-01 22:35 - 2015-08-01 22:35 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\18289
2015-08-01 22:34 - 2015-08-01 23:57 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\mystartsearch
2015-08-01 22:34 - 2015-08-01 22:34 - 00000000 ____D C:\ProgramData\1WinManPro1
2015-08-01 22:34 - 2015-08-01 22:34 - 00000000 ____D C:\Program Files (x86)\32444335-1438461267-4630-5339-84349780EA5B
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\ASPackage
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\WebBar
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Program Files (x86)\32444335-1438461193-4630-5339-84349780EA5B
2015-08-01 22:28 - 2015-08-02 10:32 - 00001020 _____ C:\WINDOWS\Tasks\L0C9qjqGK.job
2015-08-01 22:28 - 2015-08-01 22:32 - 00004028 _____ C:\WINDOWS\System32\Tasks\L0C9qjqGK
2015-08-01 22:27 - 2015-08-01 22:27 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-01 22:27 - 2015-08-01 22:27 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\globalUpdate
2015-08-01 22:27 - 2015-08-01 22:27 - 00000000 ____D C:\Program Files (x86)\caea23cc-36a4-480f-8f58-3b8d1b4ceb98
2015-08-01 22:26 - 2015-08-01 22:27 - 00000855 _____ C:\WINDOWS\SysWOW64\${LOGFILE}
2015-08-01 22:25 - 2015-08-01 22:28 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\ZombieNews
2015-08-01 22:21 - 2015-08-01 22:21 - 00003438 _____ C:\WINDOWS\System32\Tasks\Ermsadeuf
2015-08-01 22:21 - 2015-08-01 22:21 - 00000000 ____D C:\ProgramData\Ermsadeuf
2015-08-01 22:14 - 2015-08-01 22:14 - 00004212 _____ C:\WINDOWS\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Pending Update
2015-08-01 22:14 - 2015-08-01 22:14 - 00004202 _____ C:\WINDOWS\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Core
2015-08-01 22:13 - 2015-08-02 10:13 - 00000358 _____ C:\WINDOWS\Tasks\Superclean.job
2015-08-01 22:13 - 2015-08-01 22:14 - 00000000 ____D C:\ProgramData\ZombieNews
2015-08-01 22:13 - 2015-08-01 22:13 - 00003248 _____ C:\WINDOWS\System32\Tasks\Superclean
2015-08-01 22:13 - 2015-08-01 22:13 - 00000000 ____D C:\Users\Invité\AppData\Local\Crossbrowse
2015-08-01 22:13 - 2015-08-01 22:13 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Crossbrowse
2015-08-01 22:13 - 2015-08-01 22:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\Crossbrowse
2015-08-01 22:12 - 2015-08-01 22:12 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\Crossbrowse
2015-08-01 22:11 - 2015-08-01 22:21 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\32444335-1438467062-4630-5339-84349780EA5B
2015-08-01 22:10 - 2015-08-01 22:10 - 00000000 ____D C:\Program Files (x86)\32444335-1438459818-4630-5339-84349780EA5B
2015-08-01 22:10 - 2015-08-01 11:53 - 00000854 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-08-01 22:09 - 2015-08-01 22:32 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\WTools
2015-08-01 22:09 - 2015-08-01 22:29 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Store
2015-08-01 22:09 - 2015-08-01 22:09 - 00000078 _____ C:\Users\RomaneG.000\AppData\Roaming\WindApp.installation.log
2015-08-01 22:09 - 2015-08-01 22:09 - 00000078 _____ C:\Users\RomaneG.000\AppData\Roaming\Selection Tools.installation.log
2015-08-01 22:09 - 2015-08-01 22:09 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\Boxore
2015-08-01 22:08 - 2015-08-01 22:27 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Nosibay
2015-08-01 22:08 - 2015-08-01 22:09 - 00001291 _____ C:\Users\RomaneG.000\AppData\Roaming\Bubble Dock.boostrap.log
2015-08-01 22:08 - 2015-08-01 22:08 - 00005749 _____ C:\Users\RomaneG.000\AppData\Roaming\Bubble Dock.installation.log
2015-08-01 22:08 - 2015-08-01 22:08 - 00000097 _____ C:\Users\RomaneG.000\AppData\Roaming\WindApp.boostrap.log
2015-08-01 22:06 - 2015-08-01 22:06 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\oursurfing
2015-08-01 22:06 - 2015-08-01 22:06 - 00000000 ____D C:\ProgramData\cWinManProc
2015-08-01 22:06 - 2015-08-01 22:06 - 00000000 _____ C:\WINDOWS\prleth.sys
2015-08-01 22:06 - 2015-08-01 22:06 - 00000000 _____ C:\WINDOWS\hgfs.sys
2015-06-22 11:45 - 2015-07-31 14:30 - 0000024 _____ () C:\Users\RomaneG.000\AppData\Roaming\appdataFr25.bin
2015-08-01 22:08 - 2015-08-01 22:09 - 0001291 _____ () C:\Users\RomaneG.000\AppData\Roaming\Bubble Dock.boostrap.log
2015-08-01 22:08 - 2015-08-01 22:08 - 0005749 _____ () C:\Users\RomaneG.000\AppData\Roaming\Bubble Dock.installation.log
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\RomaneG.000\AppData\Roaming\L0C9qjqGK
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\RomaneG.000\AppData\Roaming\L0C9qjqGK.exe
2014-10-02 23:10 - 2014-10-05 20:59 - 0001227 _____ () C:\Users\RomaneG.000\AppData\Roaming\LiveSupport.exe_log.txt
2014-10-02 23:10 - 2014-10-05 20:59 - 0000096 _____ () C:\Users\RomaneG.000\AppData\Roaming\regsvr32.exe_log.txt
2015-08-01 22:09 - 2015-08-01 22:09 - 0000078 _____ () C:\Users\RomaneG.000\AppData\Roaming\Selection Tools.installation.log
2014-04-19 21:59 - 2014-04-19 21:59 - 0000044 _____ () C:\Users\RomaneG.000\AppData\Roaming\WB.CFG
2015-08-01 22:08 - 2015-08-01 22:08 - 0000097 _____ () C:\Users\RomaneG.000\AppData\Roaming\WindApp.boostrap.log
2015-08-01 22:09 - 2015-08-01 22:09 - 0000078 _____ () C:\Users\RomaneG.000\AppData\Roaming\WindApp.installation.log
2015-08-02 10:27 - 2015-08-02 10:27 - 0613255 _____ (CMI Limited) C:\Users\RomaneG.000\AppData\Local\nsb36B.tmp
cmd: netsh winsock reset
Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.
Redémarre l'ordinateur
puis réinitialise tes navigateurs:
==================================
Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :
et enfin :
Remets/vérifie que tous les serveurs de noms (DNS) sont automatiques : https://forum.malekal.com/viewtopic.php?t=48312&start=
PUIS ensuite vide le cache DNS et internet.
Les 3 étapes sont importantes et à faire sinon les pubs vont continuer.
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix
Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :
HKLM\...\Run: [shopperz29072015] => C:\Program Files\shopperz29072015\Dyrcb.exe [433528 2015-07-29] ()
HKLM\...\Run: [shopperz2907201564] => C:\Program Files\shopperz29072015\Dyrcb64.exe [464760 2015-07-29] ()
HKLM-x32\...\Run: [mbot_fr_014010048] => [X]
HKLM-x32\...\Run: [gmsd_fr_005010048] => C:\Program Files (x86)\gmsd_fr_005010048\gmsd_fr_005010048.exe [3984016 2015-08-01] ()
HKLM-x32\...\RunOnce: [upgmsd_fr_005010048.exe] => C:\Users\RomaneG.000\AppData\Local\gmsd_fr_005010048\upgmsd_fr_005010048.exe [3298960 2015-08-01] ()
HKU\S-1-5-21-846728343-4086004346-2084775253-1002\...\Run: [GoogleChromeAutoLaunch_1A8DB1FEFD5ACB1A2C9F3A2DCFFD5865] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
Startup: C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-08-01]
Startup: C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-08-01]
ShortcutTarget: SmartWeb.lnk -> C:\Users\RomaneG.000\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
Startup: C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-08-01]
Startup: C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-08-01]
ShortcutTarget: SmartWeb.lnk -> C:\Users\RomaneG.000\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51375;https=127.0.0.1:51375 [Attention - Possible Proxy Malicieux]
SearchScopes: HKU\S-1-5-21-846728343-4086004346-2084775253-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 69.28.57.26]
SearchScopes: HKU\S-1-5-21-846728343-4086004346-2084775253-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 69.28.57.26]
BHO: shopperz29072015 -> {95908f40-bf10-44e2-92d7-4b053ae06408} -> C:\Program Files\shopperz29072015\Ussre64.dll [2015-07-29] ()
BHO-x32: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-07-30] (Thinkgood Co. Limited)
BHO-x32: shopperz29072015 -> {95908f40-bf10-44e2-92d7-4b053ae06408} -> C:\Program Files\shopperz29072015\Ussre.dll [2015-07-29] ()
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
R2 c1de1b0b-52fd-4735-b9b6-5aec35b581e3; C:\Program Files\shopperz29072015\Mmeulsm.exe [285560 2015-07-29] ()
R2 comyninu; C:\Program Files (x86)\32444335-1438459818-4630-5339-84349780EA5B\hnsq4253.tmp [161792 2015-08-01] () [File not signed]
R2 csrcc; C:\Program Files\shopperz29072015\csrcc.exe [1448824 2015-07-29] ()
R2 FahwLudsaj; C:\Program Files\shopperz29072015\ByodtuCifnyw.exe [171848 2015-07-29] () [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125112 2015-07-30] (XTab system)
R3 Shjencueit; C:\Program Files\shopperz29072015\Shjencueit.exe [2024776 2015-07-29] () [File not signed]
R2 shopperz29072015 Updater; C:\Program Files\shopperz29072015\Zeezwb.exe [174968 2015-07-29] ()
R2 wsasvc_1.10.0.19; C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe [299608 2015-06-16] (Word Surfer)
R2 qutoqewe; C:\Program Files (x86)\32444335-1438459818-4630-5339-84349780EA5B\knsjF0D0.tmpfs [X]
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-06-18] (Cherimoya Ltd)
R1 wsafd_1_10_0_19; C:\Windows\System32\drivers\wsafd_1_10_0_19.sys [57728 2015-06-16] (Word Surfer)
S1 ppfd_vw_1_10_0_21; system32\drivers\ppfd_vw_1_10_0_21.sys [X]
2015-08-02 10:29 - 2015-08-02 10:31 - 00000378 _____ C:\WINDOWS\Tasks\APSnotifierPP1.job
2015-08-02 10:29 - 2015-08-02 10:31 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP3.job
2015-08-02 10:29 - 2015-08-02 10:31 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP2.job
2015-08-02 10:29 - 2015-08-02 10:29 - 00002812 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP1
2015-08-02 10:29 - 2015-08-02 10:29 - 00002810 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP3
2015-08-02 10:29 - 2015-08-02 10:29 - 00002810 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP2
2015-08-02 10:29 - 2015-08-02 10:29 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-08-02 10:27 - 2015-08-02 10:27 - 00613255 _____ (CMI Limited) C:\Users\RomaneG.000\AppData\Local\nsb36B.tmp
2015-08-02 10:27 - 2015-08-02 10:27 - 00000000 __SHD C:\Users\RomaneG.000\AppData\Roaming\AnyProtectEx
2015-08-02 10:26 - 2015-08-02 10:26 - 01950720 _____ C:\Users\RomaneG.000\Downloads\AdwCleaner Setup.exe
2015-08-02 10:26 - 2015-08-02 10:26 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\Setup2432296
2015-08-02 10:26 - 2015-08-02 10:26 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\cere
2015-08-02 10:25 - 2015-08-02 10:32 - 00004728 _____ C:\WINDOWS\SysWOW64\Shjencueit.ini
2015-08-02 10:25 - 2015-08-02 10:32 - 00002448 _____ C:\WINDOWS\SysWOW64\ShjencueitOff.ini
2015-08-02 10:25 - 2015-08-02 10:32 - 00002448 _____ C:\WINDOWS\system32\ShjencueitOff.ini
2015-08-02 10:25 - 2015-07-29 14:21 - 00353608 _____ C:\WINDOWS\system32\Shjencueit64.dll
2015-08-02 10:25 - 2015-07-29 14:20 - 00283464 _____ C:\WINDOWS\SysWOW64\Shjencueit.dll
2015-08-02 10:22 - 2015-08-02 10:22 - 00034712 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2015-08-02 10:20 - 2015-08-02 10:35 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\gmsd_fr_005010048
2015-08-02 10:20 - 2015-08-02 10:20 - 00000000 ____D C:\Program Files (x86)\gmsd_fr_005010048
2015-08-02 10:19 - 2015-08-02 10:19 - 00003646 _____ C:\WINDOWS\System32\Tasks\Elazt
2015-08-02 10:19 - 2015-08-02 10:19 - 00000000 ____D C:\Program Files (x86)\FriendlyError
2015-08-02 10:18 - 2015-08-02 10:22 - 00000000 ____D C:\Program Files\shopperz29072015
2015-08-02 10:18 - 2015-08-02 10:18 - 00000045 _____ C:\user.js
2015-08-02 10:18 - 2015-08-02 10:18 - 00000000 ____D C:\ProgramData\9WinManPro9
2015-08-02 10:18 - 2015-06-18 12:08 - 00061336 _____ (Cherimoya Ltd) C:\WINDOWS\system32\Drivers\cherimoya.sys
2015-08-01 23:59 - 2015-08-02 10:32 - 00001074 _____ C:\WINDOWS\Tasks\Crossbrowse.job
2015-08-01 23:59 - 2015-08-01 23:59 - 00004074 _____ C:\WINDOWS\System32\Tasks\Crossbrowse
2015-08-01 23:59 - 2015-08-01 23:59 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\SmartWeb
2015-08-01 23:59 - 2015-08-01 23:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-08-01 23:59 - 2015-08-01 23:59 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-08-01 23:58 - 2015-08-02 10:19 - 00000000 ____D C:\Program Files (x86)\MiuiTab
2015-08-01 23:58 - 2015-08-01 23:58 - 00000000 ____D C:\ProgramData\nWinManPron
2015-08-01 23:58 - 2015-08-01 23:58 - 00000000 ____D C:\Program Files (x86)\Crossbrowse
2015-08-01 23:56 - 2015-08-01 23:56 - 00004182 _____ C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update
2015-08-01 23:56 - 2015-08-01 23:56 - 00004170 _____ C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core
2015-08-01 23:56 - 2015-08-01 23:56 - 00000000 ____D C:\Program Files (x86)\WordSurfer_1.10.0.19
2015-08-01 23:24 - 2015-08-02 10:31 - 00000231 _____ C:\WINDOWS\setupact.log
2015-08-01 23:24 - 2015-08-01 23:24 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-01 23:13 - 2015-08-02 10:31 - 00013716 _____ C:\WINDOWS\PFRO.log
2015-08-01 23:01 - 2015-08-01 23:01 - 00000000 ____D C:\ZombieNews
2015-08-01 23:01 - 2015-08-01 23:01 - 00000000 ____D C:\Users\RomaneG.000\SupTab
2015-08-01 22:35 - 2015-08-01 22:35 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\18289
2015-08-01 22:34 - 2015-08-01 23:57 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\mystartsearch
2015-08-01 22:34 - 2015-08-01 22:34 - 00000000 ____D C:\ProgramData\1WinManPro1
2015-08-01 22:34 - 2015-08-01 22:34 - 00000000 ____D C:\Program Files (x86)\32444335-1438461267-4630-5339-84349780EA5B
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\ASPackage
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\WebBar
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Program Files (x86)\32444335-1438461193-4630-5339-84349780EA5B
2015-08-01 22:28 - 2015-08-02 10:32 - 00001020 _____ C:\WINDOWS\Tasks\L0C9qjqGK.job
2015-08-01 22:28 - 2015-08-01 22:32 - 00004028 _____ C:\WINDOWS\System32\Tasks\L0C9qjqGK
2015-08-01 22:27 - 2015-08-01 22:27 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-01 22:27 - 2015-08-01 22:27 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\globalUpdate
2015-08-01 22:27 - 2015-08-01 22:27 - 00000000 ____D C:\Program Files (x86)\caea23cc-36a4-480f-8f58-3b8d1b4ceb98
2015-08-01 22:26 - 2015-08-01 22:27 - 00000855 _____ C:\WINDOWS\SysWOW64\${LOGFILE}
2015-08-01 22:25 - 2015-08-01 22:28 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\ZombieNews
2015-08-01 22:21 - 2015-08-01 22:21 - 00003438 _____ C:\WINDOWS\System32\Tasks\Ermsadeuf
2015-08-01 22:21 - 2015-08-01 22:21 - 00000000 ____D C:\ProgramData\Ermsadeuf
2015-08-01 22:14 - 2015-08-01 22:14 - 00004212 _____ C:\WINDOWS\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Pending Update
2015-08-01 22:14 - 2015-08-01 22:14 - 00004202 _____ C:\WINDOWS\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Core
2015-08-01 22:13 - 2015-08-02 10:13 - 00000358 _____ C:\WINDOWS\Tasks\Superclean.job
2015-08-01 22:13 - 2015-08-01 22:14 - 00000000 ____D C:\ProgramData\ZombieNews
2015-08-01 22:13 - 2015-08-01 22:13 - 00003248 _____ C:\WINDOWS\System32\Tasks\Superclean
2015-08-01 22:13 - 2015-08-01 22:13 - 00000000 ____D C:\Users\Invité\AppData\Local\Crossbrowse
2015-08-01 22:13 - 2015-08-01 22:13 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Crossbrowse
2015-08-01 22:13 - 2015-08-01 22:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\Crossbrowse
2015-08-01 22:12 - 2015-08-01 22:12 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\Crossbrowse
2015-08-01 22:11 - 2015-08-01 22:21 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\32444335-1438467062-4630-5339-84349780EA5B
2015-08-01 22:10 - 2015-08-01 22:10 - 00000000 ____D C:\Program Files (x86)\32444335-1438459818-4630-5339-84349780EA5B
2015-08-01 22:10 - 2015-08-01 11:53 - 00000854 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-08-01 22:09 - 2015-08-01 22:32 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\WTools
2015-08-01 22:09 - 2015-08-01 22:29 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Store
2015-08-01 22:09 - 2015-08-01 22:09 - 00000078 _____ C:\Users\RomaneG.000\AppData\Roaming\WindApp.installation.log
2015-08-01 22:09 - 2015-08-01 22:09 - 00000078 _____ C:\Users\RomaneG.000\AppData\Roaming\Selection Tools.installation.log
2015-08-01 22:09 - 2015-08-01 22:09 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\Boxore
2015-08-01 22:08 - 2015-08-01 22:27 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Nosibay
2015-08-01 22:08 - 2015-08-01 22:09 - 00001291 _____ C:\Users\RomaneG.000\AppData\Roaming\Bubble Dock.boostrap.log
2015-08-01 22:08 - 2015-08-01 22:08 - 00005749 _____ C:\Users\RomaneG.000\AppData\Roaming\Bubble Dock.installation.log
2015-08-01 22:08 - 2015-08-01 22:08 - 00000097 _____ C:\Users\RomaneG.000\AppData\Roaming\WindApp.boostrap.log
2015-08-01 22:06 - 2015-08-01 22:06 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\oursurfing
2015-08-01 22:06 - 2015-08-01 22:06 - 00000000 ____D C:\ProgramData\cWinManProc
2015-08-01 22:06 - 2015-08-01 22:06 - 00000000 _____ C:\WINDOWS\prleth.sys
2015-08-01 22:06 - 2015-08-01 22:06 - 00000000 _____ C:\WINDOWS\hgfs.sys
2015-06-22 11:45 - 2015-07-31 14:30 - 0000024 _____ () C:\Users\RomaneG.000\AppData\Roaming\appdataFr25.bin
2015-08-01 22:08 - 2015-08-01 22:09 - 0001291 _____ () C:\Users\RomaneG.000\AppData\Roaming\Bubble Dock.boostrap.log
2015-08-01 22:08 - 2015-08-01 22:08 - 0005749 _____ () C:\Users\RomaneG.000\AppData\Roaming\Bubble Dock.installation.log
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\RomaneG.000\AppData\Roaming\L0C9qjqGK
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\RomaneG.000\AppData\Roaming\L0C9qjqGK.exe
2014-10-02 23:10 - 2014-10-05 20:59 - 0001227 _____ () C:\Users\RomaneG.000\AppData\Roaming\LiveSupport.exe_log.txt
2014-10-02 23:10 - 2014-10-05 20:59 - 0000096 _____ () C:\Users\RomaneG.000\AppData\Roaming\regsvr32.exe_log.txt
2015-08-01 22:09 - 2015-08-01 22:09 - 0000078 _____ () C:\Users\RomaneG.000\AppData\Roaming\Selection Tools.installation.log
2014-04-19 21:59 - 2014-04-19 21:59 - 0000044 _____ () C:\Users\RomaneG.000\AppData\Roaming\WB.CFG
2015-08-01 22:08 - 2015-08-01 22:08 - 0000097 _____ () C:\Users\RomaneG.000\AppData\Roaming\WindApp.boostrap.log
2015-08-01 22:09 - 2015-08-01 22:09 - 0000078 _____ () C:\Users\RomaneG.000\AppData\Roaming\WindApp.installation.log
2015-08-02 10:27 - 2015-08-02 10:27 - 0613255 _____ (CMI Limited) C:\Users\RomaneG.000\AppData\Local\nsb36B.tmp
cmd: netsh winsock reset
Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.
Redémarre l'ordinateur
puis réinitialise tes navigateurs:
==================================
Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :
- Internet Explorer et modules complémentaires / moteurs de recherche : https://forum.malekal.com/viewtopic.php?t=41399&start=
- Firefox : https://www.malekal.com/reparer-firefox/?t=36057&start=
- Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=
et enfin :
Remets/vérifie que tous les serveurs de noms (DNS) sont automatiques : https://forum.malekal.com/viewtopic.php?t=48312&start=
PUIS ensuite vide le cache DNS et internet.
Les 3 étapes sont importantes et à faire sinon les pubs vont continuer.
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
