Logiciels qui s'installent tout seuls
romgr
-
romgr -
romgr -
Bonjour,
J'ai un problème de logiciels qui s'installent tout seuls, j'ai fait une analyse Adwcleaner et ça n'a rien donné et j'ai donc fait avec FRST je vous joins les liens des 2 fichiers
http://pjjoint.malekal.com/files.php?id=20150802_v6t12i1010e8
http://pjjoint.malekal.com/files.php?id=20150802_l9p6n15v15y9
merci d'avance
J'ai un problème de logiciels qui s'installent tout seuls, j'ai fait une analyse Adwcleaner et ça n'a rien donné et j'ai donc fait avec FRST je vous joins les liens des 2 fichiers
http://pjjoint.malekal.com/files.php?id=20150802_v6t12i1010e8
http://pjjoint.malekal.com/files.php?id=20150802_l9p6n15v15y9
merci d'avance
A voir également:
- Logiciels qui s'installent tout seuls
- Logiciels sauvegarde - Guide
- Télécharger logiciels gratuits pour pc - Télécharger - Montage photo
- Télécharger logiciels gratuits comment ça marche - Télécharger - Traitement de texte
- Adobe Reader - Télécharger - PDF
- WinRAR - Télécharger - Compression & Décompression
3 réponses
Désinstalle McAfee Security Scan.
Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix
Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :
HKLM\...\Run: [shopperz29072015] => C:\Program Files\shopperz29072015\Dyrcb.exe [433528 2015-07-29] ()
HKLM\...\Run: [shopperz2907201564] => C:\Program Files\shopperz29072015\Dyrcb64.exe [464760 2015-07-29] ()
HKLM-x32\...\Run: [mbot_fr_014010048] => [X]
HKLM-x32\...\Run: [gmsd_fr_005010048] => C:\Program Files (x86)\gmsd_fr_005010048\gmsd_fr_005010048.exe [3984016 2015-08-01] ()
HKLM-x32\...\RunOnce: [upgmsd_fr_005010048.exe] => C:\Users\RomaneG.000\AppData\Local\gmsd_fr_005010048\upgmsd_fr_005010048.exe [3298960 2015-08-01] ()
HKU\S-1-5-21-846728343-4086004346-2084775253-1002\...\Run: [GoogleChromeAutoLaunch_1A8DB1FEFD5ACB1A2C9F3A2DCFFD5865] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
Startup: C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-08-01]
Startup: C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-08-01]
ShortcutTarget: SmartWeb.lnk -> C:\Users\RomaneG.000\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
Startup: C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-08-01]
Startup: C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-08-01]
ShortcutTarget: SmartWeb.lnk -> C:\Users\RomaneG.000\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51375;https=127.0.0.1:51375 [Attention - Possible Proxy Malicieux]
SearchScopes: HKU\S-1-5-21-846728343-4086004346-2084775253-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 69.28.57.26]
SearchScopes: HKU\S-1-5-21-846728343-4086004346-2084775253-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 69.28.57.26]
BHO: shopperz29072015 -> {95908f40-bf10-44e2-92d7-4b053ae06408} -> C:\Program Files\shopperz29072015\Ussre64.dll [2015-07-29] ()
BHO-x32: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-07-30] (Thinkgood Co. Limited)
BHO-x32: shopperz29072015 -> {95908f40-bf10-44e2-92d7-4b053ae06408} -> C:\Program Files\shopperz29072015\Ussre.dll [2015-07-29] ()
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
R2 c1de1b0b-52fd-4735-b9b6-5aec35b581e3; C:\Program Files\shopperz29072015\Mmeulsm.exe [285560 2015-07-29] ()
R2 comyninu; C:\Program Files (x86)\32444335-1438459818-4630-5339-84349780EA5B\hnsq4253.tmp [161792 2015-08-01] () [File not signed]
R2 csrcc; C:\Program Files\shopperz29072015\csrcc.exe [1448824 2015-07-29] ()
R2 FahwLudsaj; C:\Program Files\shopperz29072015\ByodtuCifnyw.exe [171848 2015-07-29] () [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125112 2015-07-30] (XTab system)
R3 Shjencueit; C:\Program Files\shopperz29072015\Shjencueit.exe [2024776 2015-07-29] () [File not signed]
R2 shopperz29072015 Updater; C:\Program Files\shopperz29072015\Zeezwb.exe [174968 2015-07-29] ()
R2 wsasvc_1.10.0.19; C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe [299608 2015-06-16] (Word Surfer)
R2 qutoqewe; C:\Program Files (x86)\32444335-1438459818-4630-5339-84349780EA5B\knsjF0D0.tmpfs [X]
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-06-18] (Cherimoya Ltd)
R1 wsafd_1_10_0_19; C:\Windows\System32\drivers\wsafd_1_10_0_19.sys [57728 2015-06-16] (Word Surfer)
S1 ppfd_vw_1_10_0_21; system32\drivers\ppfd_vw_1_10_0_21.sys [X]
2015-08-02 10:29 - 2015-08-02 10:31 - 00000378 _____ C:\WINDOWS\Tasks\APSnotifierPP1.job
2015-08-02 10:29 - 2015-08-02 10:31 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP3.job
2015-08-02 10:29 - 2015-08-02 10:31 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP2.job
2015-08-02 10:29 - 2015-08-02 10:29 - 00002812 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP1
2015-08-02 10:29 - 2015-08-02 10:29 - 00002810 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP3
2015-08-02 10:29 - 2015-08-02 10:29 - 00002810 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP2
2015-08-02 10:29 - 2015-08-02 10:29 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-08-02 10:27 - 2015-08-02 10:27 - 00613255 _____ (CMI Limited) C:\Users\RomaneG.000\AppData\Local\nsb36B.tmp
2015-08-02 10:27 - 2015-08-02 10:27 - 00000000 __SHD C:\Users\RomaneG.000\AppData\Roaming\AnyProtectEx
2015-08-02 10:26 - 2015-08-02 10:26 - 01950720 _____ C:\Users\RomaneG.000\Downloads\AdwCleaner Setup.exe
2015-08-02 10:26 - 2015-08-02 10:26 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\Setup2432296
2015-08-02 10:26 - 2015-08-02 10:26 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\cere
2015-08-02 10:25 - 2015-08-02 10:32 - 00004728 _____ C:\WINDOWS\SysWOW64\Shjencueit.ini
2015-08-02 10:25 - 2015-08-02 10:32 - 00002448 _____ C:\WINDOWS\SysWOW64\ShjencueitOff.ini
2015-08-02 10:25 - 2015-08-02 10:32 - 00002448 _____ C:\WINDOWS\system32\ShjencueitOff.ini
2015-08-02 10:25 - 2015-07-29 14:21 - 00353608 _____ C:\WINDOWS\system32\Shjencueit64.dll
2015-08-02 10:25 - 2015-07-29 14:20 - 00283464 _____ C:\WINDOWS\SysWOW64\Shjencueit.dll
2015-08-02 10:22 - 2015-08-02 10:22 - 00034712 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2015-08-02 10:20 - 2015-08-02 10:35 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\gmsd_fr_005010048
2015-08-02 10:20 - 2015-08-02 10:20 - 00000000 ____D C:\Program Files (x86)\gmsd_fr_005010048
2015-08-02 10:19 - 2015-08-02 10:19 - 00003646 _____ C:\WINDOWS\System32\Tasks\Elazt
2015-08-02 10:19 - 2015-08-02 10:19 - 00000000 ____D C:\Program Files (x86)\FriendlyError
2015-08-02 10:18 - 2015-08-02 10:22 - 00000000 ____D C:\Program Files\shopperz29072015
2015-08-02 10:18 - 2015-08-02 10:18 - 00000045 _____ C:\user.js
2015-08-02 10:18 - 2015-08-02 10:18 - 00000000 ____D C:\ProgramData\9WinManPro9
2015-08-02 10:18 - 2015-06-18 12:08 - 00061336 _____ (Cherimoya Ltd) C:\WINDOWS\system32\Drivers\cherimoya.sys
2015-08-01 23:59 - 2015-08-02 10:32 - 00001074 _____ C:\WINDOWS\Tasks\Crossbrowse.job
2015-08-01 23:59 - 2015-08-01 23:59 - 00004074 _____ C:\WINDOWS\System32\Tasks\Crossbrowse
2015-08-01 23:59 - 2015-08-01 23:59 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\SmartWeb
2015-08-01 23:59 - 2015-08-01 23:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-08-01 23:59 - 2015-08-01 23:59 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-08-01 23:58 - 2015-08-02 10:19 - 00000000 ____D C:\Program Files (x86)\MiuiTab
2015-08-01 23:58 - 2015-08-01 23:58 - 00000000 ____D C:\ProgramData\nWinManPron
2015-08-01 23:58 - 2015-08-01 23:58 - 00000000 ____D C:\Program Files (x86)\Crossbrowse
2015-08-01 23:56 - 2015-08-01 23:56 - 00004182 _____ C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update
2015-08-01 23:56 - 2015-08-01 23:56 - 00004170 _____ C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core
2015-08-01 23:56 - 2015-08-01 23:56 - 00000000 ____D C:\Program Files (x86)\WordSurfer_1.10.0.19
2015-08-01 23:24 - 2015-08-02 10:31 - 00000231 _____ C:\WINDOWS\setupact.log
2015-08-01 23:24 - 2015-08-01 23:24 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-01 23:13 - 2015-08-02 10:31 - 00013716 _____ C:\WINDOWS\PFRO.log
2015-08-01 23:01 - 2015-08-01 23:01 - 00000000 ____D C:\ZombieNews
2015-08-01 23:01 - 2015-08-01 23:01 - 00000000 ____D C:\Users\RomaneG.000\SupTab
2015-08-01 22:35 - 2015-08-01 22:35 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\18289
2015-08-01 22:34 - 2015-08-01 23:57 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\mystartsearch
2015-08-01 22:34 - 2015-08-01 22:34 - 00000000 ____D C:\ProgramData\1WinManPro1
2015-08-01 22:34 - 2015-08-01 22:34 - 00000000 ____D C:\Program Files (x86)\32444335-1438461267-4630-5339-84349780EA5B
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\ASPackage
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\WebBar
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Program Files (x86)\32444335-1438461193-4630-5339-84349780EA5B
2015-08-01 22:28 - 2015-08-02 10:32 - 00001020 _____ C:\WINDOWS\Tasks\L0C9qjqGK.job
2015-08-01 22:28 - 2015-08-01 22:32 - 00004028 _____ C:\WINDOWS\System32\Tasks\L0C9qjqGK
2015-08-01 22:27 - 2015-08-01 22:27 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-01 22:27 - 2015-08-01 22:27 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\globalUpdate
2015-08-01 22:27 - 2015-08-01 22:27 - 00000000 ____D C:\Program Files (x86)\caea23cc-36a4-480f-8f58-3b8d1b4ceb98
2015-08-01 22:26 - 2015-08-01 22:27 - 00000855 _____ C:\WINDOWS\SysWOW64\${LOGFILE}
2015-08-01 22:25 - 2015-08-01 22:28 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\ZombieNews
2015-08-01 22:21 - 2015-08-01 22:21 - 00003438 _____ C:\WINDOWS\System32\Tasks\Ermsadeuf
2015-08-01 22:21 - 2015-08-01 22:21 - 00000000 ____D C:\ProgramData\Ermsadeuf
2015-08-01 22:14 - 2015-08-01 22:14 - 00004212 _____ C:\WINDOWS\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Pending Update
2015-08-01 22:14 - 2015-08-01 22:14 - 00004202 _____ C:\WINDOWS\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Core
2015-08-01 22:13 - 2015-08-02 10:13 - 00000358 _____ C:\WINDOWS\Tasks\Superclean.job
2015-08-01 22:13 - 2015-08-01 22:14 - 00000000 ____D C:\ProgramData\ZombieNews
2015-08-01 22:13 - 2015-08-01 22:13 - 00003248 _____ C:\WINDOWS\System32\Tasks\Superclean
2015-08-01 22:13 - 2015-08-01 22:13 - 00000000 ____D C:\Users\Invité\AppData\Local\Crossbrowse
2015-08-01 22:13 - 2015-08-01 22:13 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Crossbrowse
2015-08-01 22:13 - 2015-08-01 22:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\Crossbrowse
2015-08-01 22:12 - 2015-08-01 22:12 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\Crossbrowse
2015-08-01 22:11 - 2015-08-01 22:21 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\32444335-1438467062-4630-5339-84349780EA5B
2015-08-01 22:10 - 2015-08-01 22:10 - 00000000 ____D C:\Program Files (x86)\32444335-1438459818-4630-5339-84349780EA5B
2015-08-01 22:10 - 2015-08-01 11:53 - 00000854 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-08-01 22:09 - 2015-08-01 22:32 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\WTools
2015-08-01 22:09 - 2015-08-01 22:29 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Store
2015-08-01 22:09 - 2015-08-01 22:09 - 00000078 _____ C:\Users\RomaneG.000\AppData\Roaming\WindApp.installation.log
2015-08-01 22:09 - 2015-08-01 22:09 - 00000078 _____ C:\Users\RomaneG.000\AppData\Roaming\Selection Tools.installation.log
2015-08-01 22:09 - 2015-08-01 22:09 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\Boxore
2015-08-01 22:08 - 2015-08-01 22:27 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Nosibay
2015-08-01 22:08 - 2015-08-01 22:09 - 00001291 _____ C:\Users\RomaneG.000\AppData\Roaming\Bubble Dock.boostrap.log
2015-08-01 22:08 - 2015-08-01 22:08 - 00005749 _____ C:\Users\RomaneG.000\AppData\Roaming\Bubble Dock.installation.log
2015-08-01 22:08 - 2015-08-01 22:08 - 00000097 _____ C:\Users\RomaneG.000\AppData\Roaming\WindApp.boostrap.log
2015-08-01 22:06 - 2015-08-01 22:06 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\oursurfing
2015-08-01 22:06 - 2015-08-01 22:06 - 00000000 ____D C:\ProgramData\cWinManProc
2015-08-01 22:06 - 2015-08-01 22:06 - 00000000 _____ C:\WINDOWS\prleth.sys
2015-08-01 22:06 - 2015-08-01 22:06 - 00000000 _____ C:\WINDOWS\hgfs.sys
2015-06-22 11:45 - 2015-07-31 14:30 - 0000024 _____ () C:\Users\RomaneG.000\AppData\Roaming\appdataFr25.bin
2015-08-01 22:08 - 2015-08-01 22:09 - 0001291 _____ () C:\Users\RomaneG.000\AppData\Roaming\Bubble Dock.boostrap.log
2015-08-01 22:08 - 2015-08-01 22:08 - 0005749 _____ () C:\Users\RomaneG.000\AppData\Roaming\Bubble Dock.installation.log
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\RomaneG.000\AppData\Roaming\L0C9qjqGK
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\RomaneG.000\AppData\Roaming\L0C9qjqGK.exe
2014-10-02 23:10 - 2014-10-05 20:59 - 0001227 _____ () C:\Users\RomaneG.000\AppData\Roaming\LiveSupport.exe_log.txt
2014-10-02 23:10 - 2014-10-05 20:59 - 0000096 _____ () C:\Users\RomaneG.000\AppData\Roaming\regsvr32.exe_log.txt
2015-08-01 22:09 - 2015-08-01 22:09 - 0000078 _____ () C:\Users\RomaneG.000\AppData\Roaming\Selection Tools.installation.log
2014-04-19 21:59 - 2014-04-19 21:59 - 0000044 _____ () C:\Users\RomaneG.000\AppData\Roaming\WB.CFG
2015-08-01 22:08 - 2015-08-01 22:08 - 0000097 _____ () C:\Users\RomaneG.000\AppData\Roaming\WindApp.boostrap.log
2015-08-01 22:09 - 2015-08-01 22:09 - 0000078 _____ () C:\Users\RomaneG.000\AppData\Roaming\WindApp.installation.log
2015-08-02 10:27 - 2015-08-02 10:27 - 0613255 _____ (CMI Limited) C:\Users\RomaneG.000\AppData\Local\nsb36B.tmp
cmd: netsh winsock reset
Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.
Redémarre l'ordinateur
puis réinitialise tes navigateurs:
==================================
Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :
et enfin :
Remets/vérifie que tous les serveurs de noms (DNS) sont automatiques : https://forum.malekal.com/viewtopic.php?t=48312&start=
PUIS ensuite vide le cache DNS et internet.
Les 3 étapes sont importantes et à faire sinon les pubs vont continuer.
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix
Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :
HKLM\...\Run: [shopperz29072015] => C:\Program Files\shopperz29072015\Dyrcb.exe [433528 2015-07-29] ()
HKLM\...\Run: [shopperz2907201564] => C:\Program Files\shopperz29072015\Dyrcb64.exe [464760 2015-07-29] ()
HKLM-x32\...\Run: [mbot_fr_014010048] => [X]
HKLM-x32\...\Run: [gmsd_fr_005010048] => C:\Program Files (x86)\gmsd_fr_005010048\gmsd_fr_005010048.exe [3984016 2015-08-01] ()
HKLM-x32\...\RunOnce: [upgmsd_fr_005010048.exe] => C:\Users\RomaneG.000\AppData\Local\gmsd_fr_005010048\upgmsd_fr_005010048.exe [3298960 2015-08-01] ()
HKU\S-1-5-21-846728343-4086004346-2084775253-1002\...\Run: [GoogleChromeAutoLaunch_1A8DB1FEFD5ACB1A2C9F3A2DCFFD5865] => C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe [637440 2015-05-12] (Crossbrowse)
Startup: C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-08-01]
Startup: C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-08-01]
ShortcutTarget: SmartWeb.lnk -> C:\Users\RomaneG.000\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
Startup: C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crossbrowse.lnk [2015-08-01]
Startup: C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk [2015-08-01]
ShortcutTarget: SmartWeb.lnk -> C:\Users\RomaneG.000\AppData\Local\SmartWeb\SmartWebHelper.exe (SoftBrain Technologies Ltd.)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:51375;https=127.0.0.1:51375 [Attention - Possible Proxy Malicieux]
SearchScopes: HKU\S-1-5-21-846728343-4086004346-2084775253-1002 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 69.28.57.26]
SearchScopes: HKU\S-1-5-21-846728343-4086004346-2084775253-1002 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = https://www.google.com/webhp?gws_rd=ssl{searchTerms} [Pays US - 69.28.57.26]
BHO: shopperz29072015 -> {95908f40-bf10-44e2-92d7-4b053ae06408} -> C:\Program Files\shopperz29072015\Ussre64.dll [2015-07-29] ()
BHO-x32: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files (x86)\MiuiTab\SupTab.dll [2015-07-30] (Thinkgood Co. Limited)
BHO-x32: shopperz29072015 -> {95908f40-bf10-44e2-92d7-4b053ae06408} -> C:\Program Files\shopperz29072015\Ussre.dll [2015-07-29] ()
Winsock: Catalog9 01 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9 02 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9 03 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9 04 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9 15 C:\WINDOWS\SysWOW64\Shjencueit.dll [283464 2015-08-02] ()
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
Winsock: Catalog9-x64 15 C:\WINDOWS\system32\Shjencueit64.dll [353608 2015-08-02] ()
R2 c1de1b0b-52fd-4735-b9b6-5aec35b581e3; C:\Program Files\shopperz29072015\Mmeulsm.exe [285560 2015-07-29] ()
R2 comyninu; C:\Program Files (x86)\32444335-1438459818-4630-5339-84349780EA5B\hnsq4253.tmp [161792 2015-08-01] () [File not signed]
R2 csrcc; C:\Program Files\shopperz29072015\csrcc.exe [1448824 2015-07-29] ()
R2 FahwLudsaj; C:\Program Files\shopperz29072015\ByodtuCifnyw.exe [171848 2015-07-29] () [File not signed]
R2 IHProtect Service; C:\Program Files (x86)\MiuiTab\ProtectService.exe [125112 2015-07-30] (XTab system)
R3 Shjencueit; C:\Program Files\shopperz29072015\Shjencueit.exe [2024776 2015-07-29] () [File not signed]
R2 shopperz29072015 Updater; C:\Program Files\shopperz29072015\Zeezwb.exe [174968 2015-07-29] ()
R2 wsasvc_1.10.0.19; C:\Program Files (x86)\WordSurfer_1.10.0.19\Service\wsasvc.exe [299608 2015-06-16] (Word Surfer)
R2 qutoqewe; C:\Program Files (x86)\32444335-1438459818-4630-5339-84349780EA5B\knsjF0D0.tmpfs [X]
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [61336 2015-06-18] (Cherimoya Ltd)
R1 wsafd_1_10_0_19; C:\Windows\System32\drivers\wsafd_1_10_0_19.sys [57728 2015-06-16] (Word Surfer)
S1 ppfd_vw_1_10_0_21; system32\drivers\ppfd_vw_1_10_0_21.sys [X]
2015-08-02 10:29 - 2015-08-02 10:31 - 00000378 _____ C:\WINDOWS\Tasks\APSnotifierPP1.job
2015-08-02 10:29 - 2015-08-02 10:31 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP3.job
2015-08-02 10:29 - 2015-08-02 10:31 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP2.job
2015-08-02 10:29 - 2015-08-02 10:29 - 00002812 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP1
2015-08-02 10:29 - 2015-08-02 10:29 - 00002810 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP3
2015-08-02 10:29 - 2015-08-02 10:29 - 00002810 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP2
2015-08-02 10:29 - 2015-08-02 10:29 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
2015-08-02 10:27 - 2015-08-02 10:27 - 00613255 _____ (CMI Limited) C:\Users\RomaneG.000\AppData\Local\nsb36B.tmp
2015-08-02 10:27 - 2015-08-02 10:27 - 00000000 __SHD C:\Users\RomaneG.000\AppData\Roaming\AnyProtectEx
2015-08-02 10:26 - 2015-08-02 10:26 - 01950720 _____ C:\Users\RomaneG.000\Downloads\AdwCleaner Setup.exe
2015-08-02 10:26 - 2015-08-02 10:26 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\Setup2432296
2015-08-02 10:26 - 2015-08-02 10:26 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\cere
2015-08-02 10:25 - 2015-08-02 10:32 - 00004728 _____ C:\WINDOWS\SysWOW64\Shjencueit.ini
2015-08-02 10:25 - 2015-08-02 10:32 - 00002448 _____ C:\WINDOWS\SysWOW64\ShjencueitOff.ini
2015-08-02 10:25 - 2015-08-02 10:32 - 00002448 _____ C:\WINDOWS\system32\ShjencueitOff.ini
2015-08-02 10:25 - 2015-07-29 14:21 - 00353608 _____ C:\WINDOWS\system32\Shjencueit64.dll
2015-08-02 10:25 - 2015-07-29 14:20 - 00283464 _____ C:\WINDOWS\SysWOW64\Shjencueit.dll
2015-08-02 10:22 - 2015-08-02 10:22 - 00034712 _____ () C:\WINDOWS\system32\Drivers\bsdriver.sys
2015-08-02 10:20 - 2015-08-02 10:35 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\gmsd_fr_005010048
2015-08-02 10:20 - 2015-08-02 10:20 - 00000000 ____D C:\Program Files (x86)\gmsd_fr_005010048
2015-08-02 10:19 - 2015-08-02 10:19 - 00003646 _____ C:\WINDOWS\System32\Tasks\Elazt
2015-08-02 10:19 - 2015-08-02 10:19 - 00000000 ____D C:\Program Files (x86)\FriendlyError
2015-08-02 10:18 - 2015-08-02 10:22 - 00000000 ____D C:\Program Files\shopperz29072015
2015-08-02 10:18 - 2015-08-02 10:18 - 00000045 _____ C:\user.js
2015-08-02 10:18 - 2015-08-02 10:18 - 00000000 ____D C:\ProgramData\9WinManPro9
2015-08-02 10:18 - 2015-06-18 12:08 - 00061336 _____ (Cherimoya Ltd) C:\WINDOWS\system32\Drivers\cherimoya.sys
2015-08-01 23:59 - 2015-08-02 10:32 - 00001074 _____ C:\WINDOWS\Tasks\Crossbrowse.job
2015-08-01 23:59 - 2015-08-01 23:59 - 00004074 _____ C:\WINDOWS\System32\Tasks\Crossbrowse
2015-08-01 23:59 - 2015-08-01 23:59 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\SmartWeb
2015-08-01 23:59 - 2015-08-01 23:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crossbrowse
2015-08-01 23:59 - 2015-08-01 23:59 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-08-01 23:58 - 2015-08-02 10:19 - 00000000 ____D C:\Program Files (x86)\MiuiTab
2015-08-01 23:58 - 2015-08-01 23:58 - 00000000 ____D C:\ProgramData\nWinManPron
2015-08-01 23:58 - 2015-08-01 23:58 - 00000000 ____D C:\Program Files (x86)\Crossbrowse
2015-08-01 23:56 - 2015-08-01 23:56 - 00004182 _____ C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Pending Update
2015-08-01 23:56 - 2015-08-01 23:56 - 00004170 _____ C:\WINDOWS\System32\Tasks\WordSurfer Auto Updater 1.10.0.19 Core
2015-08-01 23:56 - 2015-08-01 23:56 - 00000000 ____D C:\Program Files (x86)\WordSurfer_1.10.0.19
2015-08-01 23:24 - 2015-08-02 10:31 - 00000231 _____ C:\WINDOWS\setupact.log
2015-08-01 23:24 - 2015-08-01 23:24 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-08-01 23:13 - 2015-08-02 10:31 - 00013716 _____ C:\WINDOWS\PFRO.log
2015-08-01 23:01 - 2015-08-01 23:01 - 00000000 ____D C:\ZombieNews
2015-08-01 23:01 - 2015-08-01 23:01 - 00000000 ____D C:\Users\RomaneG.000\SupTab
2015-08-01 22:35 - 2015-08-01 22:35 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\18289
2015-08-01 22:34 - 2015-08-01 23:57 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\mystartsearch
2015-08-01 22:34 - 2015-08-01 22:34 - 00000000 ____D C:\ProgramData\1WinManPro1
2015-08-01 22:34 - 2015-08-01 22:34 - 00000000 ____D C:\Program Files (x86)\32444335-1438461267-4630-5339-84349780EA5B
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GUPlayer
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASPackage
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\ASPackage
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\WebBar
2015-08-01 22:33 - 2015-08-01 22:33 - 00000000 ____D C:\Program Files (x86)\32444335-1438461193-4630-5339-84349780EA5B
2015-08-01 22:28 - 2015-08-02 10:32 - 00001020 _____ C:\WINDOWS\Tasks\L0C9qjqGK.job
2015-08-01 22:28 - 2015-08-01 22:32 - 00004028 _____ C:\WINDOWS\System32\Tasks\L0C9qjqGK
2015-08-01 22:27 - 2015-08-01 22:27 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-01 22:27 - 2015-08-01 22:27 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\globalUpdate
2015-08-01 22:27 - 2015-08-01 22:27 - 00000000 ____D C:\Program Files (x86)\caea23cc-36a4-480f-8f58-3b8d1b4ceb98
2015-08-01 22:26 - 2015-08-01 22:27 - 00000855 _____ C:\WINDOWS\SysWOW64\${LOGFILE}
2015-08-01 22:25 - 2015-08-01 22:28 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\ZombieNews
2015-08-01 22:21 - 2015-08-01 22:21 - 00003438 _____ C:\WINDOWS\System32\Tasks\Ermsadeuf
2015-08-01 22:21 - 2015-08-01 22:21 - 00000000 ____D C:\ProgramData\Ermsadeuf
2015-08-01 22:14 - 2015-08-01 22:14 - 00004212 _____ C:\WINDOWS\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Pending Update
2015-08-01 22:14 - 2015-08-01 22:14 - 00004202 _____ C:\WINDOWS\System32\Tasks\PhraseProfessor Auto Updater 1.10.0.21 Core
2015-08-01 22:13 - 2015-08-02 10:13 - 00000358 _____ C:\WINDOWS\Tasks\Superclean.job
2015-08-01 22:13 - 2015-08-01 22:14 - 00000000 ____D C:\ProgramData\ZombieNews
2015-08-01 22:13 - 2015-08-01 22:13 - 00003248 _____ C:\WINDOWS\System32\Tasks\Superclean
2015-08-01 22:13 - 2015-08-01 22:13 - 00000000 ____D C:\Users\Invité\AppData\Local\Crossbrowse
2015-08-01 22:13 - 2015-08-01 22:13 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Local\Crossbrowse
2015-08-01 22:13 - 2015-08-01 22:13 - 00000000 ____D C:\Users\Administrator\AppData\Local\Crossbrowse
2015-08-01 22:12 - 2015-08-01 22:12 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\Crossbrowse
2015-08-01 22:11 - 2015-08-01 22:21 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\32444335-1438467062-4630-5339-84349780EA5B
2015-08-01 22:10 - 2015-08-01 22:10 - 00000000 ____D C:\Program Files (x86)\32444335-1438459818-4630-5339-84349780EA5B
2015-08-01 22:10 - 2015-08-01 11:53 - 00000854 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-08-01 22:09 - 2015-08-01 22:32 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\WTools
2015-08-01 22:09 - 2015-08-01 22:29 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Store
2015-08-01 22:09 - 2015-08-01 22:09 - 00000078 _____ C:\Users\RomaneG.000\AppData\Roaming\WindApp.installation.log
2015-08-01 22:09 - 2015-08-01 22:09 - 00000078 _____ C:\Users\RomaneG.000\AppData\Roaming\Selection Tools.installation.log
2015-08-01 22:09 - 2015-08-01 22:09 - 00000000 ____D C:\Users\RomaneG.000\AppData\Local\Boxore
2015-08-01 22:08 - 2015-08-01 22:27 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\Nosibay
2015-08-01 22:08 - 2015-08-01 22:09 - 00001291 _____ C:\Users\RomaneG.000\AppData\Roaming\Bubble Dock.boostrap.log
2015-08-01 22:08 - 2015-08-01 22:08 - 00005749 _____ C:\Users\RomaneG.000\AppData\Roaming\Bubble Dock.installation.log
2015-08-01 22:08 - 2015-08-01 22:08 - 00000097 _____ C:\Users\RomaneG.000\AppData\Roaming\WindApp.boostrap.log
2015-08-01 22:06 - 2015-08-01 22:06 - 00000000 ____D C:\Users\RomaneG.000\AppData\Roaming\oursurfing
2015-08-01 22:06 - 2015-08-01 22:06 - 00000000 ____D C:\ProgramData\cWinManProc
2015-08-01 22:06 - 2015-08-01 22:06 - 00000000 _____ C:\WINDOWS\prleth.sys
2015-08-01 22:06 - 2015-08-01 22:06 - 00000000 _____ C:\WINDOWS\hgfs.sys
2015-06-22 11:45 - 2015-07-31 14:30 - 0000024 _____ () C:\Users\RomaneG.000\AppData\Roaming\appdataFr25.bin
2015-08-01 22:08 - 2015-08-01 22:09 - 0001291 _____ () C:\Users\RomaneG.000\AppData\Roaming\Bubble Dock.boostrap.log
2015-08-01 22:08 - 2015-08-01 22:08 - 0005749 _____ () C:\Users\RomaneG.000\AppData\Roaming\Bubble Dock.installation.log
2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\RomaneG.000\AppData\Roaming\L0C9qjqGK
2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\RomaneG.000\AppData\Roaming\L0C9qjqGK.exe
2014-10-02 23:10 - 2014-10-05 20:59 - 0001227 _____ () C:\Users\RomaneG.000\AppData\Roaming\LiveSupport.exe_log.txt
2014-10-02 23:10 - 2014-10-05 20:59 - 0000096 _____ () C:\Users\RomaneG.000\AppData\Roaming\regsvr32.exe_log.txt
2015-08-01 22:09 - 2015-08-01 22:09 - 0000078 _____ () C:\Users\RomaneG.000\AppData\Roaming\Selection Tools.installation.log
2014-04-19 21:59 - 2014-04-19 21:59 - 0000044 _____ () C:\Users\RomaneG.000\AppData\Roaming\WB.CFG
2015-08-01 22:08 - 2015-08-01 22:08 - 0000097 _____ () C:\Users\RomaneG.000\AppData\Roaming\WindApp.boostrap.log
2015-08-01 22:09 - 2015-08-01 22:09 - 0000078 _____ () C:\Users\RomaneG.000\AppData\Roaming\WindApp.installation.log
2015-08-02 10:27 - 2015-08-02 10:27 - 0613255 _____ (CMI Limited) C:\Users\RomaneG.000\AppData\Local\nsb36B.tmp
cmd: netsh winsock reset
Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.
Redémarre l'ordinateur
puis réinitialise tes navigateurs:
==================================
Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :
- Internet Explorer et modules complémentaires / moteurs de recherche : https://forum.malekal.com/viewtopic.php?t=41399&start=
- Firefox : https://www.malekal.com/reparer-firefox/?t=36057&start=
- Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=
et enfin :
Remets/vérifie que tous les serveurs de noms (DNS) sont automatiques : https://forum.malekal.com/viewtopic.php?t=48312&start=
PUIS ensuite vide le cache DNS et internet.
Les 3 étapes sont importantes et à faire sinon les pubs vont continuer.
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left