Virus chinois Résolu/Fermé

Question

Bien le bonjour à tous. Malekal, j'ai suivi une discussion sur le forum concernant la suppression de virus chinois. Voici les liens demandés relatifs aux rapports FRST - ADDITION - SHORTCUT
- http://pjjoint.malekal.com/files.php?id=FRST_20161222_x9c10w7o5d8
- http://pjjoint.malekal.com/files.php?id=20161222_e15b15x12y10c10
- http://pjjoint.malekal.com/files.php?id=20161222_y14y10d6m7c11
Merci de bien vouloir m'aider.

Malekal_morte- · Answer

Y a du boulot. Panneau de configuration puis programmes et fonctionnalités. Désinstalle tout ça : FileOptimizer Search module SMADAV YAC(Yet Another Cleaner!) youndoo - Uninstall Voici la correction à effectuer avec FRST. Tu peux t'aider de cette note explicative avec des captures d'écran. Ouvre le bloc-notes : Touche Windows + R, Dans le champs "Exécuter", saisir notepad et OK. Copie/Colle dedans ce qui suit : CreateRestorePoint:CloseProcesses:CreateRestorePoint:IFEO\MRT.exe: [Debugger] C:\Program Files (x86)\Arervut\_ALLOWDEL_a335\Gubed.exe -YrrehsShellExecuteHooks: No Name - {4556D09E-AC1B-11E6-BBC9-64006A5CFC23} - C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Nerqoy\Gsaphphecaent.dll [145920 2016-12-16] ()ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìÑ¹\X64\KZipShell.dll [2016-12-14] ()Winsock: Catalog9 01 chtbrkg.dll No File Winsock: Catalog9 02 chtbrkg.dll No File Winsock: Catalog9 03 chtbrkg.dll No File Winsock: Catalog9 04 chtbrkg.dll No File Winsock: Catalog9 05 chtbrkg.dll No File Winsock: Catalog9 06 chtbrkg.dll No File Winsock: Catalog9 07 chtbrkg.dll No File Winsock: Catalog9 08 chtbrkg.dll No File Winsock: Catalog9 09 chtbrkg.dll No File Winsock: Catalog9 10 chtbrkg.dll No File Winsock: Catalog9 11 chtbrkg.dll No File Winsock: Catalog9 12 chtbrkg.dll No File Winsock: Catalog9 25 chtbrkg.dll No File Winsock: Catalog9-x64 01 chtbrkg.dll No File Winsock: Catalog9-x64 02 chtbrkg.dll No File Winsock: Catalog9-x64 03 chtbrkg.dll No File Winsock: Catalog9-x64 04 chtbrkg.dll No File Winsock: Catalog9-x64 05 chtbrkg.dll No File Winsock: Catalog9-x64 06 chtbrkg.dll No File Winsock: Catalog9-x64 07 chtbrkg.dll No File Winsock: Catalog9-x64 08 chtbrkg.dll No File Winsock: Catalog9-x64 09 chtbrkg.dll No File Winsock: Catalog9-x64 10 chtbrkg.dll No File Winsock: Catalog9-x64 11 chtbrkg.dll No File Winsock: Catalog9-x64 12 chtbrkg.dll No File Winsock: Catalog9-x64 25 chtbrkg.dll No File R2 Archer; C:\Program Files (x86)\WinArcher\Archer.dll [778752 2016-12-19] (Fun Dw) [File not signed]R2 Arqtyvufeward; C:\Program Files (x86)\Arervut\GhlCenter.dll [274944 2016-12-16] () [File not signed]R2 Convxxxx; C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\hadha\UvConverter.exe [451072 2016-12-19] (TODO: ) [File not signed]R2 ed2kidle; C:\Program Files (x86)\amuleC1\ed2k.exe [237568 2016-12-19] (hxxp://www.amule.org/) [File not signed] [Pays HU - 80.249.163.1] R2 GmSvc; C:\Program Files (x86)\LDSGameCenter\GmSvc.dll [463272 2016-11-04] () R2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2016-12-14] () [File not signed] <==== ATTENTION R2 HpSvc; c:\program files (x86)\ludashi\lpi\HpSvc.dll [252328 2016-11-18] () <==== ATTENTION R2 KuaizipUpdateChecker; C:\Program Files\¿ìÑ¹\X86\kuaizipUpdateChecker.dll [219032 2016-12-14] () R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] (Elex do Brasil Participações Ltda) R3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [557056 2016-12-21] () [File not signed] <==== ATTENTION R2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe [3109888 2016-12-16] (Search Module Ltd.) [File not signed] R2 WinSAPSvc; C:\ProgramData\WinSAPSvc\WinSAP.dll [258048 2016-12-21] () [File not signed] R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda) S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda) S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda) R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda) R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda) R1 iSafeNetFilter; C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda) R2 KuaiZipDrive; C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [92832 2016-12-14] (WinMount International Inc) R3 SMUpdd; C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [52992 2016-12-16] () S3 ucdrv; C:\WINDOWS\System32\drivers:ucdrv-x64.sys [80850 ] (UC Web Inc.) <==== ATTENTION NETSVCx32: HpSvc -> C:\program files (x86)\ludashi\lpi\HpSvc.dll () NETSVCx32: GmSvc -> C:\Program Files (x86)\LDSGameCenter\GmSvc.dll () 2016-12-21 09:41 - 2016-12-21 09:41 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC 2016-12-21 09:41 - 2016-12-21 09:41 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\aMule 2016-12-21 09:41 - 2016-12-21 09:41 - 00000000 ____D C:\Program Files (x86)\amuleC1 2016-12-20 19:08 - 2016-12-20 19:08 - 00000000 ____D C:\ProgramData\UniqueId 2016-12-20 19:02 - 2016-12-20 19:08 - 01140184 _____ C:\Users\ASSY ABBE JACKLYN\Downloads\MindManager2017_setup.exe 2016-12-19 19:34 - 2016-12-21 13:12 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\lockhomepage 2016-12-19 19:02 - 2016-12-19 19:02 - 00003312 _____ C:\WINDOWS\System32\Tasks\smadav 2016-12-19 17:46 - 2016-12-19 17:47 - 00000000 ____D C:\Program Files (x86)\UvConverter 2016-12-19 17:46 - 2016-12-19 17:46 - 00000376 _____ C:\WINDOWS\SysWOW64\data.bin 2016-12-19 17:46 - 2016-12-19 17:46 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\hadha 2016-12-17 21:15 - 2016-12-21 13:09 - 00000000 ____D C:\ProgramData\WinSAPSvc 2016-12-17 21:15 - 2016-12-19 17:46 - 00000000 ____D C:\Program Files (x86)\WinArcher 2016-12-17 21:13 - 2016-12-21 13:10 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2016-12-17 21:12 - 2016-12-21 13:10 - 00000000 ____D C:\Program Files (x86)\a4wda5p4 2016-12-17 00:20 - 2016-12-17 00:20 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming avplugin 2016-12-17 00:20 - 2016-12-17 00:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全中心 2016-12-16 21:40 - 2016-12-16 21:40 - 00440320 _____ C:\ProgramData\smp2.exe 2016-12-16 21:40 - 2016-12-16 21:40 - 00187904 _____ C:\WINDOWS srcs.dll 2016-12-16 21:40 - 2016-12-16 21:40 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\VDI 2016-12-16 21:40 - 2016-12-16 21:40 - 00000000 ____D C:\ProgramData\SearchModule 2016-12-16 21:40 - 2016-12-16 21:40 - 00000000 ____D C:\Program Files\Common Files\Noobzo 2016-12-16 21:38 - 2016-12-18 10:12 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\Downloads\JQuery plugin 2016-12-16 21:38 - 2016-12-16 21:38 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Nerqoy 2016-12-16 21:37 - 2016-12-16 21:39 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Local\Stisition 2016-12-16 21:36 - 2016-12-21 13:10 - 00000000 ____D C:\Program Files (x86)\Arervut 2016-12-14 20:45 - 2016-12-14 20:45 - 00000000 __SHD C:\ProgramData\WindowsMsg 2016-12-14 20:45 - 2016-12-14 20:45 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Local\Chromium 2016-12-14 20:41 - 2016-12-14 20:41 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\LDSGameAssistant 2016-12-14 20:41 - 2016-12-14 20:41 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\360wp 2016-12-14 20:39 - 2016-12-21 13:12 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Ludashi 2016-12-14 20:39 - 2016-12-16 21:39 - 00000000 ____D C:\Program Files (x86)\LDSGameCenter 2016-12-14 20:39 - 2016-12-14 20:39 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\LDSGameCenter 2016-12-14 20:38 - 2016-12-16 21:39 - 00000000 ____D C:\Program Files (x86)\LuDaShi 2016-12-14 20:38 - 2016-12-14 20:38 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Local\UCBrowser 2016-12-14 20:36 - 2016-12-14 20:38 - 00000000 ____D C:\ProgramData\ProductData 2016-12-14 20:36 - 2016-12-14 20:36 - 00027552 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS 2016-12-14 20:36 - 2016-12-14 20:36 - 00000000 ____D C:\WINDOWS\IObit 2016-12-14 20:36 - 2016-12-14 20:36 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\LocalLow\IObit 2016-12-14 20:35 - 2016-12-21 12:21 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\KuaiZip 2016-12-14 20:35 - 2016-12-14 20:35 - 00092832 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys 2016-12-14 20:35 - 2016-12-14 20:35 - 00000000 __SHD C:\Users\ASSY ABBE JACKLYN\AppData\Local\svchost 2016-12-14 20:35 - 2016-12-14 20:35 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Softlink 2016-12-14 20:35 - 2016-12-14 20:35 - 00000000 ____D C:\Program Files\¿ìÑ¹ 2016-12-14 20:35 - 2016-11-09 15:55 - 00778752 _____ C:\WINDOWS\system32\chtbrkg.dll 2016-12-14 20:35 - 2016-11-09 15:55 - 00590848 _____ C:\WINDOWS\SysWOW64\chtbrkg.dll 2016-12-14 20:34 - 2016-12-14 20:34 - 01620992 _____ C:\ProgramData\service.exe 2016-12-14 20:34 - 2016-12-14 20:34 - 00000000 ____D C:\Users\Public\Thunder Network 2016-12-14 20:34 - 2016-12-14 20:34 - 00000000 ____D C:\ProgramData\Thunder Network Task: {1751C4A8-C151-4719-8D28-72F89F4F735B} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SMΔRTP.exe [2014-01-21] (Smadsoft)Task: {E134E89F-3C09-4652-B947-AF383DEFEC34} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTIONShortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Nosekiss\Application\chrome.exe (Google Inc.)Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Nosekiss\Application\chrome.exe (Google Inc.)ShortcutWithArgument: C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.amisites.com/?type=sc&ts=1482169619&z=038e6477a63e6f3c81eefc4g3z8b1oegaq7t7mdb0w&from=archer1028&uid=TOSHIBAXMQ02ABF050H_85CAW040TXX85CAW040TShortcutWithArgument: C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MoneyBot.exe.lnk -> C:\Program Files (x86)\IconRunner\MoneyBot.exe () -> hxxp://54.148.148.252/icon/tds.phpShortcutWithArgument: C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=GCGzamobl20564AU,350fca86-f1ad-44dd-8f09-fc74b8c5bf51,"ShortcutWithArgument: C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk -> C:\program files\internet explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.amisites.com/?type=sc&ts=1482169619&z=038e6477a63e6f3c81eefc4g3z8b1oegaq7t7mdb0w&from=archer1028&uid=TOSHIBAXMQ02ABF050H_85CAW040TXX85CAW040TShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.booking.com/index.html?aid=398438&label=squareShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.amisites.com/?type=sc&ts=1482169619&z=038e6477a63e6f3c81eefc4g3z8b1oegaq7t7mdb0w&from=archer1028&uid=TOSHIBAXMQ02ABF050H_85CAW040TXX85CAW040THKU\S-1-5-21-3431295754-1596330027-1925041854-1001\...\ChromeHTML: -> C:\Program Files (x86)\Nosekiss\Application\chrome.exe (Google Inc.) <==== ATTENTIONcmd: netsh winsock reset Hosts:EmptyTemp:RemoveProxy: Une fois, le texte collé dans le Bloc-notes, Menu "Fichier" puis "Enregistrer sous", A gauche, place toi sur le Bureau, Dans le champs en bas, nom du fichier mets : fixlist.txt Clique sur "Enregistrer", cela va créer fixlist.txt sur le Bureau. Relance FRST et clique sur le bouton "Corriger / Fix" Un redémarrage sera peut-être nécessaire ( pas obligatoire ) Un fichier texte apparait, copie/colle le contenu ici dans un nouveau message. Redémarre l'ordinateur. 2°) Réinitialise/Répare les navigateurs WEB : Réparer Mozilla Firefox (premier paragraphe) Réparer Google Chrome (seulement le premier paragraphe). Réinitialiser et réparer Internet Explorer3°) MalwareBytes ( durée : environ 40min de scan ): ================================================== Télécharge et installe MBAM. La version gratuite permet de nettoyer ( décoche bien la proposition d'essai de la version Premium à la fin de l'installation ) : Tutoriel Malwarebytes Anti-Malware (MBAM) version gratuiteMettre MBAM à jour puis lancer un examen. A la fin du scan, clique sur "Supprimer Sélection" en bas à gauche. Redémarrer l'ordinateur si nécessaire puis relancer Malwarebytes. Vas chercher le rapport dans l'onglet "Historique". A gauche "Journal d'analyse", double-clique sur l'examen dans la liste. Puis en bas "Copier dans le presse papier", va sur http://pjjoint.malekal.com/, clique droit "Coller" pour coller le contenu du rapport du scan. Clique sur "Envoyer". Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.

Boanerges7 · Answer

Le fix est terminé avec redémarrage de mon ordi. VOici le contenu du fichier Fixlog.txt: Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016 Ran by ASSY ABBE JACKLYN (22-12-2016 16:49:01) Run:1 Running from C:\Users\ASSY ABBE JACKLYN\Desktop Loaded Profiles: ASSY ABBE JACKLYN (Available Profiles: ASSY ABBE JACKLYN & Ordinary person) Boot Mode: Normal ============================================== fixlist content: CreateRestorePoint: CloseProcesses: CreateRestorePoint: IFEO\MRT.exe: [Debugger] C:\Program Files (x86)\Arervut\_ALLOWDEL_a335\Gubed.exe -Yrrehs ShellExecuteHooks: No Name - {4556D09E-AC1B-11E6-BBC9-64006A5CFC23} - C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Nerqoy\Gsaphphecaent.dll [145920 2016-12-16] () ShellIconOverlayIdentifiers: [KzShlobj] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F2} => C:\Program Files\¿ìÑ¹\X64\KZipShell.dll [2016-12-14] () Winsock: Catalog9 01 chtbrkg.dll No File Winsock: Catalog9 02 chtbrkg.dll No File Winsock: Catalog9 03 chtbrkg.dll No File Winsock: Catalog9 04 chtbrkg.dll No File Winsock: Catalog9 05 chtbrkg.dll No File Winsock: Catalog9 06 chtbrkg.dll No File Winsock: Catalog9 07 chtbrkg.dll No File Winsock: Catalog9 08 chtbrkg.dll No File Winsock: Catalog9 09 chtbrkg.dll No File Winsock: Catalog9 10 chtbrkg.dll No File Winsock: Catalog9 11 chtbrkg.dll No File Winsock: Catalog9 12 chtbrkg.dll No File Winsock: Catalog9 25 chtbrkg.dll No File Winsock: Catalog9-x64 01 chtbrkg.dll No File Winsock: Catalog9-x64 02 chtbrkg.dll No File Winsock: Catalog9-x64 03 chtbrkg.dll No File Winsock: Catalog9-x64 04 chtbrkg.dll No File Winsock: Catalog9-x64 05 chtbrkg.dll No File Winsock: Catalog9-x64 06 chtbrkg.dll No File Winsock: Catalog9-x64 07 chtbrkg.dll No File Winsock: Catalog9-x64 08 chtbrkg.dll No File Winsock: Catalog9-x64 09 chtbrkg.dll No File Winsock: Catalog9-x64 10 chtbrkg.dll No File Winsock: Catalog9-x64 11 chtbrkg.dll No File Winsock: Catalog9-x64 12 chtbrkg.dll No File Winsock: Catalog9-x64 25 chtbrkg.dll No File R2 Archer; C:\Program Files (x86)\WinArcher\Archer.dll [778752 2016-12-19] (Fun Dw) [File not signed] R2 Arqtyvufeward; C:\Program Files (x86)\Arervut\GhlCenter.dll [274944 2016-12-16] () [File not signed] R2 Convxxxx; C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\hadha\UvConverter.exe [451072 2016-12-19] (TODO: ) [File not signed] R2 ed2kidle; C:\Program Files (x86)\amuleC1\ed2k.exe [237568 2016-12-19] (hxxp://www.amule.org/) [File not signed] [Pays HU - 80.249.163.1] R2 GmSvc; C:\Program Files (x86)\LDSGameCenter\GmSvc.dll [463272 2016-11-04] () R2 GoogleChromeUpService; C:\ProgramData\service.exe [1620992 2016-12-14] () [File not signed] <==== ATTENTION R2 HpSvc; c:\program files (x86)\ludashi\lpi\HpSvc.dll [252328 2016-11-18] () <==== ATTENTION R2 KuaizipUpdateChecker; C:\Program Files\¿ìÑ¹\X86\kuaizipUpdateChecker.dll [219032 2016-12-14] () R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [131024 2016-12-02] (Elex do Brasil Participações Ltda) R3 iThemes5; C:\Program Files (x86)\Common Files\Services\iThemes.dll [557056 2016-12-21] () [File not signed] <==== ATTENTION R2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe [3109888 2016-12-16] (Search Module Ltd.) [File not signed] R2 WinSAPSvc; C:\ProgramData\WinSAPSvc\WinSAP.dll [258048 2016-12-21] () [File not signed] R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] (Elex do Brasil Participações Ltda) S3 iSafeKrnlBoot; C:\WINDOWS\System32\DRIVERS\iSafeKrnlBoot.sys [55056 2016-05-23] (Elex do Brasil Participações Ltda) S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] (Elex do Brasil Participações Ltda) R1 iSafeKrnlMon; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlMon.sys [52440 2016-05-23] (Elex do Brasil Participações Ltda) R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] (Elex do Brasil Participações Ltda) R1 iSafeNetFilter; C:\WINDOWS\System32\DRIVERS\iSafeNetFilter.sys [52392 2016-05-19] (Elex do Brasil Participações Ltda) R2 KuaiZipDrive; C:\WINDOWS\system32\drivers\KuaiZipDrive.sys [92832 2016-12-14] (WinMount International Inc) R3 SMUpdd; C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [52992 2016-12-16] () S3 ucdrv; C:\WINDOWS\System32\drivers:ucdrv-x64.sys [80850 ] (UC Web Inc.) <==== ATTENTION NETSVCx32: HpSvc -> C:\program files (x86)\ludashi\lpi\HpSvc.dll () NETSVCx32: GmSvc -> C:\Program Files (x86)\LDSGameCenter\GmSvc.dll () 2016-12-21 09:41 - 2016-12-21 09:41 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC 2016-12-21 09:41 - 2016-12-21 09:41 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\aMule 2016-12-21 09:41 - 2016-12-21 09:41 - 00000000 ____D C:\Program Files (x86)\amuleC1 2016-12-20 19:08 - 2016-12-20 19:08 - 00000000 ____D C:\ProgramData\UniqueId 2016-12-20 19:02 - 2016-12-20 19:08 - 01140184 _____ C:\Users\ASSY ABBE JACKLYN\Downloads\MindManager2017_setup.exe 2016-12-19 19:34 - 2016-12-21 13:12 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\lockhomepage 2016-12-19 19:02 - 2016-12-19 19:02 - 00003312 _____ C:\WINDOWS\System32\Tasks\smadav 2016-12-19 17:46 - 2016-12-19 17:47 - 00000000 ____D C:\Program Files (x86)\UvConverter 2016-12-19 17:46 - 2016-12-19 17:46 - 00000376 _____ C:\WINDOWS\SysWOW64\data.bin 2016-12-19 17:46 - 2016-12-19 17:46 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\hadha 2016-12-17 21:15 - 2016-12-21 13:09 - 00000000 ____D C:\ProgramData\WinSAPSvc 2016-12-17 21:15 - 2016-12-19 17:46 - 00000000 ____D C:\Program Files (x86)\WinArcher 2016-12-17 21:13 - 2016-12-21 13:10 - 00034328 _____ (Sysinternals - www.sysinternals.com) C:\WINDOWS\system32\Drivers\PROCEXP152.SYS 2016-12-17 21:12 - 2016-12-21 13:10 - 00000000 ____D C:\Program Files (x86)\a4wda5p4 2016-12-17 00:20 - 2016-12-17 00:20 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming avplugin 2016-12-17 00:20 - 2016-12-17 00:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360???? 2016-12-16 21:40 - 2016-12-16 21:40 - 00440320 _____ C:\ProgramData\smp2.exe 2016-12-16 21:40 - 2016-12-16 21:40 - 00187904 _____ C:\WINDOWS srcs.dll 2016-12-16 21:40 - 2016-12-16 21:40 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\VDI 2016-12-16 21:40 - 2016-12-16 21:40 - 00000000 ____D C:\ProgramData\SearchModule 2016-12-16 21:40 - 2016-12-16 21:40 - 00000000 ____D C:\Program Files\Common Files\Noobzo 2016-12-16 21:38 - 2016-12-18 10:12 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\Downloads\JQuery plugin 2016-12-16 21:38 - 2016-12-16 21:38 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Nerqoy 2016-12-16 21:37 - 2016-12-16 21:39 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Local\Stisition 2016-12-16 21:36 - 2016-12-21 13:10 - 00000000 ____D C:\Program Files (x86)\Arervut 2016-12-14 20:45 - 2016-12-14 20:45 - 00000000 __SHD C:\ProgramData\WindowsMsg 2016-12-14 20:45 - 2016-12-14 20:45 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Local\Chromium 2016-12-14 20:41 - 2016-12-14 20:41 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\LDSGameAssistant 2016-12-14 20:41 - 2016-12-14 20:41 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\360wp 2016-12-14 20:39 - 2016-12-21 13:12 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Ludashi 2016-12-14 20:39 - 2016-12-16 21:39 - 00000000 ____D C:\Program Files (x86)\LDSGameCenter 2016-12-14 20:39 - 2016-12-14 20:39 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\LDSGameCenter 2016-12-14 20:38 - 2016-12-16 21:39 - 00000000 ____D C:\Program Files (x86)\LuDaShi 2016-12-14 20:38 - 2016-12-14 20:38 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Local\UCBrowser 2016-12-14 20:36 - 2016-12-14 20:38 - 00000000 ____D C:\ProgramData\ProductData 2016-12-14 20:36 - 2016-12-14 20:36 - 00027552 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS 2016-12-14 20:36 - 2016-12-14 20:36 - 00000000 ____D C:\WINDOWS\IObit 2016-12-14 20:36 - 2016-12-14 20:36 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\LocalLow\IObit 2016-12-14 20:35 - 2016-12-21 12:21 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\KuaiZip 2016-12-14 20:35 - 2016-12-14 20:35 - 00092832 _____ (WinMount International Inc) C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys 2016-12-14 20:35 - 2016-12-14 20:35 - 00000000 __SHD C:\Users\ASSY ABBE JACKLYN\AppData\Local\svchost 2016-12-14 20:35 - 2016-12-14 20:35 - 00000000 ____D C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Softlink 2016-12-14 20:35 - 2016-12-14 20:35 - 00000000 ____D C:\Program Files\¿ìÑ¹ 2016-12-14 20:35 - 2016-11-09 15:55 - 00778752 _____ C:\WINDOWS\system32\chtbrkg.dll 2016-12-14 20:35 - 2016-11-09 15:55 - 00590848 _____ C:\WINDOWS\SysWOW64\chtbrkg.dll 2016-12-14 20:34 - 2016-12-14 20:34 - 01620992 _____ C:\ProgramData\service.exe 2016-12-14 20:34 - 2016-12-14 20:34 - 00000000 ____D C:\Users\Public\Thunder Network 2016-12-14 20:34 - 2016-12-14 20:34 - 00000000 ____D C:\ProgramData\Thunder Network Task: {1751C4A8-C151-4719-8D28-72F89F4F735B} - System32\Tasks\smadav => C:\Program Files (x86)\Smadav\SM?RTP.exe [2014-01-21] (Smadsoft) Task: {E134E89F-3C09-4652-B947-AF383DEFEC34} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Nosekiss\Application\chrome.exe (Google Inc.) Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Nosekiss\Application\chrome.exe (Google Inc.) ShortcutWithArgument: C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.amisites.com/?type=sc&ts=1482169619&z=038e6477a63e6f3c81eefc4g3z8b1oegaq7t7mdb0w&from=archer1028&uid=TOSHIBAXMQ02ABF050H_85CAW040TXX85CAW040T ShortcutWithArgument: C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MoneyBot.exe.lnk -> C:\Program Files (x86)\IconRunner\MoneyBot.exe () -> hxxp://54.148.148.252/icon/tds.php ShortcutWithArgument: C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=GCGzamobl20564AU,350fca86-f1ad-44dd-8f09-fc74b8c5bf51," ShortcutWithArgument: C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk -> C:\program files\internet explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.amisites.com/?type=sc&ts=1482169619&z=038e6477a63e6f3c81eefc4g3z8b1oegaq7t7mdb0w&from=archer1028&uid=TOSHIBAXMQ02ABF050H_85CAW040TXX85CAW040T ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.booking.com/index.html?aid=398438&label=square ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software) -> hxxp://www.amisites.com/?type=sc&ts=1482169619&z=038e6477a63e6f3c81eefc4g3z8b1oegaq7t7mdb0w&from=archer1028&uid=TOSHIBAXMQ02ABF050H_85CAW040TXX85CAW040T HKU\S-1-5-21-3431295754-1596330027-1925041854-1001\...\ChromeHTML: -> C:\Program Files (x86)\Nosekiss\Application\chrome.exe (Google Inc.) <==== ATTENTION cmd: netsh winsock reset Hosts: EmptyTemp: RemoveProxy: Restore point was successfully created. Processes closed successfully. Restore point was successfully created. "HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\MRT.exe" => key removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\{4556D09E-AC1B-11E6-BBC9-64006A5CFC23} => value removed successfully "HKCR\CLSID\{4556D09E-AC1B-11E6-BBC9-64006A5CFC23}" => key removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\KzShlobj" => key removed successfully "HKCR\CLSID\{AAA0C5B8-933F-4200-93AD-B143D7FFF9F2}" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000025" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000001" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000002" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000003" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000004" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000005" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000006" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000007" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000008" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000009" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000010" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000011" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000012" => key removed successfully "HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries64\000000000025" => key removed successfully Archer => service removed successfully Arqtyvufeward => service removed successfully Convxxxx => Unable to stop service. Convxxxx => service removed successfully ed2kidle => service removed successfully GmSvc => service removed successfully GoogleChromeUpService => service removed successfully HpSvc => service removed successfully KuaizipUpdateChecker => service removed successfully iSafeService => service not found. iThemes5 => service removed successfully SMUpd => service not found. WinSAPSvc => service removed successfully iSafeKrnl => service not found. iSafeKrnlBoot => service not found. iSafeKrnlKit => service not found. iSafeKrnlMon => service not found. iSafeKrnlR3 => service not found. iSafeNetFilter => service not found. KuaiZipDrive => Unable to stop service. KuaiZipDrive => service removed successfully SMUpdd => service not found. ucdrv => service removed successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs HpSvc => removed successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvcs GmSvc => removed successfully C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\amuleC => moved successfully C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\aMule => moved successfully C:\Program Files (x86)\amuleC1 => moved successfully C:\ProgramData\UniqueId => moved successfully C:\Users\ASSY ABBE JACKLYN\Downloads\MindManager2017_setup.exe => moved successfully C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\lockhomepage => moved successfully "C:\WINDOWS\System32\Tasks\smadav" => not found. C:\Program Files (x86)\UvConverter => moved successfully C:\WINDOWS\SysWOW64\data.bin => moved successfully C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\hadha => moved successfully C:\ProgramData\WinSAPSvc => moved successfully C:\Program Files (x86)\WinArcher => moved successfully C:\WINDOWS\system32\Drivers\PROCEXP152.SYS => moved successfully C:\Program Files (x86)\a4wda5p4 => moved successfully C:\Users\ASSY ABBE JACKLYN\AppData\Roaming avplugin => moved successfully "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360????" => not found. C:\ProgramData\smp2.exe => moved successfully C:\WINDOWS srcs.dll => moved successfully C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\VDI => moved successfully C:\ProgramData\SearchModule => moved successfully C:\Program Files\Common Files\Noobzo => moved successfully C:\Users\ASSY ABBE JACKLYN\Downloads\JQuery plugin => moved successfully C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Nerqoy => moved successfully C:\Users\ASSY ABBE JACKLYN\AppData\Local\Stisition => moved successfully C:\Program Files (x86)\Arervut => moved successfully C:\ProgramData\WindowsMsg => moved successfully C:\Users\ASSY ABBE JACKLYN\AppData\Local\Chromium => moved successfully C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\LDSGameAssistant => moved successfully C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\360wp => moved successfully C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Ludashi => moved successfully C:\Program Files (x86)\LDSGameCenter => moved successfully C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\LDSGameCenter => moved successfully C:\Program Files (x86)\LuDaShi => moved successfully C:\Users\ASSY ABBE JACKLYN\AppData\Local\UCBrowser => moved successfully C:\ProgramData\ProductData => moved successfully C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS => moved successfully C:\WINDOWS\IObit => moved successfully C:\Users\ASSY ABBE JACKLYN\AppData\LocalLow\IObit => moved successfully C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\KuaiZip => moved successfully C:\WINDOWS\system32\Drivers\KuaiZipDrive.sys => moved successfully C:\Users\ASSY ABBE JACKLYN\AppData\Local\svchost => moved successfully C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Softlink => moved successfully C:\Program Files\¿ìÑ¹ => moved successfully C:\WINDOWS\system32\chtbrkg.dll => moved successfully C:\WINDOWS\SysWOW64\chtbrkg.dll => moved successfully C:\ProgramData\service.exe => moved successfully C:\Users\Public\Thunder Network => moved successfully C:\ProgramData\Thunder Network => moved successfully HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1751C4A8-C151-4719-8D28-72F89F4F735B} => key not found. C:\WINDOWS\System32\Tasks\smadav => not found. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\smadav => key not found. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E134E89F-3C09-4652-B947-AF383DEFEC34}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E134E89F-3C09-4652-B947-AF383DEFEC34}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => moved successfully C:\Users\Public\Desktop\Google Chrome.lnk => moved successfully C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Shortcut argument removed successfully. C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MoneyBot.exe.lnk => Shortcut argument removed successfully. C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk => Shortcut argument removed successfully. C:\Users\ASSY ABBE JACKLYN\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk => Shortcut argument removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Booking.com.lnk => Shortcut argument removed successfully. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk => Shortcut argument removed successfully. "HKU\S-1-5-21-3431295754-1596330027-1925041854-1001_Classes\ChromeHTML" => key removed successfully ========= netsh winsock reset ========= Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 10107 Sucessfully reset the Winsock Catalog. You must restart the computer in order to complete the reset. ========= End of CMD: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings => value removed successfully HKU\S-1-5-21-3431295754-1596330027-1925041854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-3431295754-1596330027-1925041854-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= =========== EmptyTemp: ========== BITS transfer queue => 357348 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 386716802 B Java, Flash, Steam htmlcache => 1413 B Windows/system/drivers => 302376633 B Edge => 317723943 B Chrome => 491520 B Firefox => 58870616 B Opera => 37441382 B Temp, IE cache, history, cookies, recent: Default => 7680 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 0 B systemprofile32 => 0 B LocalService => 83832 B NetworkService => 0 B ASSY ABBE JACKLYN => 885967357 B Ordinary person => 655280 B RecycleBin => 5991161826 B EmptyTemp: => 7.4 GB temporary data Removed. ================================ The system needed a reboot. End of Fixlog 16:58:33

Boanerges7 · Answer

J'ai téléchargé Malwarebytes. Il ne me reste plus que l'analyse de mon pc.

Boanerges7 · Answer

J'ai terminé le scan. J'espère avoir copié le bon compte rendu d'analyse. Voici le lien:
https://pjjoint.malekal.com/files.php?id=20161222_r9g56h5q14

Malekal_morte- · Answer

ouaip tout vide :)
plus de soucis ?

Boanerges7 · Answer

Oui, tout se passe mieux.
Merci beaucoup. Tu m'as vraiment aidé.
Tout se passe bien à present.

Malekal_morte- · Answer

Super & bonnes fêtes :)
Quelques conseils : 
Pour ne plus te faire avoir. 
A lire - Programmes parasites / PUPs : Dossier Adwares/PUPs : programmes indésirables et parasites
(Surtout active les détections LPIs pour détecter les programmes parasites et publicitaires)

lilivet35 · Answer

VOICI NOTRE RAPPORT FRST.TXT
https://pjjoint.malekal.com/files.php?id=FRST_20161227_x8n13p5t7c8
le fichier addition.txt
https://pjjoint.malekal.com/files.php?id=20161227_n7n14w5y14d14

Virus chinois

8 réponses

End of Fixlog 16:58:33

Discussions similaires