Probleme de virus ww.searching.com
Fermé
garogarou
-
Modifié par Malekal_morte- le 24/07/2016 à 14:51
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 26 févr. 2017 à 10:12
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 26 févr. 2017 à 10:12
A voir également:
- Probleme de virus ww.searching.com
- Svchost.exe virus - Guide
- Vérificateur de lien virus - Guide
- Faux message virus iphone - Forum iPhone
- Lien virus à envoyer - Forum Virus
- Produkey virus ✓ - Forum Windows 10
10 réponses
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 627
24 juil. 2016 à 14:51
24 juil. 2016 à 14:51
Salut,
Windows a été infecté par des adwares et programmes parasites. Ces indésirables sont connus pour provoquer des affichages de publicités et occasionner de sérieux ralentissements sur tes navigateurs WEB.
Voici les étapes de la procédure à suivre :
1°) AdwCleaner
Suis le tutoriel AdwCleaner d'Xplode
Si le copié/collé ne fonctionne pas, utilise le site http://pjjoint.malekal.com/ pour héberger ton rapport, donne le lien du rapport dans un nouveau message.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
2°)
Réinitialise manuellement tes navigateurs :
3°) FRST
Suis le tutoriel FRST. ( prends le temps de lire attentivement - tout y est bien expliqué ).
Télécharge et lance le scan FRST, 3 rapports FRST seront générés :
Envoie ces 3 rapports sur le site http://pjjoint.malekal.com/ et en retour donne les 3 liens pjjoint qui mènent aux rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.
Windows a été infecté par des adwares et programmes parasites. Ces indésirables sont connus pour provoquer des affichages de publicités et occasionner de sérieux ralentissements sur tes navigateurs WEB.
Voici les étapes de la procédure à suivre :
1°) AdwCleaner
Suis le tutoriel AdwCleaner d'Xplode
- Télécharge le sur ton Bureau ou dans ton dossier des téléchargements,
- Lance "AdwCleaner" et clique sur [Scanner],
- L'analyse va durer plusieurs minutes, patiente,
- Une fois le scan terminé, ne décoche rien, clique sur [Nettoyer],
- Une fois le nettoyage terminé, un rapport va s'ouvrir,
- Copie/colle le contenu du rapport dans ta prochaine réponse.
Si le copié/collé ne fonctionne pas, utilise le site http://pjjoint.malekal.com/ pour héberger ton rapport, donne le lien du rapport dans un nouveau message.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
2°)
Réinitialise manuellement tes navigateurs :
- Réinitialiser et réparer Mozilla Firefox
- Réinitialiser et réparer Google Chrome
- Réinitialiser et réparer Internet Explorer
3°) FRST
Suis le tutoriel FRST. ( prends le temps de lire attentivement - tout y est bien expliqué ).
Télécharge et lance le scan FRST, 3 rapports FRST seront générés :
- FRST.txt
- Shortcut.txt
- Additionnal.txt
Envoie ces 3 rapports sur le site http://pjjoint.malekal.com/ et en retour donne les 3 liens pjjoint qui mènent aux rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.
bonsoir
merci pour votre aide , pour commencer la partie adwcleaner ne fonctionne pas , je peux peux scanner , mais au moment de nettoyer un message d erreur comme quoi ca ne repond plus s affiche et me bloque l ordi , je n est autre choix que de forcer l arret ...ça commence mal , je voulais vraiment nettoyer mon ordi avec ce programme avant de continuer le processus .
merci pour votre aide , pour commencer la partie adwcleaner ne fonctionne pas , je peux peux scanner , mais au moment de nettoyer un message d erreur comme quoi ca ne repond plus s affiche et me bloque l ordi , je n est autre choix que de forcer l arret ...ça commence mal , je voulais vraiment nettoyer mon ordi avec ce programme avant de continuer le processus .
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 627
26 juil. 2016 à 09:44
26 juil. 2016 à 09:44
Tu as des extensions parasites sur Google Chrome, du type Yahoo Web
Faudrait faire du ménage.
Tu l'as bien réinitialisé ?
Faudrait faire du ménage.
Tu l'as bien réinitialisé ?
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 627
>
garogarou
26 juil. 2016 à 12:49
26 juil. 2016 à 12:49
donc tu as le problème sur quel navigateur WEB ?
garogarou
>
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
26 juil. 2016 à 22:25
26 juil. 2016 à 22:25
bonsoir ,
je me sert que internet explore , que j ai reconfiguré.
mais le problème persiste toujours, c est agaçant.
je me sert que internet explore , que j ai reconfiguré.
mais le problème persiste toujours, c est agaçant.
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 627
27 juil. 2016 à 20:28
27 juil. 2016 à 20:28
Voici la correction à effectuer avec FRST. Tu peux t'aider de cette note explicative avec des captures d'écran.
Ouvre le bloc-notes : Touche Windows + R,
Dans le champs "Exécuter", saisir notepad et OK.
Copie/Colle dedans ce qui suit :
Une fois, le texte collé dans le Bloc-notes,
Menu "Fichier" puis "Enregistrer sous",
A gauche, place toi sur le Bureau,
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clique sur "Enregistrer", cela va créer fixlist.txt sur le Bureau.
Relance FRST et clique sur le bouton "Corriger / Fix"
Un redémarrage sera peut-être nécessaire ( pas obligatoire )
Un fichier texte apparait, copie/colle le contenu ici dans un nouveau message.
Redémarre l'ordinateur.
Ouvre le bloc-notes : Touche Windows + R,
Dans le champs "Exécuter", saisir notepad et OK.
Copie/Colle dedans ce qui suit :
CreateRestorePoint:
CloseProcesses:
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
Hosts:
EmptyTemp:
RemoveProxy:
Une fois, le texte collé dans le Bloc-notes,
Menu "Fichier" puis "Enregistrer sous",
A gauche, place toi sur le Bureau,
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clique sur "Enregistrer", cela va créer fixlist.txt sur le Bureau.
Relance FRST et clique sur le bouton "Corriger / Fix"
Un redémarrage sera peut-être nécessaire ( pas obligatoire )
Un fichier texte apparait, copie/colle le contenu ici dans un nouveau message.
Redémarre l'ordinateur.
CreateRestorePoint:
CloseProcesses:
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
Hosts:
EmptyTemp:
RemoveProxy
CloseProcesses:
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\nolann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g68zftpbl0cshmoaq,99a73a08-5a7b-41d6-84d4-5d1b8b6b54c2,
Hosts:
EmptyTemp:
RemoveProxy
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 627
>
garogarou
30 juil. 2016 à 10:37
30 juil. 2016 à 10:37
tu as mal suivi les instructions.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour,
J'ai eu le même souci, mon fils a téléchargé des apps sur mon ordi et voilà, des saloprix.
J'ai suivi les consignes pour adware, pouvezve vous regarder le rapport?
Merci
# AdwCleaner v6.043 - Logfile created 16/02/2017 at 11:33:44
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : merry - DESKTOP-L6T7H6U
# Running from : C:\Users\merry\Downloads\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
[-] Service deleted: 361135080622ddb521a929e46ac5b7b8
[-] Service deleted: a9e2d46f28ec067ad179f0c3694a4524
[-] Service deleted: WindowService
[-] Service deleted: NetUtils2016
[-] Service deleted: NetUtils2016srv
[-] Service deleted: WinSAPSvc
[-] Service deleted: WinSnare
[-] Folder deleted: C:\Program Files (x86)\WinSnare(4.1.0)
[-] Folder deleted: C:\ProgramData\637d31a9-2325-1
[-] Folder deleted: C:\ProgramData\637d31a9-2487-0
[-] Folder deleted: C:\ProgramData\ad8aafdd-0585-0
[-] Folder deleted: C:\ProgramData\ad8aafdd-4fa1-1
[-] Folder deleted: C:\Users\merry\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\merry\AppData\Local\AppTrailers
[-] Folder deleted: C:\Users\merry\AppData\Roaming\One System Care
[-] Folder deleted: C:\Users\merry\AppData\Roaming\Microleaves
[-] Folder deleted: C:\Users\merry\AppData\Roaming\WinSnare
[-] Folder deleted: C:\Users\merry\AppData\Roaming\Climofabech
[#] Folder deleted on reboot: C:\Users\merry\AppData\Roaming\CLIMOFABECH
[-] Folder deleted: C:\ProgramData\WinSAPSvc
[-] Folder deleted: C:\ProgramData\Microleaves
[#] Folder deleted on reboot: C:\ProgramData\winsapsvc
[#] Folder deleted on reboot: C:\ProgramData\Application Data\WinSAPSvc
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Microleaves
[#] Folder deleted on reboot: C:\ProgramData\Application Data\winsapsvc
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer
[-] Folder deleted: C:\Program Files (x86)\OneSystemCare
[-] Folder deleted: C:\Program Files (x86)\CleanBrowser
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\yset
[-] Folder deleted: C:\Program Files (x86)\Microleaves
[-] Folder deleted: C:\Program Files (x86)\Drecaward Client
[-] Folder deleted: C:\Program Files (x86)\MIO
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\merry\AppData\Roaming\Mozilla\Firefox\naweriweentcofise
[-] Folder deleted: C:\WINDOWS\SysWoW64\sstmp
[#] Folder deleted on reboot: C:\Users\merry\AppData\Roaming\WinSnare
[#] Folder deleted on reboot: C:\Program Files (x86)\MIO
[-] File deleted: C:\WINDOWS\SysNative\drivers\a9e2d46f28ec067ad179f0c3694a4524.sys
[-] File deleted: C:\Users\merry\Desktop\Facebook.lnk
[#] File deleted: C:\WINDOWS\SysNative\NetUtils2016.dll
[#] File deleted: C:\WINDOWS\SysNative\drivers\NetUtils2016.sys
[-] File deleted: C:\END
[-] File deleted: C:\appverifier.txt
[-] File deleted: C:\TOSTACK
[-] File deleted: C:\WINDOWS\SysWoW64\NetUtils2016.exe
[-] File deleted: C:\Users\merry\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\AppVerifierapc.exe.log
[-] File deleted: C:\Users\merry\AppData\Roaming\Installer.dat
[-] File deleted: C:\Users\merry\AppData\Roaming\InstallationConfiguration.xml
[-] File deleted: C:\Users\merry\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage
[-] File deleted: C:\Users\merry\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage-journal
[-] Task deleted: {090F0E47-0B0B-0C0F-7D11-79040809110C}
[-] Task deleted: One System Care Task
[-] Task deleted: Traffic Exchange Guardian
[-] Task deleted: Traffic Exchange Updater
[-] Task deleted: Traffic Exchange
[-] Task deleted: Traffic Exchange Guard
[-] Task deleted: Milimili
[-] Task deleted: Drecaward Client
[-] Task deleted: Niiseclajuent
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Key deleted: HKU\.DEFAULT\Software\ompndb
[-] Key deleted: HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\OMX_Media
[-] Key deleted: HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\One System Care
[-] Key deleted: HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\WajIEnhance
[-] Key deleted: HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\csastats
[-] Key deleted: HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\ICSW1.23
[-] Key deleted: HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\AppDataLow\Software\AppTrailers
[#] Key deleted on reboot: HKU\S-1-5-18\Software\ompndb
[#] Key deleted on reboot: HKCU\Software\OMX_Media
[#] Key deleted on reboot: HKCU\Software\One System Care
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\WajIEnhance
[#] Key deleted on reboot: HKCU\Software\csastats
[#] Key deleted on reboot: HKCU\Software\ICSW1.23
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\AppTrailers
[-] Key deleted: HKLM\SOFTWARE\youndooSoftware
[-] Key deleted: HKLM\SOFTWARE\OtherSearch
[-] Key deleted: HKLM\SOFTWARE\ScreenShot
[-] Key deleted: HKLM\SOFTWARE\ompndb
[-] Key deleted: HKLM\SOFTWARE\Microleaves
[-] Key deleted: HKLM\SOFTWARE\Socia2Sear Browser Enhancer
[-] Key deleted: HKLM\SOFTWARE\Ckafoyanerqeent
[-] Key deleted: HKLM\SOFTWARE\dozuent.exe
[-] Key deleted: HKLM\SOFTWARE\Suvosh
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NUIns
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0187837F-FA61-437D-9647-EE1E86233276}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebOptimum
[#] Key deleted on reboot: [x64] HKCU\Software\OMX_Media
[#] Key deleted on reboot: [x64] HKCU\Software\One System Care
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\WajIEnhance
[#] Key deleted on reboot: [x64] HKCU\Software\csastats
[#] Key deleted on reboot: [x64] HKCU\Software\ICSW1.23
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\AppTrailers
[-] Key deleted: [x64] HKLM\SOFTWARE\AppApcVerifier
[-] Key deleted: [x64] HKLM\SOFTWARE\ompndb
[-] Key deleted: [x64] HKLM\SOFTWARE\HDWallpaper
[-] Key deleted: [x64] HKLM\SOFTWARE\Microleaves
[-] Key deleted: [x64] HKLM\SOFTWARE\Socia2Sear Browser Enhancer
[-] Key deleted: [x64] HKLM\SOFTWARE\pcv-var
[-] Key deleted: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driverupdate.net
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.driverupdate.net
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driverupdate.net
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.driverupdate.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driverupdate.net
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.driverupdate.net
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driverupdate.net
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.driverupdate.net
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key deleted: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Stuhoph]
:: "Tracing" keys deleted
:: Winsock settings cleared
C:\AdwCleaner\AdwCleaner[C0].txt - [11865 Bytes] - [16/02/2017 11:33:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [11160 Bytes] - [16/02/2017 11:32:01]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12013 Bytes] ##########
J'ai eu le même souci, mon fils a téléchargé des apps sur mon ordi et voilà, des saloprix.
J'ai suivi les consignes pour adware, pouvezve vous regarder le rapport?
Merci
# AdwCleaner v6.043 - Logfile created 16/02/2017 at 11:33:44
# Updated on 27/01/2017 by Malwarebytes
# Database : 2017-02-13.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : merry - DESKTOP-L6T7H6U
# Running from : C:\Users\merry\Downloads\adwcleaner_6.043.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
- [ Services ] *****
[-] Service deleted: 361135080622ddb521a929e46ac5b7b8
[-] Service deleted: a9e2d46f28ec067ad179f0c3694a4524
[-] Service deleted: WindowService
[-] Service deleted: NetUtils2016
[-] Service deleted: NetUtils2016srv
[-] Service deleted: WinSAPSvc
[-] Service deleted: WinSnare
- [ Folders ] *****
[-] Folder deleted: C:\Program Files (x86)\WinSnare(4.1.0)
[-] Folder deleted: C:\ProgramData\637d31a9-2325-1
[-] Folder deleted: C:\ProgramData\637d31a9-2487-0
[-] Folder deleted: C:\ProgramData\ad8aafdd-0585-0
[-] Folder deleted: C:\ProgramData\ad8aafdd-4fa1-1
[-] Folder deleted: C:\Users\merry\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\merry\AppData\Local\AppTrailers
[-] Folder deleted: C:\Users\merry\AppData\Roaming\One System Care
[-] Folder deleted: C:\Users\merry\AppData\Roaming\Microleaves
[-] Folder deleted: C:\Users\merry\AppData\Roaming\WinSnare
[-] Folder deleted: C:\Users\merry\AppData\Roaming\Climofabech
[#] Folder deleted on reboot: C:\Users\merry\AppData\Roaming\CLIMOFABECH
[-] Folder deleted: C:\ProgramData\WinSAPSvc
[-] Folder deleted: C:\ProgramData\Microleaves
[#] Folder deleted on reboot: C:\ProgramData\winsapsvc
[#] Folder deleted on reboot: C:\ProgramData\Application Data\WinSAPSvc
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Microleaves
[#] Folder deleted on reboot: C:\ProgramData\Application Data\winsapsvc
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Socia2Sear Browser Enhancer
[-] Folder deleted: C:\Program Files (x86)\OneSystemCare
[-] Folder deleted: C:\Program Files (x86)\CleanBrowser
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\yset
[-] Folder deleted: C:\Program Files (x86)\Microleaves
[-] Folder deleted: C:\Program Files (x86)\Drecaward Client
[-] Folder deleted: C:\Program Files (x86)\MIO
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\Tencent
[-] Folder deleted: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\merry\AppData\Roaming\Mozilla\Firefox\naweriweentcofise
[-] Folder deleted: C:\WINDOWS\SysWoW64\sstmp
[#] Folder deleted on reboot: C:\Users\merry\AppData\Roaming\WinSnare
[#] Folder deleted on reboot: C:\Program Files (x86)\MIO
- [ Files ] *****
[-] File deleted: C:\WINDOWS\SysNative\drivers\a9e2d46f28ec067ad179f0c3694a4524.sys
[-] File deleted: C:\Users\merry\Desktop\Facebook.lnk
[#] File deleted: C:\WINDOWS\SysNative\NetUtils2016.dll
[#] File deleted: C:\WINDOWS\SysNative\drivers\NetUtils2016.sys
[-] File deleted: C:\END
[-] File deleted: C:\appverifier.txt
[-] File deleted: C:\TOSTACK
[-] File deleted: C:\WINDOWS\SysWoW64\NetUtils2016.exe
[-] File deleted: C:\Users\merry\AppData\Local\Microsoft\CLR_v2.0\UsageLogs\AppVerifierapc.exe.log
[-] File deleted: C:\Users\merry\AppData\Roaming\Installer.dat
[-] File deleted: C:\Users\merry\AppData\Roaming\InstallationConfiguration.xml
[-] File deleted: C:\Users\merry\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage
[-] File deleted: C:\Users\merry\AppData\Local\Google\Chrome\User Data\ChromeDefaultData\Local Storage\hxxp_static.coupontime00.coupontime.co_0.localstorage-journal
- [ DLL ] *****
- [ WMI ] *****
- [ Shortcuts ] *****
- [ Scheduled Tasks ] *****
[-] Task deleted: {090F0E47-0B0B-0C0F-7D11-79040809110C}
[-] Task deleted: One System Care Task
[-] Task deleted: Traffic Exchange Guardian
[-] Task deleted: Traffic Exchange Updater
[-] Task deleted: Traffic Exchange
[-] Task deleted: Traffic Exchange Guard
[-] Task deleted: Milimili
[-] Task deleted: Drecaward Client
[-] Task deleted: Niiseclajuent
- [ Registry ] *****
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WindowService
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[#] Key deleted on reboot: [x64] HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\WinSnare
[-] Key deleted: HKU\.DEFAULT\Software\ompndb
[-] Key deleted: HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\OMX_Media
[-] Key deleted: HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\One System Care
[-] Key deleted: HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\PRODUCTSETUP
[-] Key deleted: HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\WajIEnhance
[-] Key deleted: HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\csastats
[-] Key deleted: HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\ICSW1.23
[-] Key deleted: HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\AppDataLow\Software\AppTrailers
[#] Key deleted on reboot: HKU\S-1-5-18\Software\ompndb
[#] Key deleted on reboot: HKCU\Software\OMX_Media
[#] Key deleted on reboot: HKCU\Software\One System Care
[#] Key deleted on reboot: HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: HKCU\Software\WajIEnhance
[#] Key deleted on reboot: HKCU\Software\csastats
[#] Key deleted on reboot: HKCU\Software\ICSW1.23
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\AppTrailers
[-] Key deleted: HKLM\SOFTWARE\youndooSoftware
[-] Key deleted: HKLM\SOFTWARE\OtherSearch
[-] Key deleted: HKLM\SOFTWARE\ScreenShot
[-] Key deleted: HKLM\SOFTWARE\ompndb
[-] Key deleted: HKLM\SOFTWARE\Microleaves
[-] Key deleted: HKLM\SOFTWARE\Socia2Sear Browser Enhancer
[-] Key deleted: HKLM\SOFTWARE\Ckafoyanerqeent
[-] Key deleted: HKLM\SOFTWARE\dozuent.exe
[-] Key deleted: HKLM\SOFTWARE\Suvosh
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NUIns
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OneSystemCare
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0187837F-FA61-437D-9647-EE1E86233276}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebOptimum
[#] Key deleted on reboot: [x64] HKCU\Software\OMX_Media
[#] Key deleted on reboot: [x64] HKCU\Software\One System Care
[#] Key deleted on reboot: [x64] HKCU\Software\PRODUCTSETUP
[#] Key deleted on reboot: [x64] HKCU\Software\WajIEnhance
[#] Key deleted on reboot: [x64] HKCU\Software\csastats
[#] Key deleted on reboot: [x64] HKCU\Software\ICSW1.23
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\AppTrailers
[-] Key deleted: [x64] HKLM\SOFTWARE\AppApcVerifier
[-] Key deleted: [x64] HKLM\SOFTWARE\ompndb
[-] Key deleted: [x64] HKLM\SOFTWARE\HDWallpaper
[-] Key deleted: [x64] HKLM\SOFTWARE\Microleaves
[-] Key deleted: [x64] HKLM\SOFTWARE\Socia2Sear Browser Enhancer
[-] Key deleted: [x64] HKLM\SOFTWARE\pcv-var
[-] Key deleted: [x64] HKLM\SOFTWARE\InterSect Alliance
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Key deleted: HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driverupdate.net
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.driverupdate.net
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driverupdate.net
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.driverupdate.net
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\static.cmptch.com
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\driverupdate.net
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.driverupdate.net
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\driverupdate.net
[#] Key deleted on reboot: [x64] HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.driverupdate.net
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key deleted: HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\e24b7131-d039-43cb-9e6f-ad4be601ec1f
[#] Key deleted on reboot: HKLM\SYSTEM\ControlSet001\Control\Power\User\PowerSchemes\04262113-2a31-48e1-b4bb-3b42174bea0f
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
[-] Value deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [Stuhoph]
- [ Web browsers ] *****
- [ Web browsers ] *****
:: "Tracing" keys deleted
:: Winsock settings cleared
C:\AdwCleaner\AdwCleaner[C0].txt - [11865 Bytes] - [16/02/2017 11:33:44]
C:\AdwCleaner\AdwCleaner[S0].txt - [11160 Bytes] - [16/02/2017 11:32:01]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [12013 Bytes] ##########
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 627
16 févr. 2017 à 20:03
16 févr. 2017 à 20:03
Salut,
Tu peux suivre les étapes 2 et 3.
Tu peux suivre les étapes 2 et 3.
Rebonjour
J'ai aussi fait le scan avec fabar recovery et j'ai envoyé les 3 liens.
Merci
J'ai aussi fait le scan avec fabar recovery et j'ai envoyé les 3 liens.
Merci
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 627
16 févr. 2017 à 21:14
16 févr. 2017 à 21:14
il faut les donner ici.
http://pjjoint.malekal.com/files.php?id=20170217_b5m11l10o13n11
http://pjjoint.malekal.com/files.php?id=FRST_20170217_d14j6t13z12h8
http://pjjoint.malekal.com/files.php?id=20170217_m10o15p10b9u10
Désolée pour le retard.
http://pjjoint.malekal.com/files.php?id=FRST_20170217_d14j6t13z12h8
http://pjjoint.malekal.com/files.php?id=20170217_m10o15p10b9u10
Désolée pour le retard.
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 627
Modifié par Malekal_morte- le 17/02/2017 à 19:03
Modifié par Malekal_morte- le 17/02/2017 à 19:03
Désinstalle SpyHunter 4
Voici la correction à effectuer avec FRST. Tu peux t'aider de cette note explicative avec des captures d'écran.
Ouvre le bloc-notes : Touche Windows + R,
Dans le champs "Exécuter", saisir notepad et OK.
Copie/Colle dedans ce qui suit :
Une fois, le texte collé dans le Bloc-notes,
Menu "Fichier" puis "Enregistrer sous",
A gauche, place toi sur le Bureau,
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clique sur "Enregistrer", cela va créer fixlist.txt sur le Bureau.
Relance FRST et clique sur le bouton "Corriger / Fix"
Un redémarrage sera peut-être nécessaire ( pas obligatoire )
Un fichier texte apparait, copie/colle le contenu ici dans un nouveau message.
Redémarre l'ordinateur.
Voici la correction à effectuer avec FRST. Tu peux t'aider de cette note explicative avec des captures d'écran.
Ouvre le bloc-notes : Touche Windows + R,
Dans le champs "Exécuter", saisir notepad et OK.
Copie/Colle dedans ce qui suit :
CloseProcesses:
CreateRestorePoint:
ShellExecuteHooks: No Name - {58AF6728-ECD0-11E6-BFEA-64006A5CFC23} - C:\Users\merry\AppData\Roaming\Climofabech\Gipphsaweght.dll -> No File
CHR Extension: (Yahoo Partner) - C:\Users\merry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep [2017-02-14]
CHR Extension: (Yahoo Partner) - C:\Users\merry\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoalfhodgifhbkgmbbdafcihjpdldpll [2017-02-14]
S2 NvyhlTG8XcnR Updater; C:\Program Files (x86)\NvyhlTG8XcnR Updater\NvyhlTG8XcnR Updater.exe [X]
U1 NetUtils2016; C:\WINDOWS\system32\drivers\NetUtils2016.sys [909944 2017-02-10] () <==== ATTENTION
2017-02-16 10:59 - 2017-02-16 11:00 - 00000000 ____D C:\Users\merry\AppData\Roaming\American Well
2017-02-16 10:59 - 2017-02-16 10:59 - 03767456 _____ (AmericanWell) C:\Users\merry\Downloads\AmWellVideoInstall.exe
2017-02-16 10:59 - 2017-02-16 10:59 - 00000000 ____D C:\Users\merry\AppData\Roaming\Vidyo
2017-02-16 10:34 - 2017-02-16 11:02 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
2017-02-16 10:34 - 2017-02-16 11:02 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
2017-02-16 10:34 - 2017-02-16 11:02 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
2017-02-16 10:34 - 2017-02-16 10:34 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3
2017-02-16 10:34 - 2017-02-16 10:34 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2
2017-02-16 10:34 - 2017-02-16 10:34 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1
HKU\S-1-5-21-414736934-3487570862-1913456509-1001\...\Run: [EnhancedVideo] => C:\Users\merry\AppData\Roaming\American Well\Files\52333\AmWellVideoWindow.exe [900200 2016-12-12] (American Well)
C:\Users\merry\AppData\Roaming\American Well
2017-02-10 07:13 - 2017-02-10 07:14 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-10 07:13 - 2017-02-10 07:14 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-10 07:11 - 2017-02-10 07:11 - 00021602 _____ C:\WINDOWS\System32\Tasks\NvyhlTG8XcnR
2017-02-10 07:10 - 2017-02-13 18:43 - 00000000 ____D C:\Program Files (x86)\Dercety
2017-02-10 07:10 - 2017-02-10 07:10 - 00000000 ____D C:\Users\merry\AppData\Local\Jaduch
2017-02-10 07:09 - 2017-02-10 10:54 - 00000000 ____D C:\Program Files\361135080622ddb521a929e46ac5b7b8
2017-02-10 07:09 - 2017-02-10 07:32 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-02-10 06:57 - 2017-02-10 06:57 - 00000000 ____D C:\Program Files (x86)\Therhisy
2017-02-10 06:52 - 2017-02-13 19:15 - 00000000 ____D C:\Program Files (x86)\a4ddd3f8-503b-4e83-80e0-b46e52aec45f1486734747
2017-02-10 06:51 - 2017-02-16 11:36 - 00625272 _____ C:\WINDOWS\system32\NetUtils2016.dll
2017-02-10 06:51 - 2017-02-10 06:51 - 00909944 _____ C:\WINDOWS\system32\Drivers\NetUtils2016.sys
2017-02-10 06:51 - 2017-02-10 06:51 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-02-10 06:50 - 2017-02-13 19:01 - 00000000 ____D C:\Program Files (x86)\lIR6I6L5vb
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
Une fois, le texte collé dans le Bloc-notes,
Menu "Fichier" puis "Enregistrer sous",
A gauche, place toi sur le Bureau,
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clique sur "Enregistrer", cela va créer fixlist.txt sur le Bureau.
Relance FRST et clique sur le bouton "Corriger / Fix"
Un redémarrage sera peut-être nécessaire ( pas obligatoire )
Un fichier texte apparait, copie/colle le contenu ici dans un nouveau message.
Redémarre l'ordinateur.
gigilot
>
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
17 févr. 2017 à 19:12
17 févr. 2017 à 19:12
Bonjour
Voici le texte du notepad:
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by merry (17-02-2017 11:02:58) Run:1
Running from C:\Users\merry\Desktop
Loaded Profiles: merry (Available Profiles: merry)
Boot Mode: Normal
==============================================
fixlist content:
CloseProcesses:
CreateRestorePoint:
ShellExecuteHooks: No Name - {58AF6728-ECD0-11E6-BFEA-64006A5CFC23} - C:\Users\merry\AppData\Roaming\Climofabech\Gipphsaweght.dll -> No File
CHR Extension: (Yahoo Partner) - C:\Users\merry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep [2017-02-14]
CHR Extension: (Yahoo Partner) - C:\Users\merry\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoalfhodgifhbkgmbbdafcihjpdldpll [2017-02-14]
S2 NvyhlTG8XcnR Updater; C:\Program Files (x86)\NvyhlTG8XcnR Updater\NvyhlTG8XcnR Updater.exe [X]
U1 NetUtils2016; C:\WINDOWS\system32\drivers\NetUtils2016.sys [909944 2017-02-10] () <==== ATTENTION
2017-02-16 12:03 - 2017-02-16 12:03 - 00003442 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2017-02-16 12:03 - 2017-02-16 12:03 - 00001139 _____ C:\Users\merry\Desktop\SpyHunter.lnk
2017-02-16 12:03 - 2017-02-16 12:03 - 00000000 ____D C:\Users\merry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2017-02-16 12:03 - 2017-02-16 12:03 - 00000000 ____D C:\Users\merry\AppData\Roaming\Enigma Software Group
2017-02-16 10:59 - 2017-02-16 11:00 - 00000000 ____D C:\Users\merry\AppData\Roaming\American Well
2017-02-16 10:59 - 2017-02-16 10:59 - 03767456 _____ (AmericanWell) C:\Users\merry\Downloads\AmWellVideoInstall.exe
2017-02-16 10:59 - 2017-02-16 10:59 - 00000000 ____D C:\Users\merry\AppData\Roaming\Vidyo
2017-02-16 10:34 - 2017-02-16 11:02 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
2017-02-16 10:34 - 2017-02-16 11:02 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
2017-02-16 10:34 - 2017-02-16 11:02 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
2017-02-16 10:34 - 2017-02-16 10:34 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3
2017-02-16 10:34 - 2017-02-16 10:34 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2
2017-02-16 10:34 - 2017-02-16 10:34 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1
HKU\S-1-5-21-414736934-3487570862-1913456509-1001\...\Run: [EnhancedVideo] => C:\Users\merry\AppData\Roaming\American Well\Files\52333\AmWellVideoWindow.exe [900200 2016-12-12] (American Well)
C:\Users\merry\AppData\Roaming\American Well
2017-02-10 07:13 - 2017-02-10 07:14 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-10 07:13 - 2017-02-10 07:14 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-10 07:11 - 2017-02-10 07:11 - 00021602 _____ C:\WINDOWS\System32\Tasks\NvyhlTG8XcnR
2017-02-10 07:10 - 2017-02-13 18:43 - 00000000 ____D C:\Program Files (x86)\Dercety
2017-02-10 07:10 - 2017-02-10 07:10 - 00000000 ____D C:\Users\merry\AppData\Local\Jaduch
2017-02-10 07:09 - 2017-02-10 10:54 - 00000000 ____D C:\Program Files\361135080622ddb521a929e46ac5b7b8
2017-02-10 07:09 - 2017-02-10 07:32 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-02-10 06:57 - 2017-02-10 06:57 - 00000000 ____D C:\Program Files (x86)\Therhisy
2017-02-10 06:52 - 2017-02-13 19:15 - 00000000 ____D C:\Program Files (x86)\a4ddd3f8-503b-4e83-80e0-b46e52aec45f1486734747
2017-02-10 06:51 - 2017-02-16 11:36 - 00625272 _____ C:\WINDOWS\system32\NetUtils2016.dll
2017-02-10 06:51 - 2017-02-10 06:51 - 00909944 _____ C:\WINDOWS\system32\Drivers\NetUtils2016.sys
2017-02-10 06:51 - 2017-02-10 06:51 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-02-10 06:50 - 2017-02-13 19:01 - 00000000 ____D C:\Program Files (x86)\lIR6I6L5vb
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{58AF6728-ECD0-11E6-BFEA-64006A5CFC23} => value removed successfully
HKCR\CLSID\{58AF6728-ECD0-11E6-BFEA-64006A5CFC23} => key not found.
C:\Users\merry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep => moved successfully
C:\Users\merry\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoalfhodgifhbkgmbbdafcihjpdldpll => moved successfully
HKLM\System\CurrentControlSet\Services\NvyhlTG8XcnR Updater => key removed successfully
NvyhlTG8XcnR Updater => service removed successfully
HKLM\System\CurrentControlSet\Services\NetUtils2016 => key removed successfully
NetUtils2016 => service removed successfully
C:\WINDOWS\System32\Tasks\SpyHunter4Startup => moved successfully
C:\Users\merry\Desktop\SpyHunter.lnk => moved successfully
C:\Users\merry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter => moved successfully
C:\Users\merry\AppData\Roaming\Enigma Software Group => moved successfully
C:\Users\merry\AppData\Roaming\American Well => moved successfully
C:\Users\merry\Downloads\AmWellVideoInstall.exe => moved successfully
C:\Users\merry\AppData\Roaming\Vidyo => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => moved successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3 => moved successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2 => moved successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1 => moved successfully
HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EnhancedVideo => value removed successfully
"C:\Users\merry\AppData\Roaming\American Well" => not found.
C:\Users\Default\AppData\Local\AdvinstAnalytics => moved successfully
"C:\Users\Default User\AppData\Local\AdvinstAnalytics" => not found.
C:\WINDOWS\System32\Tasks\NvyhlTG8XcnR => moved successfully
C:\Program Files (x86)\Dercety => moved successfully
C:\Users\merry\AppData\Local\Jaduch => moved successfully
C:\Program Files\361135080622ddb521a929e46ac5b7b8 => moved successfully
C:\WINDOWS\system32\SSL => moved successfully
C:\Program Files (x86)\Therhisy => moved successfully
C:\Program Files (x86)\a4ddd3f8-503b-4e83-80e0-b46e52aec45f1486734747 => moved successfully
C:\WINDOWS\system32\NetUtils2016.dll => moved successfully
C:\WINDOWS\system32\Drivers\NetUtils2016.sys => moved successfully
C:\WINDOWS\system32\sstmp => moved successfully
C:\Program Files (x86)\lIR6I6L5vb => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => not found.
C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => not found.
C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-414736934-3487570862-1913456509-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-414736934-3487570862-1913456509-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 44692 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 107962394 B
Java, Flash, Steam htmlcache => 2430 B
Windows/system/drivers => 596974666 B
Edge => 5756803 B
Chrome => 12599640 B
Firefox => 309304879 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4922 B
NetworkService => 199874 B
merry => 659176646 B
RecycleBin => 2926457282 B
EmptyTemp: => 4.3 GB temporary data Removed.
================================
The system needed a reboot.
Voici le texte du notepad:
Fix result of Farbar Recovery Scan Tool (x64) Version: 15-02-2017 02
Ran by merry (17-02-2017 11:02:58) Run:1
Running from C:\Users\merry\Desktop
Loaded Profiles: merry (Available Profiles: merry)
Boot Mode: Normal
==============================================
fixlist content:
CloseProcesses:
CreateRestorePoint:
ShellExecuteHooks: No Name - {58AF6728-ECD0-11E6-BFEA-64006A5CFC23} - C:\Users\merry\AppData\Roaming\Climofabech\Gipphsaweght.dll -> No File
CHR Extension: (Yahoo Partner) - C:\Users\merry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep [2017-02-14]
CHR Extension: (Yahoo Partner) - C:\Users\merry\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoalfhodgifhbkgmbbdafcihjpdldpll [2017-02-14]
S2 NvyhlTG8XcnR Updater; C:\Program Files (x86)\NvyhlTG8XcnR Updater\NvyhlTG8XcnR Updater.exe [X]
U1 NetUtils2016; C:\WINDOWS\system32\drivers\NetUtils2016.sys [909944 2017-02-10] () <==== ATTENTION
2017-02-16 12:03 - 2017-02-16 12:03 - 00003442 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup
2017-02-16 12:03 - 2017-02-16 12:03 - 00001139 _____ C:\Users\merry\Desktop\SpyHunter.lnk
2017-02-16 12:03 - 2017-02-16 12:03 - 00000000 ____D C:\Users\merry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2017-02-16 12:03 - 2017-02-16 12:03 - 00000000 ____D C:\Users\merry\AppData\Roaming\Enigma Software Group
2017-02-16 10:59 - 2017-02-16 11:00 - 00000000 ____D C:\Users\merry\AppData\Roaming\American Well
2017-02-16 10:59 - 2017-02-16 10:59 - 03767456 _____ (AmericanWell) C:\Users\merry\Downloads\AmWellVideoInstall.exe
2017-02-16 10:59 - 2017-02-16 10:59 - 00000000 ____D C:\Users\merry\AppData\Roaming\Vidyo
2017-02-16 10:34 - 2017-02-16 11:02 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job
2017-02-16 10:34 - 2017-02-16 11:02 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job
2017-02-16 10:34 - 2017-02-16 11:02 - 00000364 _____ C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job
2017-02-16 10:34 - 2017-02-16 10:34 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3
2017-02-16 10:34 - 2017-02-16 10:34 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2
2017-02-16 10:34 - 2017-02-16 10:34 - 00003256 _____ C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1
HKU\S-1-5-21-414736934-3487570862-1913456509-1001\...\Run: [EnhancedVideo] => C:\Users\merry\AppData\Roaming\American Well\Files\52333\AmWellVideoWindow.exe [900200 2016-12-12] (American Well)
C:\Users\merry\AppData\Roaming\American Well
2017-02-10 07:13 - 2017-02-10 07:14 - 00000000 ____D C:\Users\Default\AppData\Local\AdvinstAnalytics
2017-02-10 07:13 - 2017-02-10 07:14 - 00000000 ____D C:\Users\Default User\AppData\Local\AdvinstAnalytics
2017-02-10 07:11 - 2017-02-10 07:11 - 00021602 _____ C:\WINDOWS\System32\Tasks\NvyhlTG8XcnR
2017-02-10 07:10 - 2017-02-13 18:43 - 00000000 ____D C:\Program Files (x86)\Dercety
2017-02-10 07:10 - 2017-02-10 07:10 - 00000000 ____D C:\Users\merry\AppData\Local\Jaduch
2017-02-10 07:09 - 2017-02-10 10:54 - 00000000 ____D C:\Program Files\361135080622ddb521a929e46ac5b7b8
2017-02-10 07:09 - 2017-02-10 07:32 - 00000000 ____D C:\WINDOWS\system32\SSL
2017-02-10 06:57 - 2017-02-10 06:57 - 00000000 ____D C:\Program Files (x86)\Therhisy
2017-02-10 06:52 - 2017-02-13 19:15 - 00000000 ____D C:\Program Files (x86)\a4ddd3f8-503b-4e83-80e0-b46e52aec45f1486734747
2017-02-10 06:51 - 2017-02-16 11:36 - 00625272 _____ C:\WINDOWS\system32\NetUtils2016.dll
2017-02-10 06:51 - 2017-02-10 06:51 - 00909944 _____ C:\WINDOWS\system32\Drivers\NetUtils2016.sys
2017-02-10 06:51 - 2017-02-10 06:51 - 00000000 ____D C:\WINDOWS\system32\sstmp
2017-02-10 06:50 - 2017-02-13 19:01 - 00000000 ____D C:\Program Files (x86)\lIR6I6L5vb
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\OnlineGuardian-v2.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => C:\Program Files (x86)\Microleaves\Traffic Exchange\Online-Guardian-v2.0.9.exe <==== ATTENTION
Hosts:
EmptyTemp:
RemoveProxy:
Reboot:
Processes closed successfully.
Error: (0) Failed to create a restore point.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{58AF6728-ECD0-11E6-BFEA-64006A5CFC23} => value removed successfully
HKCR\CLSID\{58AF6728-ECD0-11E6-BFEA-64006A5CFC23} => key not found.
C:\Users\merry\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhfhojbhbnajajgihpicejdalbjlpcep => moved successfully
C:\Users\merry\AppData\Local\Google\Chrome\User Data\Default\Extensions\eoalfhodgifhbkgmbbdafcihjpdldpll => moved successfully
HKLM\System\CurrentControlSet\Services\NvyhlTG8XcnR Updater => key removed successfully
NvyhlTG8XcnR Updater => service removed successfully
HKLM\System\CurrentControlSet\Services\NetUtils2016 => key removed successfully
NetUtils2016 => service removed successfully
C:\WINDOWS\System32\Tasks\SpyHunter4Startup => moved successfully
C:\Users\merry\Desktop\SpyHunter.lnk => moved successfully
C:\Users\merry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter => moved successfully
C:\Users\merry\AppData\Roaming\Enigma Software Group => moved successfully
C:\Users\merry\AppData\Roaming\American Well => moved successfully
C:\Users\merry\Downloads\AmWellVideoInstall.exe => moved successfully
C:\Users\merry\AppData\Roaming\Vidyo => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => moved successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 3 => moved successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 2 => moved successfully
C:\WINDOWS\System32\Tasks\Traffic Exchange v209 - 1 => moved successfully
HKU\S-1-5-21-414736934-3487570862-1913456509-1001\Software\Microsoft\Windows\CurrentVersion\Run\\EnhancedVideo => value removed successfully
"C:\Users\merry\AppData\Roaming\American Well" => not found.
C:\Users\Default\AppData\Local\AdvinstAnalytics => moved successfully
"C:\Users\Default User\AppData\Local\AdvinstAnalytics" => not found.
C:\WINDOWS\System32\Tasks\NvyhlTG8XcnR => moved successfully
C:\Program Files (x86)\Dercety => moved successfully
C:\Users\merry\AppData\Local\Jaduch => moved successfully
C:\Program Files\361135080622ddb521a929e46ac5b7b8 => moved successfully
C:\WINDOWS\system32\SSL => moved successfully
C:\Program Files (x86)\Therhisy => moved successfully
C:\Program Files (x86)\a4ddd3f8-503b-4e83-80e0-b46e52aec45f1486734747 => moved successfully
C:\WINDOWS\system32\NetUtils2016.dll => moved successfully
C:\WINDOWS\system32\Drivers\NetUtils2016.sys => moved successfully
C:\WINDOWS\system32\sstmp => moved successfully
C:\Program Files (x86)\lIR6I6L5vb => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v2 - 1.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v2 - 2.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v2 - 3.job => moved successfully
C:\WINDOWS\Tasks\Traffic Exchange v209 - 1.job => not found.
C:\WINDOWS\Tasks\Traffic Exchange v209 - 2.job => not found.
C:\WINDOWS\Tasks\Traffic Exchange v209 - 3.job => not found.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-414736934-3487570862-1913456509-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-414736934-3487570862-1913456509-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 44692 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 107962394 B
Java, Flash, Steam htmlcache => 2430 B
Windows/system/drivers => 596974666 B
Edge => 5756803 B
Chrome => 12599640 B
Firefox => 309304879 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 4922 B
NetworkService => 199874 B
merry => 659176646 B
RecycleBin => 2926457282 B
EmptyTemp: => 4.3 GB temporary data Removed.
================================
The system needed a reboot.
End of Fixlog 11:06:18
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 627
18 févr. 2017 à 09:57
18 févr. 2017 à 09:57
MalwareBytes ( durée : environ 40min de scan ):
==================================================
Télécharge et installe MBAM. La version gratuite permet de nettoyer ( décoche bien la proposition d'essai de la version Premium à la fin de l'installation ) :
Mettre MBAM à jour puis lancer un examen.
A la fin du scan, clique sur "Supprimer Sélection" en bas à gauche.
Redémarrer l'ordinateur si nécessaire puis relancer Malwarebytes.
Vas chercher le rapport dans l'onglet "Historique".
A gauche "Journal d'analyse", double-clique sur l'examen dans la liste. Puis en bas "Copier dans le presse papier", va sur http://pjjoint.malekal.com/, clique droit "Coller" pour coller le contenu du rapport du scan. Clique sur "Envoyer". Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.
==================================================
Télécharge et installe MBAM. La version gratuite permet de nettoyer ( décoche bien la proposition d'essai de la version Premium à la fin de l'installation ) :
Mettre MBAM à jour puis lancer un examen.
A la fin du scan, clique sur "Supprimer Sélection" en bas à gauche.
Redémarrer l'ordinateur si nécessaire puis relancer Malwarebytes.
Vas chercher le rapport dans l'onglet "Historique".
A gauche "Journal d'analyse", double-clique sur l'examen dans la liste. Puis en bas "Copier dans le presse papier", va sur http://pjjoint.malekal.com/, clique droit "Coller" pour coller le contenu du rapport du scan. Clique sur "Envoyer". Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.
Bonjour
Voici le lien après scan malwarebytes:
http://pjjoint.malekal.com/files.php?id=20170219_r15j14u14l13k6
Merci pour toute votre aide.
Voici le lien après scan malwarebytes:
http://pjjoint.malekal.com/files.php?id=20170219_r15j14u14l13k6
Merci pour toute votre aide.
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 627
19 févr. 2017 à 10:11
19 févr. 2017 à 10:11
il reste quel problème ?
Bonjour
Je reprends la bataille contre ces PUP. J'ai toujours qqch sur mon ordi. Lorsque j'ouvre un nouvel onglet internet, un onglet s'affiche avec cet adresse:
https://www.xo.com/contact-us/support/web-hosting-support
Aussi, selon la page internet, au lieu d'avoir la mention page sécurisée, j'ai un rond avec un "i" à l'intérieur. i
Finalement, dès fois il y a des mots dans les textes internet surlignés et soulignés en tant que lien bizarre.
Comment trouver encore le souci?
Je reprends la bataille contre ces PUP. J'ai toujours qqch sur mon ordi. Lorsque j'ouvre un nouvel onglet internet, un onglet s'affiche avec cet adresse:
https://www.xo.com/contact-us/support/web-hosting-support
Aussi, selon la page internet, au lieu d'avoir la mention page sécurisée, j'ai un rond avec un "i" à l'intérieur. i
Finalement, dès fois il y a des mots dans les textes internet surlignés et soulignés en tant que lien bizarre.
Comment trouver encore le souci?
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 627
>
gigilot
26 févr. 2017 à 10:12
26 févr. 2017 à 10:12
sur Google Chrome ?
24 juil. 2016 à 23:25
24 juil. 2016 à 23:26