A voir également:
- 8840 fichiers infectés...
- Wetransfer gratuit fichiers lourd - Guide
- Renommer plusieurs fichiers en même temps - Guide
- Explorateur de fichiers - Guide
- Fichiers bin - Guide
- Fichiers epub - Guide
4 réponses
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 660
13 mai 2017 à 18:19
13 mai 2017 à 18:19
Salut,
Donne le rapport Malwarebytes via pjjoint.
Laisse tomber ZHPDiag,
Suis le tutoriel FRST. ( prends le temps de lire attentivement - tout y est bien expliqué ).
Télécharge et lance le scan FRST, 3 rapports FRST seront générés :
Envoie ces 3 rapports sur le site http://pjjoint.malekal.com/ et en retour donne les 3 liens pjjoint qui mènent aux rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.
Donne le rapport Malwarebytes via pjjoint.
Laisse tomber ZHPDiag,
Suis le tutoriel FRST. ( prends le temps de lire attentivement - tout y est bien expliqué ).
Télécharge et lance le scan FRST, 3 rapports FRST seront générés :
- FRST.txt
- Shortcut.txt
- Additionnal.txt
Envoie ces 3 rapports sur le site http://pjjoint.malekal.com/ et en retour donne les 3 liens pjjoint qui mènent aux rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.
Salut!
Merci pour ce retour rapide ;)
Comme demandé je t'envoie les liens demandés suivant :
Rapport Malwarebytes:
http://pjjoint.malekal.com/files.php?id=20170514_g6x9o12q7l12
Et les 3 rapports FRST:
http://pjjoint.malekal.com/files.php?id=20170514_w6i11f14w7t7
http://pjjoint.malekal.com/files.php?id=FRST_20170514_y10v12o11r5q15
http://pjjoint.malekal.com/files.php?id=20170514_l10e14f13g7x5
Voilà,
Merci!
Merci pour ce retour rapide ;)
Comme demandé je t'envoie les liens demandés suivant :
Rapport Malwarebytes:
http://pjjoint.malekal.com/files.php?id=20170514_g6x9o12q7l12
Et les 3 rapports FRST:
http://pjjoint.malekal.com/files.php?id=20170514_w6i11f14w7t7
http://pjjoint.malekal.com/files.php?id=FRST_20170514_y10v12o11r5q15
http://pjjoint.malekal.com/files.php?id=20170514_l10e14f13g7x5
Voilà,
Merci!
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 660
Modifié le 14 mai 2017 à 18:38
Modifié le 14 mai 2017 à 18:38
Désinstalle :
Spybot - Search & Destroy
YAC(Yet Another Cleaner!)
Pas utiles.
Voici la correction à effectuer avec FRST. Tu peux t'aider de cette note explicative avec des captures d'écran.
Ouvre le bloc-notes : Touche Windows + R,
Dans le champs "Exécuter", saisir notepad et OK.
Copie/Colle dedans ce qui suit :
Une fois, le texte collé dans le Bloc-notes,
Menu "Fichier" puis "Enregistrer sous",
A gauche, place toi sur le Bureau,
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clique sur "Enregistrer", cela va créer fixlist.txt sur le Bureau.
Relance FRST et clique sur le bouton "Corriger / Fix"
Un redémarrage sera peut-être nécessaire ( pas obligatoire )
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.
Redémarre l'ordinateur.
2°)
Réinitialise/Répare les navigateurs WEB concernés par les problèmes :
3°)
Termine par un nettoyage Malwarebytes - Tutoriel Malwarebytes Anti-Malware version gratuite
4°)
Vois ce que cela donne et si des améliorations ont eu lieu.
Si ce n'est pas le cas, si tu as encore des pages de pubs intempestives, précise sur quel navigateur WEB.
Veuillez appuyer sur une touche pour continuer la désinfection...
Spybot - Search & Destroy
YAC(Yet Another Cleaner!)
Pas utiles.
Voici la correction à effectuer avec FRST. Tu peux t'aider de cette note explicative avec des captures d'écran.
Ouvre le bloc-notes : Touche Windows + R,
Dans le champs "Exécuter", saisir notepad et OK.
Copie/Colle dedans ce qui suit :
CreateRestorePoint:
CloseProcesses:
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Eggper\Application\chrome.exe (Google Inc.)
C:\Program Files (x86)\Eggper
ShortcutWithArgument: C:\Users\PoLO)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1492431347&z=37ce6203414bd2d44f1b551gaz1t5o9z1cfg9cew1e&from=che0812&uid=ST9750420AS_5WS1RE5TXXXX5WS1RE5T
ShortcutWithArgument: C:\Users\PoLO)\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files (x86)\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1492431347&z=37ce6203414bd2d44f1b551gaz1t5o9z1cfg9cew1e&from=che0812&uid=ST9750420AS_5WS1RE5TXXXX5WS1RE5T
R2 AdBlockerService; C:\Program Files (x86)\AdBlocker\AdBlockerService.exe [94720 2016-12-26] (StarkIndastri) [File not signed]
S2 BIT; C:\ProgramData\BIT\BIT.dll [1857536 2017-05-12] () [File not signed]
C:\ProgramData\BIT\
S2 SNARE; C:\Users\PoLO)\AppData\Local\SNARE\Snare.dll [826368 2017-05-02] () [File not signed] <==== ATTENTION S2 WinAppSvr; C:\ProgramData\Microsoft\AppV\sym\dbg.dll [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X] <==== ATTENTION
S1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X] <==== ATTENTION
S1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] () [File not signed] <==== ATTENTION
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] () [File not signed] <==== ATTENTION
S1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] () [File not signed] <==== ATTENTION
2017-05-13 12:57 - 2017-05-14 16:20 - 00000000 ____D C:\Users\PoLO)\AppData\LocalLow\Mozilla
2017-05-12 21:23 - 2017-05-12 21:23 - 00000000 ____D C:\Program Files (x86)\{71E65082-7A0E-45B2-86DC-B9F77A202AE5}
2017-05-12 17:22 - 2017-05-12 17:22 - 00000000 ____D C:\Program Files (x86)\{73E10FCE-5F6D-4FF9-A860-4F5ECEAD27DB}
2017-05-12 13:52 - 2017-05-12 13:52 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-05-12 13:52 - 2017-05-12 13:52 - 00000000 ____D C:\Program Files (x86)\Eggper
2017-05-12 13:50 - 2017-05-12 13:54 - 00000000 _____ C:\Windows\SysWOW64\1111
2017-05-04 12:17 - 2017-05-04 12:17 - 00000000 ____D C:\Windows\SysWOW64\{91B817C7-5BF3-424B-B799-5318D9B9B222}
2017-04-28 09:16 - 2017-04-28 09:16 - 00000000 ____D C:\Windows\SysWOW64\{4850E209-1239-4F60-8856-1D9960995A5F}
2017-04-24 09:06 - 2017-04-28 09:38 - 00000000 ____D C:\Windows\psgo
2017-04-20 18:28 - 2017-02-15 13:03 - 00001013 _____ C:\Windows\system32\Drivers\etc\hosts.20170420-182820.backup
2017-04-20 13:01 - 2017-04-20 13:01 - 00000000 ____D C:\Windows\SysWOW64\{081A2325-664B-41FB-BD00-3B079F0150B3}
2017-04-20 12:04 - 2017-04-20 12:04 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-04-20 12:03 - 2017-04-20 18:30 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-04-20 12:03 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-04-17 14:15 - 2017-04-17 14:15 - 00000000 ____D C:\Windows\Update
2017-04-15 14:13 - 2017-04-15 14:13 - 00245640 _____ C:\Users\PoLO)\Downloads\Firefox Setup Stub 52.0.2.exe
2017-04-14 15:45 - 2017-04-14 15:45 - 00000000 ____D C:\Windows\SysWOW64\{6DF495F4-BAD2-45AB-B6BB-5B74C68BEE81}
2017-04-14 15:41 - 2017-04-14 15:41 - 00000000 ____D C:\Windows\SysWOW64\{760EED0D-A86A-467F-848C-75309E5FBB60}
2017-05-13 17:01 - 2017-01-19 15:45 - 00000000 ____D C:\Program Files (x86)\Caboward Reports
2017-05-13 17:01 - 2012-09-15 19:58 - 00000000 ____D C:\Program Files\Autodesk
2017-05-13 14:00 - 2017-01-19 15:44 - 00000000 ____D C:\Program Files (x86)\Chigijenert
2013-04-30 21:46 - 2013-04-30 21:46 - 0000000 _____ () C:\ProgramData\38263f3b42223a_c
Task: {74C00367-4579-4532-BFFC-D298FD374B71} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
EmptyTemp:
RemoveProxy:
Reboot:
Une fois, le texte collé dans le Bloc-notes,
Menu "Fichier" puis "Enregistrer sous",
A gauche, place toi sur le Bureau,
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clique sur "Enregistrer", cela va créer fixlist.txt sur le Bureau.
Relance FRST et clique sur le bouton "Corriger / Fix"
Un redémarrage sera peut-être nécessaire ( pas obligatoire )
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.
Redémarre l'ordinateur.
2°)
Réinitialise/Répare les navigateurs WEB concernés par les problèmes :
- Réparer Mozilla Firefox (premier paragraphe)
- Réparer Google Chrome (seulement le premier paragraphe).
- Réinitialiser et réparer Internet Explorer
3°)
Termine par un nettoyage Malwarebytes - Tutoriel Malwarebytes Anti-Malware version gratuite
4°)
Vois ce que cela donne et si des améliorations ont eu lieu.
Si ce n'est pas le cas, si tu as encore des pages de pubs intempestives, précise sur quel navigateur WEB.
Veuillez appuyer sur une touche pour continuer la désinfection...
Salut,
ça a bien marché: voici le fichier texte reçu:
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by PoLO) (15-05-2017 09:29:13) Run:1
Running from D:\Desktop
Loaded Profiles: PoLO) (Available Profiles: PoLO))
Boot Mode: Normal
==============================================
fixlist content:
CreateRestorePoint:
CloseProcesses:
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Eggper\Application\chrome.exe (Google Inc.)
C:\Program Files (x86)\Eggper
ShortcutWithArgument: C:\Users\PoLO)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1492431347&z=37ce6203414bd2d44f1b551gaz1t5o9z1cfg9cew1e&from=che0812&uid=ST9750420AS_5WS1RE5TXXXX5WS1RE5T
ShortcutWithArgument: C:\Users\PoLO)\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files (x86)\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1492431347&z=37ce6203414bd2d44f1b551gaz1t5o9z1cfg9cew1e&from=che0812&uid=ST9750420AS_5WS1RE5TXXXX5WS1RE5T
R2 AdBlockerService; C:\Program Files (x86)\AdBlocker\AdBlockerService.exe [94720 2016-12-26] (StarkIndastri) [File not signed]
S2 BIT; C:\ProgramData\BIT\BIT.dll [1857536 2017-05-12] () [File not signed]
S2 SNARE; C:\Users\PoLO)\AppData\Local\SNARE\Snare.dll [826368 2017-05-02] () [File not signed] <==== ATTENTION S2 WinAppSvr; C:\ProgramData\Microsoft\AppV\sym\dbg.dll [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X] <==== ATTENTION
S1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X] <==== ATTENTION
S1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] () [File not signed] <==== ATTENTION
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] () [File not signed] <==== ATTENTION
S1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] () [File not signed] <==== ATTENTION
2017-05-13 12:57 - 2017-05-14 16:20 - 00000000 ____D C:\Users\PoLO)\AppData\LocalLow\Mozilla
2017-05-12 21:23 - 2017-05-12 21:23 - 00000000 ____D C:\Program Files (x86)\{71E65082-7A0E-45B2-86DC-B9F77A202AE5}
2017-05-12 17:22 - 2017-05-12 17:22 - 00000000 ____D C:\Program Files (x86)\{73E10FCE-5F6D-4FF9-A860-4F5ECEAD27DB}
2017-05-12 13:52 - 2017-05-12 13:52 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-05-12 13:52 - 2017-05-12 13:52 - 00000000 ____D C:\Program Files (x86)\Eggper
2017-05-12 13:50 - 2017-05-12 13:54 - 00000000 _____ C:\Windows\SysWOW64\1111
2017-05-04 12:17 - 2017-05-04 12:17 - 00000000 ____D C:\Windows\SysWOW64\{91B817C7-5BF3-424B-B799-5318D9B9B222}
2017-04-28 09:16 - 2017-04-28 09:16 - 00000000 ____D C:\Windows\SysWOW64\{4850E209-1239-4F60-8856-1D9960995A5F}
2017-04-24 09:06 - 2017-04-28 09:38 - 00000000 ____D C:\Windows\psgo
2017-04-20 18:28 - 2017-02-15 13:03 - 00001013 _____ C:\Windows\system32\Drivers\etc\hosts.20170420-182820.backup
2017-04-20 13:01 - 2017-04-20 13:01 - 00000000 ____D C:\Windows\SysWOW64\{081A2325-664B-41FB-BD00-3B079F0150B3}
2017-04-20 12:04 - 2017-04-20 12:04 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-04-20 12:03 - 2017-04-20 18:30 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-04-20 12:03 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-04-17 14:15 - 2017-04-17 14:15 - 00000000 ____D C:\Windows\Update
2017-04-15 14:13 - 2017-04-15 14:13 - 00245640 _____ C:\Users\PoLO)\Downloads\Firefox Setup Stub 52.0.2.exe
2017-04-14 15:45 - 2017-04-14 15:45 - 00000000 ____D C:\Windows\SysWOW64\{6DF495F4-BAD2-45AB-B6BB-5B74C68BEE81}
2017-04-14 15:41 - 2017-04-14 15:41 - 00000000 ____D C:\Windows\SysWOW64\{760EED0D-A86A-467F-848C-75309E5FBB60}
2017-05-13 17:01 - 2017-01-19 15:45 - 00000000 ____D C:\Program Files (x86)\Caboward Reports
2017-05-13 17:01 - 2012-09-15 19:58 - 00000000 ____D C:\Program Files\Autodesk
2017-05-13 14:00 - 2017-01-19 15:44 - 00000000 ____D C:\Program Files (x86)\Chigijenert
2013-04-30 21:46 - 2013-04-30 21:46 - 0000000 _____ () C:\ProgramData\38263f3b42223a_c
Task: {74C00367-4579-4532-BFFC-D298FD374B71} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
EmptyTemp:
RemoveProxy:
Reboot:
Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => moved successfully
C:\Program Files (x86)\Eggper => moved successfully
C:\Users\PoLO)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\PoLO)\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk => Shortcut argument removed successfully.
HKLM\System\CurrentControlSet\Services\AdBlockerService => key removed successfully
AdBlockerService => service removed successfully
HKLM\System\CurrentControlSet\Services\BIT => key removed successfully
BIT => service removed successfully
HKLM\System\CurrentControlSet\Services\SNARE => key removed successfully
SNARE => service removed successfully
HKLM\System\CurrentControlSet\Services\iSafeKrnlBoot => key removed successfully
iSafeKrnlBoot => service removed successfully
HKLM\System\CurrentControlSet\Services\iSafeNetFilter => key removed successfully
iSafeNetFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\iSafeKrnl => key removed successfully
iSafeKrnl => service removed successfully
HKLM\System\CurrentControlSet\Services\iSafeKrnlKit => key removed successfully
iSafeKrnlKit => service removed successfully
HKLM\System\CurrentControlSet\Services\iSafeKrnlR3 => key removed successfully
iSafeKrnlR3 => service removed successfully
C:\Users\PoLO)\AppData\LocalLow\Mozilla => moved successfully
C:\Program Files (x86)\{71E65082-7A0E-45B2-86DC-B9F77A202AE5} => moved successfully
C:\Program Files (x86)\{73E10FCE-5F6D-4FF9-A860-4F5ECEAD27DB} => moved successfully
C:\Program Files (x86)\Firefox => moved successfully
"C:\Program Files (x86)\Eggper" => not found.
C:\Windows\SysWOW64\1111 => moved successfully
C:\Windows\SysWOW64\{91B817C7-5BF3-424B-B799-5318D9B9B222} => moved successfully
C:\Windows\SysWOW64\{4850E209-1239-4F60-8856-1D9960995A5F} => moved successfully
C:\Windows\psgo => moved successfully
C:\Windows\system32\Drivers\etc\hosts.20170420-182820.backup => moved successfully
C:\Windows\SysWOW64\{081A2325-664B-41FB-BD00-3B079F0150B3} => moved successfully
C:\Windows\System32\Tasks\Safer-Networking => moved successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
C:\Windows\system32\sdnclean64.exe => moved successfully
C:\Windows\Update => moved successfully
C:\Users\PoLO)\Downloads\Firefox Setup Stub 52.0.2.exe => moved successfully
C:\Windows\SysWOW64\{6DF495F4-BAD2-45AB-B6BB-5B74C68BEE81} => moved successfully
C:\Windows\SysWOW64\{760EED0D-A86A-467F-848C-75309E5FBB60} => moved successfully
C:\Program Files (x86)\Caboward Reports => moved successfully
C:\Program Files\Autodesk => moved successfully
C:\Program Files (x86)\Chigijenert => moved successfully
C:\ProgramData\38263f3b42223a_c => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74C00367-4579-4532-BFFC-D298FD374B71} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74C00367-4579-4532-BFFC-D298FD374B71} => key removed successfully
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => key removed successfully
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-359175783-2260346421-1758541501-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-359175783-2260346421-1758541501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-359175783-2260346421-1758541501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32778798 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 43743742 B
Edge => 0 B
Chrome => 0 B
Firefox => 385213549 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 8024 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42372242 B
systemprofile32 => 307294272 B
LocalService => 66228 B
NetworkService => 66228 B
PoLO) => 149841139 B
RecycleBin => 0 B
EmptyTemp: => 924.8 MB temporary data Removed.
================================
The system needed a reboot.
Merci beaucoup!
ça a bien marché: voici le fichier texte reçu:
Fix result of Farbar Recovery Scan Tool (x64) Version: 14-05-2017
Ran by PoLO) (15-05-2017 09:29:13) Run:1
Running from D:\Desktop
Loaded Profiles: PoLO) (Available Profiles: PoLO))
Boot Mode: Normal
==============================================
fixlist content:
CreateRestorePoint:
CloseProcesses:
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Eggper\Application\chrome.exe (Google Inc.)
C:\Program Files (x86)\Eggper
ShortcutWithArgument: C:\Users\PoLO)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files (x86)\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1492431347&z=37ce6203414bd2d44f1b551gaz1t5o9z1cfg9cew1e&from=che0812&uid=ST9750420AS_5WS1RE5TXXXX5WS1RE5T
ShortcutWithArgument: C:\Users\PoLO)\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files (x86)\Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1492431347&z=37ce6203414bd2d44f1b551gaz1t5o9z1cfg9cew1e&from=che0812&uid=ST9750420AS_5WS1RE5TXXXX5WS1RE5T
R2 AdBlockerService; C:\Program Files (x86)\AdBlocker\AdBlockerService.exe [94720 2016-12-26] (StarkIndastri) [File not signed]
S2 BIT; C:\ProgramData\BIT\BIT.dll [1857536 2017-05-12] () [File not signed]
S2 SNARE; C:\Users\PoLO)\AppData\Local\SNARE\Snare.dll [826368 2017-05-02] () [File not signed] <==== ATTENTION S2 WinAppSvr; C:\ProgramData\Microsoft\AppV\sym\dbg.dll [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X] <==== ATTENTION
S1 iSafeNetFilter; system32\DRIVERS\iSafeNetFilter.sys [X] <==== ATTENTION
S1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [262344 2016-05-23] () [File not signed] <==== ATTENTION
S1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [110112 2016-05-23] () [File not signed] <==== ATTENTION
S1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [103904 2016-05-23] () [File not signed] <==== ATTENTION
2017-05-13 12:57 - 2017-05-14 16:20 - 00000000 ____D C:\Users\PoLO)\AppData\LocalLow\Mozilla
2017-05-12 21:23 - 2017-05-12 21:23 - 00000000 ____D C:\Program Files (x86)\{71E65082-7A0E-45B2-86DC-B9F77A202AE5}
2017-05-12 17:22 - 2017-05-12 17:22 - 00000000 ____D C:\Program Files (x86)\{73E10FCE-5F6D-4FF9-A860-4F5ECEAD27DB}
2017-05-12 13:52 - 2017-05-12 13:52 - 00000000 ____D C:\Program Files (x86)\Firefox
2017-05-12 13:52 - 2017-05-12 13:52 - 00000000 ____D C:\Program Files (x86)\Eggper
2017-05-12 13:50 - 2017-05-12 13:54 - 00000000 _____ C:\Windows\SysWOW64\1111
2017-05-04 12:17 - 2017-05-04 12:17 - 00000000 ____D C:\Windows\SysWOW64\{91B817C7-5BF3-424B-B799-5318D9B9B222}
2017-04-28 09:16 - 2017-04-28 09:16 - 00000000 ____D C:\Windows\SysWOW64\{4850E209-1239-4F60-8856-1D9960995A5F}
2017-04-24 09:06 - 2017-04-28 09:38 - 00000000 ____D C:\Windows\psgo
2017-04-20 18:28 - 2017-02-15 13:03 - 00001013 _____ C:\Windows\system32\Drivers\etc\hosts.20170420-182820.backup
2017-04-20 13:01 - 2017-04-20 13:01 - 00000000 ____D C:\Windows\SysWOW64\{081A2325-664B-41FB-BD00-3B079F0150B3}
2017-04-20 12:04 - 2017-04-20 12:04 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-04-20 12:03 - 2017-04-20 18:30 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-04-20 12:03 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-04-17 14:15 - 2017-04-17 14:15 - 00000000 ____D C:\Windows\Update
2017-04-15 14:13 - 2017-04-15 14:13 - 00245640 _____ C:\Users\PoLO)\Downloads\Firefox Setup Stub 52.0.2.exe
2017-04-14 15:45 - 2017-04-14 15:45 - 00000000 ____D C:\Windows\SysWOW64\{6DF495F4-BAD2-45AB-B6BB-5B74C68BEE81}
2017-04-14 15:41 - 2017-04-14 15:41 - 00000000 ____D C:\Windows\SysWOW64\{760EED0D-A86A-467F-848C-75309E5FBB60}
2017-05-13 17:01 - 2017-01-19 15:45 - 00000000 ____D C:\Program Files (x86)\Caboward Reports
2017-05-13 17:01 - 2012-09-15 19:58 - 00000000 ____D C:\Program Files\Autodesk
2017-05-13 14:00 - 2017-01-19 15:44 - 00000000 ____D C:\Program Files (x86)\Chigijenert
2013-04-30 21:46 - 2013-04-30 21:46 - 0000000 _____ () C:\ProgramData\38263f3b42223a_c
Task: {74C00367-4579-4532-BFFC-D298FD374B71} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
EmptyTemp:
RemoveProxy:
Reboot:
Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => moved successfully
C:\Program Files (x86)\Eggper => moved successfully
C:\Users\PoLO)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\PoLO)\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk => Shortcut argument removed successfully.
HKLM\System\CurrentControlSet\Services\AdBlockerService => key removed successfully
AdBlockerService => service removed successfully
HKLM\System\CurrentControlSet\Services\BIT => key removed successfully
BIT => service removed successfully
HKLM\System\CurrentControlSet\Services\SNARE => key removed successfully
SNARE => service removed successfully
HKLM\System\CurrentControlSet\Services\iSafeKrnlBoot => key removed successfully
iSafeKrnlBoot => service removed successfully
HKLM\System\CurrentControlSet\Services\iSafeNetFilter => key removed successfully
iSafeNetFilter => service removed successfully
HKLM\System\CurrentControlSet\Services\iSafeKrnl => key removed successfully
iSafeKrnl => service removed successfully
HKLM\System\CurrentControlSet\Services\iSafeKrnlKit => key removed successfully
iSafeKrnlKit => service removed successfully
HKLM\System\CurrentControlSet\Services\iSafeKrnlR3 => key removed successfully
iSafeKrnlR3 => service removed successfully
C:\Users\PoLO)\AppData\LocalLow\Mozilla => moved successfully
C:\Program Files (x86)\{71E65082-7A0E-45B2-86DC-B9F77A202AE5} => moved successfully
C:\Program Files (x86)\{73E10FCE-5F6D-4FF9-A860-4F5ECEAD27DB} => moved successfully
C:\Program Files (x86)\Firefox => moved successfully
"C:\Program Files (x86)\Eggper" => not found.
C:\Windows\SysWOW64\1111 => moved successfully
C:\Windows\SysWOW64\{91B817C7-5BF3-424B-B799-5318D9B9B222} => moved successfully
C:\Windows\SysWOW64\{4850E209-1239-4F60-8856-1D9960995A5F} => moved successfully
C:\Windows\psgo => moved successfully
C:\Windows\system32\Drivers\etc\hosts.20170420-182820.backup => moved successfully
C:\Windows\SysWOW64\{081A2325-664B-41FB-BD00-3B079F0150B3} => moved successfully
C:\Windows\System32\Tasks\Safer-Networking => moved successfully
C:\Program Files (x86)\Spybot - Search & Destroy 2 => moved successfully
C:\Windows\system32\sdnclean64.exe => moved successfully
C:\Windows\Update => moved successfully
C:\Users\PoLO)\Downloads\Firefox Setup Stub 52.0.2.exe => moved successfully
C:\Windows\SysWOW64\{6DF495F4-BAD2-45AB-B6BB-5B74C68BEE81} => moved successfully
C:\Windows\SysWOW64\{760EED0D-A86A-467F-848C-75309E5FBB60} => moved successfully
C:\Program Files (x86)\Caboward Reports => moved successfully
C:\Program Files\Autodesk => moved successfully
C:\Program Files (x86)\Chigijenert => moved successfully
C:\ProgramData\38263f3b42223a_c => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74C00367-4579-4532-BFFC-D298FD374B71} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74C00367-4579-4532-BFFC-D298FD374B71} => key removed successfully
C:\Windows\System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => key removed successfully
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-359175783-2260346421-1758541501-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\S-1-5-21-359175783-2260346421-1758541501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-359175783-2260346421-1758541501-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
========= End of RemoveProxy: =========
=========== EmptyTemp: ==========
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 32778798 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 43743742 B
Edge => 0 B
Chrome => 0 B
Firefox => 385213549 B
Opera => 0 B
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 8024 B
Public => 0 B
ProgramData => 0 B
systemprofile => 42372242 B
systemprofile32 => 307294272 B
LocalService => 66228 B
NetworkService => 66228 B
PoLO) => 149841139 B
RecycleBin => 0 B
EmptyTemp: => 924.8 MB temporary data Removed.
================================
The system needed a reboot.
End of Fixlog 09:30:03
Je passe en phase 2...Merci beaucoup!