Un CMD qui s'ouvre tout seul Fermé

Question

Bonjour/Bonsoir

Voici mon problème :

Depuis quelques jours j'ai un cmd qui s'ouvre environ une fois par jour et il ne se ferme pas automatiquement, quand il apparaît je dois le fermer manuellement.

Ça me dérange vraiment beaucoup car en plus de me sortir de mon jeu pour revenir au bureau, par la suite il m’empêche d'ouvrir google chrome ??

C'est vraiment très étrange... Si vous pouvais m'aider se serrai vraiment super merci beaucoup !

MisteryBean · Answer

Bonjour

Télécharge la version FRST compatible avec ton système et enregistre le fichier sur ton bureau 

Pour un système en 32 bits -> https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Pour un système en 64 bits -> https://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/

Comment savoir quelle version 32 bits ou 64 bits est exécutée sur mon système ? : https://support.microsoft.com/en-us/windows/32-bit-and-64-bit-windows-frequently-asked-questions-c6ca9541-8dce-4d48-0415-94a3faa2e13d

Lances le par clic-droit -> Exécuter en tant qu'administrateur --> Attendre qu'il indique Prêt à fonctionner --> Cliques sur Analyser --> Postes les rapports FRST et Addition ici https://up.security-x.fr/ et donnes les liens obtenus.

Zygone · Answer

Voici, Voilà :

https://up.security-x.fr/file.php?h=R9b11d22ec83b83ece66c84c84af653b3
https://up.security-x.fr/file.php?h=Rd3d6a4c3ae004aa90e75a912e48bc034

MisteryBean · Answer

RE_

Désinstalles :

McAfee WebAdvisor 
Search Powered by Yahoo!

Si problème , passes à la suite 




Copie ce qui suit , et sans coller nulle part , cliques sur corriger dans FRST
Postes ensuite le fichier fixlog créé comme les rapports précédents :

start::closeprocesses:createrestorepoint:AS: McAfee VirusScan (Disabled - Up to date) {30AC4D1E-F45E-3AA6-6448-D23DAB3B5501} HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service" IE trusted site: HKU\S-1-5-21-1268290888-3007022714-2527991172-1001\...\webcompanion.com -> hxxp://webcompanion.com HKU\S-1-5-21-1268290888-3007022714-2527991172-1001\...\StartupApproved\Run: => "cacaoweb" Task: {4D8B36BA-D111-42C6-B652-B566E2D3D76E} - System32\Tasks\bookingDesktopAppUpdateTaskMachineUA => C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2019-11-10] (bookingDesktopApp.) [Fichier non signé] Task: {677E3D62-4EF7-446E-BE60-0FC95C989C4F} - System32\Tasks
pcapwatchdog => C:\Program Files\Npcap\CheckStatus.bat [862 2019-04-30] () [Fichier non signé] Task: {897E2AE5-39EC-40A0-A92E-A5B06483B6C3} - System32\Tasks\bookingDesktopAppUpdateTaskMachineCore => C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2019-11-10] (bookingDesktopApp.) [Fichier non signé] HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dpyqptgki1320egikmoq9ay_19_45_ssg00¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEtAzytDzyyEtByD0EtB0F0EyCyEyEtN0D0Tzu0StBzzyBtDtN1L2XzuyEtFyDyBtFtDtFyBtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAyByCyD0C0DyDtDtGtCyDyB0FtG0EyC0EtCtGyBzzyBtBtGyE0A0FzyyByE0Bzz0AtD0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtByEyB1O1QyEtDtGtDyByEtDtGyEzzyCyCtG1T1RyC1TtG1SyCyE1RyBzztBzz1OtDtDtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtAyEtDyCzytBzz%26cr%3D1358086379%26a%3Dwsg_dpyqptgki1320egikmoq9ay_19_45_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHomeHKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTEHKU\S-1-5-21-1268290888-3007022714-2527991172-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://fr.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dpyqptgki1320egikmoq9ay_19_45_ssg00¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEtAzytDzyyEtByD0EtB0F0EyCyEyEtN0D0Tzu0StBzzyBtDtN1L2XzuyEtFyDyBtFtDtFyBtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAyByCyD0C0DyDtDtGtCyDyB0FtG0EyC0EtCtGyBzzyBtBtGyE0A0FzyyByE0Bzz0AtD0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtByEyB1O1QyEtDtGtDyByEtDtGyEzzyCyCtG1T1RyC1TtG1SyCyE1RyBzztBzz1OtDtDtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtAyEtDyCzytBzz%26cr%3D1358086379%26a%3Dwsg_dpyqptgki1320egikmoq9ay_19_45_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHomeHKU\S-1-5-21-1268290888-3007022714-2527991172-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp17win10.msn.com/?pc=HCTESearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dpyqptgki1320egikmoq9ay_19_45_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEtAzytDzyyEtByD0EtB0F0EyCyEyEtN0D0Tzu0StBzzyBtDtN1L2XzuyEtFyDyBtFtDtFyBtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAyByCyD0C0DyDtDtGtCyDyB0FtG0EyC0EtCtGyBzzyBtBtGyE0A0FzyyByE0Bzz0AtD0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtByEyB1O1QyEtDtGtDyByEtDtGyEzzyCyCtG1T1RyC1TtG1SyCyE1RyBzztBzz1OtDtDtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtAyEtDyCzytBzz%26cr%3D1358086379%26a%3Dwsg_dpyqptgki1320egikmoq9ay_19_45_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dpyqptgki1320egikmoq9ay_19_45_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEtAzytDzyyEtByD0EtB0F0EyCyEyEtN0D0Tzu0StBzzyBtDtN1L2XzuyEtFyDyBtFtDtFyBtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAyByCyD0C0DyDtDtGtCyDyB0FtG0EyC0EtCtGyBzzyBtBtGyE0A0FzyyByE0Bzz0AtD0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtByEyB1O1QyEtDtGtDyByEtDtGyEzzyCyCtG1T1RyC1TtG1SyCyE1RyBzztBzz1OtDtDtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtAyEtDyCzytBzz%26cr%3D1358086379%26a%3Dwsg_dpyqptgki1320egikmoq9ay_19_45_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dpyqptgki1320egikmoq9ay_19_45_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEtAzytDzyyEtByD0EtB0F0EyCyEyEtN0D0Tzu0StBzzyBtDtN1L2XzuyEtFyDyBtFtDtFyBtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAyByCyD0C0DyDtDtGtCyDyB0FtG0EyC0EtCtGyBzzyBtBtGyE0A0FzyyByE0Bzz0AtD0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtByEyB1O1QyEtDtGtDyByEtDtGyEzzyCyCtG1T1RyC1TtG1SyCyE1RyBzztBzz1OtDtDtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtAyEtDyCzytBzz%26cr%3D1358086379%26a%3Dwsg_dpyqptgki1320egikmoq9ay_19_45_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dpyqptgki1320egikmoq9ay_19_45_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEtAzytDzyyEtByD0EtB0F0EyCyEyEtN0D0Tzu0StBzzyBtDtN1L2XzuyEtFyDyBtFtDtFyBtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAyByCyD0C0DyDtDtGtCyDyB0FtG0EyC0EtCtGyBzzyBtBtGyE0A0FzyyByE0Bzz0AtD0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtByEyB1O1QyEtDtGtDyByEtDtGyEzzyCyCtG1T1RyC1TtG1SyCyE1RyBzztBzz1OtDtDtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtAyEtDyCzytBzz%26cr%3D1358086379%26a%3Dwsg_dpyqptgki1320egikmoq9ay_19_45_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}SearchScopes: HKU\S-1-5-21-1268290888-3007022714-2527991172-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dpyqptgki1320egikmoq9ay_19_45_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEtAzytDzyyEtByD0EtB0F0EyCyEyEtN0D0Tzu0StBzzyBtDtN1L2XzuyEtFyDyBtFtDtFyBtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAyByCyD0C0DyDtDtGtCyDyB0FtG0EyC0EtCtGyBzzyBtBtGyE0A0FzyyByE0Bzz0AtD0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtByEyB1O1QyEtDtGtDyByEtDtGyEzzyCyCtG1T1RyC1TtG1SyCyE1RyBzztBzz1OtDtDtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtAyEtDyCzytBzz%26cr%3D1358086379%26a%3Dwsg_dpyqptgki1320egikmoq9ay_19_45_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}SearchScopes: HKU\S-1-5-21-1268290888-3007022714-2527991172-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wsg_dpyqptgki1320egikmoq9ay_19_45_ssg00¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Dfr%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0FyEtAzytDzyyEtByD0EtB0F0EyCyEyEtN0D0Tzu0StBzzyBtDtN1L2XzuyEtFyDyBtFtDtFyBtCtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2StAyByCyD0C0DyDtDtGtCyDyB0FtG0EyC0EtCtGyBzzyBtBtGyE0A0FzyyByE0Bzz0AtD0EyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDtByEyB1O1QyEtDtGtDyByEtDtGyEzzyCyCtG1T1RyC1TtG1SyCyE1RyBzztBzz1OtDtDtD2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1RzutCyDyBtAyEtDyCzytBzz%26cr%3D1358086379%26a%3Dwsg_dpyqptgki1320egikmoq9ay_19_45_ssg00%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}SearchScopes: HKU\S-1-5-21-1268290888-3007022714-2527991172-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = BHO: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll [2020-03-31] (McAfee, LLC -> McAfee, LLC) BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll [2020-03-31] (McAfee, LLC -> McAfee, LLC) FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpiFF Extension: (McAfee® WebAdvisor) - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi [2020-03-31] [UpdateUrl:hxxps://www.siteadvisor.com/waffinstall/update.json]FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\WebAdvisor\e10ssaffplg.xpi FF Plugin-x32: @bookingdesktopapp.com/bookingDesktopApp Update;version=3 -> C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0
pbookingDesktopAppUpdate3.dll [2019-11-10] (bookingDesktopApp.) [Fichier non signé]FF Plugin-x32: @bookingdesktopapp.com/bookingDesktopApp Update;version=9 -> C:\Program Files (x86)\bookingDesktopApp\Update\1.3.99.0
pbookingDesktopAppUpdate3.dll [2019-11-10] (bookingDesktopApp.) [Fichier non signé] CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?omnisearch=yes&q={searchTerms} C:\Users\huber\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfnciekpafndamlomnebbfophenfehbcCHR HKLM\...\Chrome\Extension: [pfnciekpafndamlomnebbfophenfehbc] CHR HKU\S-1-5-21-1268290888-3007022714-2527991172-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pfnciekpafndamlomnebbfophenfehbc] CHR HKLM-x32\...\Chrome\Extension: [pfnciekpafndamlomnebbfophenfehbc] S2 bookingdesktopapp; C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2019-11-10] (bookingDesktopApp.) [Fichier non signé]S3 bookingdesktopappm; C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe [102400 2019-11-10] (bookingDesktopApp.) [Fichier non signé] R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [913640 2020-03-31] (McAfee, LLC -> McAfee, LLC) S3 cpuz145; \??\C:\WINDOWS	emp\cpuz145\cpuz145_x64.sys [X]S3 EQU8_HELPER_tabg2; \??\C:\WINDOWS\system32\DRIVERS\EQU8_HELPER_tabg2.sys [X]U4 npcap_wifi; pas de ImagePathS3 VBAudioVMAUXVAIOMME; \SystemRoot\System32\drivers\vbaudio_vmauxvaio64_win10.sys [X]S3 VBAudioVMVAIOMME; \SystemRoot\System32\drivers\vbaudio_vmvaio64_win10.sys [X] S2 CorsairGamingAudioConfig; C:\Windows\System32\CorsairGamingAudioCfgService64.exe [X] cmd: md C:\WINDOWS\system32\config\systemprofile\AppData\Local\TileDataLayer\Databaseemptytemp:end::

MisteryBean · Answer

Copie ce qui suit , et sans coller nulle part , cliques sur corriger dans FRST 

FRST , c'est le programme que tu as utilisé pour créer les rapports

MisteryBean · Answer

RE_

Ok , ça a fait un bon nettoyage . As tu toujours cette fenêtre CMD qui s'ouvre ?

On peux attendre jusqu’à demain si tu veux tester et voir si elle reviens ?

MisteryBean · Answer

OK , à demain ;)

Un CMD qui s'ouvre tout seul

6 réponses

Discussions similaires