FORUM D’ENTRAIDE INFORMATIQUE (FEI)
Site d’assistance et de sécurité informatique

Infection ordi

Aide à la désinfection (pages publicitaires, moteur de recherche remplacé, redirections, virus...).
Règles du forum : Entraide concernant la désinfection et la sécurité informatique : en cas de publicités intempestives, pop-up, redirections, logiciels indésirables, ralentissements suspects, virus, etc.
Une désinfection complète vous sera assurée : désinfection, sécurisation, puis prévention.
Seuls les helpers (personnes qualifiées et formées à la désinfection) ainsi que le staff sont autorisés à apporter leur aide dans cette section.
Merci également de prendre connaissance de la charte générale du forum.
 Répondre
  • Avatar du membre
  • Avatar du membre
Avatar du membre

Infection ordi

par Boby Nashi
 mar. 11 nov. 2014 13:46 #150801
Bonjour à tous,

un nouveau topic pour régler un petit soucis.
Pour rappel je tourne sous W10 actuellement et lorsque je change de page sur internet (chrome) en cliquant sur un lien (pour ouvrir un article par exemple), un onglet internet s'ouvre. Voici le lien du dernier : http://tuneuppro.com/tlv/2/?utm_source= ... S5zzML0V8E
C'est effectivement toujours des pubs d'optimisation de pc.
J'ai Panda comme antivirus. J'ai essayé de supprimer les extentions indésirables et les logiciels avec revo mais là rien n'y fait.
De plus j'ai aussi dynamic pricer dont je n'arrive pas à me débarrasser!

Merci par avance pour votre aide.

Boby
Avatar du membre

Re: Infection ordi

par Boby Nashi
 mar. 11 nov. 2014 14:12 #150807
Voici le rapport de adw.

Je n'arrive pas à installer l'autre logiciel même en désactivant mon antivirus
Fichiers joints
rapport adwC.jpg
rapport adwC.jpg (233.68 Kio) Vu 10646 fois
Avatar du membre

Re: Infection ordi

par 2011N2
 mar. 11 nov. 2014 16:02 #150818
Re,

Non le rapport est dans C:\AdwCleaner\AdwCleaner[S0].txt

Quel est le problème avec l'autre logiciel ?

Gabriel.
Avatar du membre

Re: Infection ordi

par Boby Nashi
 mer. 12 nov. 2014 10:44 #150917
Gabriel, Voici le résumé de l'analyse (jamais réussi à poster sous forme de fichier):

# AdwCleaner v4.101 - Report created 11/11/2014 at 13:54:32
# Updated 09/11/2014 by Xplode
# Database : 2014-11-10.9 [Live]
# Operating System : Windows Technical Preview (64 bits)
# Username : Boby Nashi - WIN-49RCPSE517N
# Running from : C:\Users\Boby Nashi\Downloads\adwcleaner_4.101.exe
# Option : Scan

***** [ Services ] *****

Service Found : globalUpdate
Service Found : globalUpdatem
Service Found : WindowsMangerProtect
Service Found : ClaraUpdater

***** [ Files / Folders ] *****

File Found : C:\Users\Boby Nashi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Boby Nashi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Folder Found : C:\Program Files (x86)\BrowsersApp_Pro+_version2.1
Folder Found : C:\Program Files (x86)\CloudGuard
Folder Found : C:\Program Files (x86)\Common Files\ClaraUpdater
Folder Found : C:\Program Files (x86)\globalUpdate
Folder Found : C:\Program Files (x86)\predm
Folder Found : C:\Program Files (x86)\SupTab
Folder Found : C:\Program Files (x86)\Wajam
Folder Found : C:\ProgramData\IePluginServices
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Found : C:\ProgramData\WindowsMangerProtect
Folder Found : C:\Users\Boby Nashi\AppData\Local\BoBrowser
Folder Found : C:\Users\Boby Nashi\AppData\Local\globalUpdate
Folder Found : C:\Users\Boby Nashi\AppData\Roaming\omiga-plus

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\BrowsersApp_Pro+_version2.1
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611501155}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKCU\Software\Smartbar
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\SupHpUISoft
Key Found : HKCU\Software\TutoTag
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\InstalledBrowserExtensions
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKCU\Software\SmartBar
Key Found : [x64] HKCU\Software\Smartbar
Key Found : [x64] HKCU\Software\SupHpUISoft
Key Found : [x64] HKCU\Software\TutoTag
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611501155}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622502255}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{11111111-1111-1111-1111-311111111111}
Key Found : HKLM\SOFTWARE\Classes\Interface\{11111111-1111-1111-1111-411111111111}
Key Found : HKLM\SOFTWARE\Classes\Interface\{11111111-1111-1111-1111-711111111111}
Key Found : HKLM\SOFTWARE\Classes\Interface\{11111111-1111-1111-1111-811111111111}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22222222-2222-2222-2222-222222222222}
Key Found : HKLM\SOFTWARE\Classes\Interface\{33333333-3333-3333-3333-333333333333}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655505555}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655575577}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666506655}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666576677}
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644504455}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644504455}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611501155}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : HKLM\SOFTWARE\omiga-plusSoftware
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\SupTab
Key Found : HKLM\SOFTWARE\supWindowsMangerProtect
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611501155}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622502255}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{11111111-1111-1111-1111-311111111111}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{11111111-1111-1111-1111-411111111111}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{11111111-1111-1111-1111-711111111111}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{11111111-1111-1111-1111-811111111111}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{22222222-2222-2222-2222-222222222222}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{33333333-3333-3333-3333-333333333333}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655505555}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655575577}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666506655}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666576677}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611501155}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9860.0

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRLaxhQjTDUm4JL_E69KVEPrMKC7Nstn808ieiBIPSLtu-bNO7xioH4EjUhVR-miDPBQvNMHIEoQfC8G1kYx281ol7R-6B1_b-Uxi0s9T8DuYaxGV-pShEzlPp-s1LyombmYoWkmVk8Hpg,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.omiga-plus.com/?type=hp&ts=1415351903&from=tugs&uid=ST9750420AS_6WS14VQ8XXXX6WS14VQ8
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRLaxhQjTDUm4JL_E69KVEPrMKC7Nstn808ieiBIPSLtu-bNO7xioH4EjUhVR-miDPBQvNMHIEoQfC8G1kYx281ol7R-6B1_b-Uxi0s9T8DuYaxGV-pShEzlPp-s1LyombmYoWkmVk8Hpg,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.omiga-plus.com/?type=hp&ts=1415351903&from=tugs&uid=ST9750420AS_6WS14VQ8XXXX6WS14VQ8
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRLaxhQjTDUm4JL_E69KVEPrMKC7Nstn808ieiBIPSLtu-bNO7xioH4EjUhVR-miDPBQvNMHIEoQfC8G1kYx281ol7R-6B1_b-Uxi0s9T8DuYaxGV-pShEzlPp-s1LyombmYoWkmVk8Hpg,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRLaxhQjTDUm4JL_E69KVEPrMKC7Nstn808ieiBIPSLtu-bNO7xioH4EjUhVR-miDPBQvNMHIEoQfC8G1kYx281ol7R-6B1_b-Uxi0s9T8DuYaxGV-pShEzlPp-s1LyombmYoWkmVk8Hpg,,&q={searchTerms}
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRLaxhQjTDUm4JL_E69KVEPrMKC7Nstn808ieiBIPSLtu-bNO7xioH4EjUhVR-miDPBQvNMHIEoQfC8G1kYx281ol7R-6B1_b-Uxi0s9T8DuYaxGV-pShEzlPp-s1LyombmYoWkmVk8Hpg,,&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1415351903&from=tugs&uid=ST9750420AS_6WS14VQ8XXXX6WS14VQ8&q={searchTerms}
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://isearch.omiga-plus.com/?type=hp&ts=1415351903&from=tugs&uid=ST9750420AS_6WS14VQ8XXXX6WS14VQ8
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://isearch.omiga-plus.com/?type=hp&ts=1415351903&from=tugs&uid=ST9750420AS_6WS14VQ8XXXX6WS14VQ8
Setting Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1415351903&from=tugs&uid=ST9750420AS_6WS14VQ8XXXX6WS14VQ8&q={searchTerms}

-\\ Google Chrome v38.0.2125.111


*************************

AdwCleaner[R0].txt - [15434 octets] - [11/11/2014 13:54:32]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [15495 octets] ##########
Avatar du membre

Re: Infection ordi

par Boby Nashi
 mer. 12 nov. 2014 12:57 #150925
Et j'ai enfin réussi à utiliser l'autre programme dont voici le compte rendu : Après double nettoyage ce foutu popup est toujours là :/

¤¤¤¤¤¤¤¤¤¤ | AdsFix | g3n-h@ckm@n | 07.11.2014.3

¤¤¤¤¤ Vista | 7 | 8 | 8.1 - 32/64 bits ¤¤¤¤¤ - Start 10:49:21 - 12/11/2014

update on : 07/11/2014 | 13.40 by g3n-h@ckm@n™
Contact : http://www.sosvirus.net
Assistance : http://www.sosvirus.net/forum-virus-securite.html
Feedbacks : http://www.sosvirus.net/feedbacks-t75915.html
Facebook : https://www.facebook.com/AdsFix
Boot: Normal boot
[Boby Nashi (Administrator)] - [WIN-49RCPSE517N] - (France [0409])
SID = S-1-5-21-3019094729-1005342373-1940622812-1000 || [426f6279204e61736869205e5e]
PC : ASUSTeK Computer Inc. - K53SD -
Bios : American Megatrends Inc. - 11/02/2011
System : Windows Technical Preview (64 bits) Professional
RAM memory = Total (MB) : 8159 | Free (MB) : 4615
Pagefile = Total (MB) : 10125 | Free (MB) : 6261
Virtual = Total (MB) : 4194 | Free (MB) : 3993

Registry saved, to restore : : C:\AdsFix\Save\Registry [12.11.2014 @ 10_49_20] (Click on Options & Restore the register)
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> "restore"

¤¤¤¤¤¤¤¤¤¤ | Windows Updates

No windows updates detected !!!

¤¤¤¤¤¤¤¤¤¤ | Browsers

IE : 11.0.9860.0 (© Microsoft Corporation. All rights reserved.)
GC : 38.0.2125.111 (Copyright 2012 Google Inc. All rights reserved.)

¤¤¤¤¤¤¤¤¤¤ | Security (atcav : 0)

AV : Windows Defender Enabled
AS : Windows Defender Enabled
FW :
WMI : OK
WU: Windows Update Service [Manual(3)] = Order
AS: Windows Defender [Auto(2)] = Order
FW: Windows FireWall Service [Auto(2)] = Order

¤¤¤¤¤¤¤¤¤¤ | FlashPlayer

ActiveX : 15.0.0.189

¤¤¤¤¤¤¤¤¤¤ | Killed processes

1488 | [Owner : SYSTEM |Parent : 780] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.4052) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
1520 | [Owner : SYSTEM |Parent : 780] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 340.52.) - (8.17.13.4052) = C:\Windows\System32\nvvsvc.exe
1656 | [Owner : SYSTEM |Parent : 1520] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.4052) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1664 | [Owner : SYSTEM |Parent : 1520] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 340.52.) - (8.17.13.4052) = C:\Windows\System32\nvvsvc.exe
1128 | [Owner : SYSTEM |Parent : 780] - (.Fuyu LIMITED - WindowsProtectManger Service.) - (20.0.0.1064) = C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
1968 | [Owner : SYSTEM |Parent : 780] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.4.9860.0) = C:\Windows\System32\spoolsv.exe
2124 | [Owner : SYSTEM |Parent : 780] - (.ClaraLabs - ClaraUpdater.) - (2.45.4.2) = C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
2168 | [Owner : SYSTEM |Parent : 780] - (.Intel Corporation - IntelCpHeciSvc Executable.) - (9.0.0.1340) = C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2176 | [Owner : LOCAL SERVICE |Parent : 1380] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.4.9860.0) = C:\Windows\System32\dasHost.exe
2232 | [Owner : SYSTEM |Parent : 780] - (.Panda Security, S.L. - Agent Service.) - (1.3.4.0) = C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
1764 | [Owner : NETWORK SERVICE |Parent : 780] - (.Microsoft Corporation - Microsoft Distributed Transaction Coordinator Service.) - (2001.12.10790.0) = C:\Windows\System32\msdtc.exe
3992 | [Owner : SYSTEM |Parent : 2288] - (.globalUpdate - globalUpdate Update.) - (1.3.25.0) = C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
4032 | [Owner : SYSTEM |Parent : 3084] - (.Google Inc. - Google Installer.) - (1.3.21.103) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
4072 | [Owner : SYSTEM |Parent : 780] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.9860.0) = C:\Windows\System32\SearchIndexer.exe
3444 | [Owner : Boby Nashi |Parent : 1372] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.4.9860.0) = C:\Windows\System32\taskhostex.exe
1144 | [Owner : Boby Nashi |Parent : 3360] - (.Microsoft Corporation - Windows Explorer.) - (6.4.9860.0) = C:\Windows\explorer.exe
1272 | [Owner : Boby Nashi |Parent : 308] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (6.4.9860.0) = C:\Windows\System32\SettingSyncHost.exe
1360 | [Owner : Boby Nashi |Parent : 1656] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.4052) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
4580 | [Owner : Boby Nashi |Parent : 1360] - (.NVIDIA Corporation - NVIDIA Update Backend.) - (10.4.0.4) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
5168 | [Owner : Boby Nashi |Parent : 1144] - (.Intel Corporation - igfxTray Module.) - (8.15.10.3347) = C:\Windows\System32\igfxtray.exe
5280 | [Owner : Boby Nashi |Parent : 1144] - (.Intel Corporation - hkcmd Module.) - (8.15.10.3347) = C:\Windows\System32\hkcmd.exe
5616 | [Owner : Boby Nashi |Parent : 1144] - (.Intel Corporation - persistence Module.) - (8.15.10.3347) = C:\Windows\System32\igfxpers.exe
5388 | [Owner : Boby Nashi |Parent : 308] - (.Microsoft Corporation - Runtime Broker.) - (6.4.9860.0) = C:\Windows\System32\RuntimeBroker.exe
7136 | [Owner : NETWORK SERVICE |Parent : 780] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.9860.0) = C:\Program Files\Windows Media Player\wmpnetwk.exe
6380 | [Owner : Boby Nashi |Parent : 308] - (.Microsoft Corporation - OneDrive Sync Engine Host.) - (6.4.9860.0) = C:\Windows\System32\SkyDrive.exe
5364 | [Owner : Boby Nashi |Parent : 308] - (.Microsoft Corporation - Application Frame Host.) - (6.4.9860.0) = C:\Windows\System32\ApplicationFrameHost.exe
3408 | [Owner : LOCAL SERVICE |Parent : 1372] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.4.9860.0) = C:\Windows\System32\taskhost.exe
5256 | [Owner : Boby Nashi |Parent : 308] - (.Microsoft Corporation - Microsoft WWA Host.) - (6.4.9860.0) = C:\Windows\System32\WWAHost.exe
4204 | [Owner : Boby Nashi |Parent : 308] - (.Microsoft Corporation - Communications Service.) - (17.5.9860.20645) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9860.20645_x64__8wekyb3d8bbwe\livecomm.exe
3452 | [Owner : Boby Nashi |Parent : 1144] - (. - Aut2Exe.) - (4.1.0.1) = C:\Users\Boby Nashi\Downloads\adwcleaner_4.101.exe
7836 | [Owner : SYSTEM |Parent : 780] - (.pdfforge GmbH - PDF Architect 2.) - (2.1.6.19758) = C:\Program Files (x86)\PDF Architect 2\creator-ws.exe
7908 | [Owner : Boby Nashi |Parent : 308] - (.Microsoft Corporation - Microsoft WWA Host.) - (6.4.9860.0) = C:\Windows\System32\WWAHost.exe
2144 | [Owner : Boby Nashi |Parent : 308] - (.Microsoft Corporation - Store Broker.) - (6.4.9860.0) = C:\Windows\WinStore\WSHost.exe
6472 | [Owner : LOCAL SERVICE |Parent : 1380] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (6.4.9860.0) = C:\Windows\System32\WUDFHost.exe
Avatar du membre

Re: Infection ordi

par Boby Nashi
 mer. 12 nov. 2014 12:58 #150926
suite :


4216 | [Owner : Boby Nashi |Parent : 308] - (.Microsoft Corporation - Windows Reader.) - (6.4.9841.0) = C:\Program Files\WindowsApps\Microsoft.Reader_6.4.9841.0_x64__8wekyb3d8bbwe\glcnd.exe
7860 | [Owner : Boby Nashi |Parent : 308] - (.Microsoft Corporation - OneNote.) - (16.0.3030.1024) = C:\Program Files\WindowsApps\Microsoft.Office.OneNote_16.0.3030.1024_x64__8wekyb3d8bbwe\onenoteim.exe
6488 | [Owner : LOCAL SERVICE |Parent : 1380] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.4.9860.0) = C:\Windows\System32\dasHost.exe

¤¤¤¤¤¤¤¤¤¤ | Tasks



¤¤¤¤¤¤¤¤¤¤ | Services

Deleted successfully : HKLM\SYSTEM\ControlSet001\Services\ClaraUpdater : C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe

¤¤¤¤¤¤¤¤¤¤ | AppCertDlls | AppInit_DLLs


¤¤¤¤¤¤¤¤¤¤ | Hosts

Hosts : Ok

¤¤¤¤¤¤¤¤¤¤ | SafeBoot

Repaired : [HKLM | Minimal\vga.sys] : -> Driver
Repaired : [HKLM | Minimal\vgasave.sys] : -> Driver

¤

Repaired : [HKLM | Network\vga.sys] : -> Driver
Repaired : [HKLM | Network\vgasave.sys] : -> Driver

¤¤¤¤¤¤¤¤¤¤ | Winsock


¤¤¤¤¤¤¤¤¤¤ | Register

Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000_Classes\BoBrowser.QVKZQUTRG3DGIL4MZDM5725MSM
Deleted successfully : HKLM64\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Deleted successfully : HKLM64\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Deleted successfully : HKLM64\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Deleted successfully : HKLM64\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Deleted successfully : HKLM64\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Deleted successfully : HKLM64\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Deleted successfully : HKLM64\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Deleted successfully : HKLM64\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Deleted successfully : HKLM64\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Deleted successfully : HKLM64\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Deleted successfully : HKLM64\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Deleted successfully : HKLM64\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Deleted successfully : HKLM64\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Deleted successfully : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Deleted successfully : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Deleted successfully : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Deleted successfully : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Deleted successfully : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Deleted successfully : HKLM64\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611501155} : BrowsersApp_Pro+_version2.1 # C:\Program Files (x86)\BrowsersApp_Pro+_version2.1\BrowsersApp_Pro+_version2.1-bho64.dll #
Deleted successfully : HKLM64\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622502255} : 8d6c6b503bec4fef8265c6850bf8e3d80065055.Sandbox # C:\Program Files (x86)\BrowsersApp_Pro+_version2.1\BrowsersApp_Pro+_version2.1-bho64.dll #
Deleted successfully : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611501155} : BrowsersApp_Pro+_version2.1 # C:\Program Files (x86)\BrowsersApp_Pro+_version2.1\BrowsersApp_Pro+_version2.1-bho.dll #
Deleted successfully : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622502255} : 8d6c6b503bec4fef8265c6850bf8e3d80065055.Sandbox # C:\Program Files (x86)\BrowsersApp_Pro+_version2.1\BrowsersApp_Pro+_version2.1-bho.dll #
Deleted successfully : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC} : PSFactoryBuffer # C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll #
Deleted successfully : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A} : C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll #
Deleted successfully : HKLM64\SOFTWARE\Classes\Typelib\{44444444-4444-4444-4444-440644504455} : 8d6c6b503bec4fef8265c6850bf8e3d80065055 Type Library # C:\Program Files (x86)\BrowsersApp_Pro+_version2.1\BrowsersApp_Pro+_version2.1-bho64.dll # C:\Program Files (x86)\BrowsersApp_Pro+_version2.1\BrowsersApp_Pro+_version2.1-bho.dll
Deleted successfully : HKLM64\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655505555} : {44444444-4444-4444-4444-440644504455} (Tlib)
Deleted successfully : HKLM64\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666506655} : {44444444-4444-4444-4444-440644504455} (Tlib)
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655505555} : {44444444-4444-4444-4444-440644504455} (Tlib)
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{5E6487A6-75F4-4EAF-9A86-04AB74E05878} : IIDBrowserExtension
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666506655} : {44444444-4444-4444-4444-440644504455} (Tlib)
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{E89628EB-C4CE-4853-8AEE-8FCE8E75E717} : IFsrmFileManagementJobManagerTools
Deleted successfully : HKLM\SOFTWARE\Classes\Interface\{ee321ecb-d95e-48e9-907c-c7685a013235} : IFsrmFileManagementJobManager
Deleted successfully : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]~[BrowsersApp_Pro+_version2.1-bg.exe]
Deleted successfully : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION]~[Muvic.exe]
Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\bobrowser.exe
Deleted successfully : HKLM64\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Deleted successfully : HKLM64\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Deleted successfully : HKLM64\SOFTWARE\InstalledBrowserExtensions
Deleted successfully : HKLM\SOFTWARE\Clara
Deleted successfully : HKLM\SOFTWARE\GlobalUpdate
Deleted successfully : HKLM\SOFTWARE\InstalledBrowserExtensions
Deleted successfully : HKLM\SOFTWARE\omiga-plusSoftware
Deleted successfully : HKLM\SOFTWARE\SupDp
Deleted successfully : HKLM\SOFTWARE\supWindowsMangerProtect
Deleted successfully : HKLM\SOFTWARE\Tutorials
Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\globalUpdate
Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\InstalledBrowserExtensions
Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Smartbar
Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\TutoTag
Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\AppDataLow\Software\BrowsersApp_Pro+_version2.1
Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\AppDataLow\Software\HQProVideo 1.6V07.11
Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\Software\Clients\StartMenuInternet\BoBrowser.QVKZQUTRG3DGIL4MZDM5725MSM
Deleted successfully : HKU\S-1-5-18\SOFTWARE\AppDataLow\Software\BrowsersApp_Pro+_version2.1
Deleted successfully : HKLM\SOFTWARE\CloudGuard : C:\Program Files (x86)\CloudGuard
Deleted successfully : HKLM64\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Deleted successfully : HKLM64\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Deleted successfully : HKLM64\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Deleted successfully : HKLM64\SOFTWARE\Wow6432Node\supTab
Deleted successfully : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Deleted successfully : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} : ShopperReports.dll (String)
Deleted successfully : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} : ShoppingReport.dll (String)
Deleted successfully : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} : BabylonToolbar.dll (String)
Deleted successfully : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} : alot.dll;alot.dll (String)
Deleted successfully : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} : BabylonToolbar.dll (String)
Deleted successfully : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} : ShoppingReport.dll (String)
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} (CLSID)
Deleted successfully : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3f39c18f-aeb9-400b-a6a6-c8e15c837e0d} : C:\Program Files (x86)\BrowsersApp_Pro+_version2.1
Deleted successfully : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5f04b3e2-c14c-4856-9647-0ddec9b444f3} : C:\Program Files (x86)\HQProVideo 1.6V07.11
Deleted successfully : HKLM64\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{965f30ae-9b97-40c8-9e6f-96ad44f2acf2} : C:\Program Files (x86)\BrowsersApp_Pro+_version2.1
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3f39c18f-aeb9-400b-a6a6-c8e15c837e0d} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} : C:\Program Files (x86)\globalUpdate\Update
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5f04b3e2-c14c-4856-9647-0ddec9b444f3} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{965f30ae-9b97-40c8-9e6f-96ad44f2acf2} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} (CLSID)
Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BB9787C-4F2B-42BA-8286-195EEB71523F} : C:\Program Files (x86)\BrowsersApp_Pro+_version2.1
Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2AA4B080-7B98-4E51-B7AA-4D17EB64CB4} : C:\Program Files (x86)\HQProVideo 1.6V07.11
Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3f39c18f-aeb9-400b-a6a6-c8e15c837e0d} (CLSID)
Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5f04b3e2-c14c-4856-9647-0ddec9b444f3} (CLSID)
Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6E9079C3-BC4C-43C6-9539-A2C8E5987211} : C:\Program Files (x86)\HQProVideo 1.6V07.11
Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7B9C6906-A121-4B5F-A54-CF6E6C4466A9} : C:\Program Files (x86)\HQProVideo 1.6V07.11
Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{965f30ae-9b97-40c8-9e6f-96ad44f2acf2} (CLSID)
Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9A5E0472-2317-4F3B-91D5-A838F57C51FB} : C:\Program Files (x86)\BrowsersApp_Pro+_version2.1
Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A747FDDA-CE11-4FAE-AAD9-21BB3A4ED2E3} : C:\Program Files (x86)\HQProVideo 1.6V07.11
Deleted successfully : HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DC3DA310-23A5-41BF-9227-1B5DC9B8BF} : C:\Program Files (x86)\HQProVideo 1.6V07.11
Deleted successfully : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298} (CLSID)
Deleted successfully : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A} (CLSID)
Deleted successfully : [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]~[C:\Users\Boby Nashi\AppData\Local\Smartbar\Common\]
Deleted successfully : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CloudGuard
Deleted successfully : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I - Cinema
Deleted successfully : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall
Deleted successfully : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Avatar du membre

Re: Infection ordi

par Boby Nashi
 mer. 12 nov. 2014 13:01 #150927
encore :


¤¤¤¤¤¤¤¤¤¤ | Folders | Files

Deleted successfully : C:\Program Files (x86)\BrowsersApp_Pro+_version2.1
Deleted successfully : C:\Program Files (x86)\CloudGuard
Deleted successfully : C:\Program Files (x86)\globalUpdate
Deleted successfully : C:\Program Files (x86)\HQProVideo 1.6V07.11
Deleted successfully : C:\Program Files (x86)\predm
Deleted successfully : C:\Program Files (x86)\SupTab
Deleted successfully : C:\Program Files (x86)\Wajam
Deleted successfully : C:\Program Files (x86)\Common Files\ClaraUpdater
Deleted successfully : C:\Users\All Users\IePluginServices
Deleted successfully : C:\Users\All Users\WindowsMangerProtect
Deleted successfully : C:\Users\All Users\Start Menu\Programs\Wajam
Deleted successfully : C:\Users\Boby Nashi\AppData\Roaming\omiga-plus
Deleted successfully : C:\Users\Boby Nashi\AppData\Local\BoBrowser
Deleted successfully : C:\Users\Boby Nashi\AppData\Local\globalUpdate
Deleted successfully : C:\Users\Boby Nashi\AppData\Roaming\SCVJDT (.-.)
Deleted successfully : C:\Users\Boby Nashi\AppData\Roaming\SCVJDT.exe (Copyright 2011.-.BrowsersApp_Pro+_version2.1) BrowsersApp_Pro+_version2.1.exe
Deleted successfully : C:\Users\Boby Nashi\AppData\Roaming\VRTS (.-.)
Deleted successfully : C:\Users\Boby Nashi\AppData\Roaming\VRTS.exe (Copyright 2011.-.BrowsersApp_Pro+_version2.1) BrowsersApp_Pro+_version2.1.exe
Deleted successfully : C:\Users\Boby Nashi\AppData\Roaming\XBKP (.-.)
Deleted successfully : C:\Users\Boby Nashi\AppData\Roaming\XBKP.exe (Copyright 2011.-.HQProVideo 1.6V07.11) HQProVideo 1.6V07.11.exe
Deleted successfully : C:\Users\Boby Nashi\AppData\Roaming\XKKMX (.-.)
Deleted successfully : C:\Users\Boby Nashi\AppData\Roaming\XKKMX.exe (Copyright 2011.-.HQProVideo 1.6V07.11) HQProVideo 1.6V07.11.exe
Deleted successfully : C:\Users\Boby Nashi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage (.-.)
Deleted successfully : C:\Users\Boby Nashi\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal (.-.)

¤¤¤¤¤¤¤¤¤¤ | .LNK


¤¤¤¤¤¤¤¤¤¤ | opening unknown extension


¤¤¤¤¤¤¤¤¤¤ | Proxy

Deleted successfully : S-1-5-21-3019094729-1005342373-1940622812-1000 : Proxyserver -> http=127.0.0.1:55086;https=127.0.0.1:55086

¤¤¤¤¤¤¤¤¤¤ | Internet Explorer

Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main]~[Search Bar] : -> https://www.google.com/
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main]~[Start Page] : http://isearch.omiga-plus.com/?type=hp&ts=1415351903&from=tugs&uid=ST9750420AS_6WS14VQ8XXXX6WS14VQ8 -> https://www.google.com/
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main]~[Start Default_Page_URL] : -> https://www.google.com/
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\System32\blank.htm -> C:\WINDOWS\SysWOW64\blank.htm
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main]~[Search Page] : http://isearch.omiga-plus.com/web/?type=ds&ts=1415351903&from=tugs&uid=ST9750420AS_6WS14VQ8XXXX6WS14VQ8&q={searchTerms} -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main]~[Default_Search_URL] : http://isearch.omiga-plus.com/web/?type=ds&ts=1415351903&from=tugs&uid=ST9750420AS_6WS14VQ8XXXX6WS14VQ8&q={searchTerms} -> http://go.microsoft.com/fwlink/?LinkId=54896
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main]~[Default_Page_URL] : http://isearch.omiga-plus.com/?type=hp&ts=1415351903&from=tugs&uid=ST9750420AS_6WS14VQ8XXXX6WS14VQ8 -> http://go.microsoft.com/fwlink/?LinkId=69157
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\SearchURL]~[Default] : -> https://www.google.com/
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main]~[CustomizeSearch] : -> https://www.google.com/
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main]~[SearchMigratedDefaultName] : -> google.com
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Main]~[SearchMigratedDefaultURL] : -> https://www.google.com/
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[SearchAssistant] : -> https://www.google.com/
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[Search Bar] : -> https://www.google.com/
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[Start Page] : -> https://www.google.com/
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[Start Default_Page_URL] : -> https://www.google.com/
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[Local Page] : -> C:\WINDOWS\SysWOW64\blank.htm
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[Search Page] : -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[Default_Search_URL] : -> http://go.microsoft.com/fwlink/?LinkId=54896
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[Default_Page_URL] : -> http://go.microsoft.com/fwlink/?LinkId=69157
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[CustomizeSearch] : -> https://www.google.com/
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[SearchMigratedDefaultName] : -> google.com
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\Search]~[SearchMigratedDefaultURL] : -> https://www.google.com/
Repaired : [HKLM64\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]~[Tabs] : -> https://www.google.com/
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]~[Search Bar] : -> https://www.google.com/
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]~[Start Default_Page_URL] : -> https://www.google.com/
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURL]~[Default] : -> https://www.google.com/
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]~[CustomizeSearch] : -> https://www.google.com/
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]~[SearchMigratedDefaultName] : -> google.com
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main]~[SearchMigratedDefaultURL] : -> https://www.google.com/
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[SearchAssistant] : -> https://www.google.com/
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[Search Bar] : -> https://www.google.com/
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[Start Page] : -> https://www.google.com/
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[Start Default_Page_URL] : -> https://www.google.com/
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[Local Page] : -> C:\WINDOWS\SysWOW64\blank.htm
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[Search Page] : -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[Default_Search_URL] : -> http://go.microsoft.com/fwlink/?LinkId=54896
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[Default_Page_URL] : -> http://go.microsoft.com/fwlink/?LinkId=69157
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[CustomizeSearch] : -> https://www.google.com/
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[SearchMigratedDefaultName] : -> google.com
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search]~[SearchMigratedDefaultURL] : -> https://www.google.com/
Repaired : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]~[Tabs] : -> https://www.google.com/
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[Search Bar] : http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRLaxhQjTDUm4JL_E69KVEPrMKC7Nstn808ieiBIPSLtu-bNO7xioH4EjUhVR-miDPBQvNMHIEoQfC8G1kYx281ol7R-6B1_b-Uxi0s9T8DuYaxGV-pShEzlPp-s1LyombmYoWkmVk8Hpg,,&q={searchTerms} -> https://www.google.com/
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[Start Page] : http://isearch.omiga-plus.com/?type=hp&ts=1415351903&from=tugs&uid=ST9750420AS_6WS14VQ8XXXX6WS14VQ8 -> https://www.google.com/
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[Start Default_Page_URL] : -> https://www.google.com/

Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[Local Page] : C:\WINDOWS\system32\blank.htm -> C:\WINDOWS\SysWOW64\blank.htm
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[Search Page] : http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRLaxhQjTDUm4JL_E69KVEPrMKC7Nstn808ieiBIPSLtu-bNO7xioH4EjUhVR-miDPBQvNMHIEoQfC8G1kYx281ol7R-6B1_b-Uxi0s9T8DuYaxGV-pShEzlPp-s1LyombmYoWkmVk8Hpg,,&q={searchTerms} -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[Default_Search_URL] : -> http://go.microsoft.com/fwlink/?LinkId=54896
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[Default_Page_URL] : http://isearch.omiga-plus.com/?type=hp&ts=1415351903&from=tugs&uid=ST9750420AS_6WS14VQ8XXXX6WS14VQ8 -> http://go.microsoft.com/fwlink/?LinkId=69157
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\SearchURL]~[Default] : http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRLaxhQjTDUm4JL_E69KVEPrMKC7Nstn808ieiBIPSLtu-bNO7xioH4EjUhVR-miDPBQvNMHIEoQfC8G1kYx281ol7R-6B1_b-Uxi0s9T8DuYaxGV-pShEzlPp-s1LyombmYoWkmVk8Hpg,,&q={searchTerms} -> https://www.google.com/
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[CustomizeSearch] : -> https://www.google.com/
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[SearchMigratedDefaultName] : -> google.com
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Main]~[SearchMigratedDefaultURL] : -> https://www.google.com/
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[SearchAssistant] : http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRLaxhQjTDUm4JL_E69KVEPrMKC7Nstn808ieiBIPSLtu-bNO7xioH4EjUhVR-miDPBQvNMHIEoQfC8G1kYx281ol7R-6B1_b-Uxi0s9T8DuYaxGV-pShEzlPp-s1LyombmYoWkmVk8Hpg,,&q={searchTerms} -> https://www.google.com/
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[Search Bar] : -> https://www.google.com/
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[Start Page] : -> https://www.google.com/
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[Start Default_Page_URL] : -> https://www.google.com/
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[Local Page] : -> C:\WINDOWS\SysWOW64\blank.htm
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[Search Page] : -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[Default_Search_URL] : http://feed.helperbar.com/?p=mKO_AwFzXIpYRa0ymfMnbpqxFRcw9bO9KVavhRLaxhQjTDUm4JL_E69KVEPrMKC7Nstn808ieiBIPSLtu-bNO7xioH4EjUhVR-miDPBQvNMHIEoQfC8G1kYx281ol7R-6B1_b-Uxi0s9T8DuYaxGV-pShEzlPp-s1LyombmYoWkmVk8Hpg,,&q={searchTerms} -> http://go.microsoft.com/fwlink/?LinkId=54896
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[Default_Page_URL] : -> http://go.microsoft.com/fwlink/?LinkId=69157
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[CustomizeSearch] : -> https://www.google.com/
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[SearchMigratedDefaultName] : -> google.com
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\Search]~[SearchMigratedDefaultURL] : -> https://www.google.com/
Repaired : [HKU\S-1-5-21-3019094729-1005342373-1940622812-1000\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]~[Tabs] : -> https://www.google.com/


¤¤¤¤¤¤¤¤¤¤ | Google Chrome

Deleted successfully : C:\Users\Boby Nashi\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Reseted successfully : SearchURL
Deleted successfully : C:\Users\Boby Nashi\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Impossible to reset : Preferences

C:\Users\Boby Nashi\AppData\Local\Google\Chrome\User Data\Default\extensions\aapocclcgogkmnckokdopfmhonfmgoek = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Boby Nashi\AppData\Local\Google\Chrome\User Data\Default\extensions\aohghmighlieiainnegkcijnfilokake = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Boby Nashi\AppData\Local\Google\Chrome\User Data\Default\extensions\apdfllckaahabafndbhieahigkjlhalf = : Google & co - https://drive.google.com/?usp=chrome_app - Google & co - [http://docs.google.com/http://drive.google.com/https://docs.google.com/https://drive.google.com/] - http://clients2.google.com/service/update2/crx
C:\Users\Boby Nashi\AppData\Local\Google\Chrome\User Data\Default\extensions\bepbmhgboaologfdajaanbcjmnhjmhfn = : This extension allows you to say ‘Ok Google’ and start speaking your search. - Google Voice Search Hotword (Beta) - https://clients2.google.com/service/update2/crx
C:\Users\Boby Nashi\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com/?feature=ytca - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\Boby Nashi\AppData\Local\Google\Chrome\User Data\Default\extensions\coobgpohoikkiipiblmjeljniedjpjpf = : Google & co - http://www.google.com/webhp?source=search_app - Google & co - [*://www.google.com/search*://www.google.com/webhp*://www.google.com/imgres] - http://clients2.google.com/service/update2/crx
C:\Users\Boby Nashi\AppData\Local\Google\Chrome\User Data\Default\extensions\felcaaldnbdncclmgdcncolpebgiejap = : Google & co - Google & co - https://clients2.google.com/service/update2/crx
C:\Users\Boby Nashi\AppData\Local\Google\Chrome\User Data\Default\extensions\gighmmpiobklfepjocnamgkkbiglidom = : __MSG_description2__ - AdBlock - https://clients2.google.com/service/update2/crx
C:\Users\Boby Nashi\AppData\Local\Google\Chrome\User Data\Default\extensions\kpkeomdjahkcjckfbhpdaflfmiahnaaa = - Pink Floyd - The Wall - http://clients2.google.com/service/update2/crx
C:\Users\Boby Nashi\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccmgmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Boby Nashi\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoejaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx

¤¤¤¤¤¤¤¤¤¤ | Chromium



¤¤¤¤¤¤¤¤¤¤ | Comodo Dragon



¤¤¤¤¤¤¤¤¤¤ | Firefox



¤¤¤¤¤¤¤¤¤¤ | SeaMonkey



¤¤¤¤¤¤¤¤¤¤ | Pale moon



¤¤¤¤¤¤¤¤¤¤ | Opera



¤¤¤¤¤¤¤¤¤¤ | Spark



¤¤¤¤¤¤¤¤¤¤ | StartMenuInternet


¤¤¤¤¤¤¤¤¤¤ | Javascript


¤¤¤¤¤¤¤¤¤¤ | Firewall


¤¤¤¤¤¤¤¤¤¤ | Temporary files

[All Users] Temporary files deleted : 0 Ko
[Boby Nashi] Temporary files deleted : 0 Ko
[Default] Temporary files deleted : 0 Ko
[Default User] Temporary files deleted : 0 Ko
[Default.migrated] Temporary files deleted : 0 Ko
[Public] Temporary files deleted : 0 Ko
[C:\WINDOWS\Temp] Temporary files deleted : 0 Ko
[C:\Temp] Temporary files deleted : 0 Ko


Other(s) report(s)


¤¤¤¤¤¤¤¤¤¤ | Listing


¤¤¤¤¤¤¤¤¤¤ | C:\Program Files (x86)

[09/10/2014 20:08:30] - |D| - C:\Program Files (x86)\Common Files
[09/10/2014 21:12:33] - |ASH| - C:\Program Files (x86)\desktop.ini
[07/11/2014 09:47:35] - |D| - C:\Program Files (x86)\Google
[07/11/2014 09:47:33] - |D| - C:\Program Files (x86)\GUMA36D.tmp
[07/11/2014 09:47:33] - |A| - C:\Program Files (x86)\GUTA36E.tmp
[07/11/2014 11:25:15] - |D| - C:\Program Files (x86)\Intel
[09/10/2014 21:12:31] - |D| - C:\Program Files (x86)\Internet Explorer
[09/10/2014 21:12:31] - |D| - C:\Program Files (x86)\Microsoft.NET
[09/11/2014 19:46:33] - |D| - C:\Program Files (x86)\NVIDIA Corporation
[07/11/2014 11:14:04] - |D| - C:\Program Files (x86)\Panda Security
[11/11/2014 14:12:35] - |D| - C:\Program Files (x86)\PDF Architect 2
[09/10/2014 21:12:31] - |D| - C:\Program Files (x86)\Windows Defender
[09/10/2014 21:12:31] - |D| - C:\Program Files (x86)\Windows Mail
[09/10/2014 21:12:31] - |D| - C:\Program Files (x86)\Windows Media Player
[09/10/2014 21:12:31] - |D| - C:\Program Files (x86)\Windows Multimedia Platform
[09/10/2014 21:12:31] - |D| - C:\Program Files (x86)\Windows NT
[09/10/2014 21:12:31] - |D| - C:\Program Files (x86)\Windows Photo Viewer
[09/10/2014 21:12:31] - |D| - C:\Program Files (x86)\Windows Portable Devices
[09/10/2014 21:12:31] - |SHD| - C:\Program Files (x86)\Windows Sidebar
[09/10/2014 21:12:31] - |D| - C:\Program Files (x86)\WindowsPowerShell

¤¤¤¤¤¤¤¤¤¤ | C:\Program Files

[07/11/2014 11:43:56] - |D| - C:\Program Files\CCleaner
[09/10/2014 20:08:30] - |D| - C:\Program Files\Common Files
[09/10/2014 21:12:43] - |ASH| - C:\Program Files\desktop.ini
[09/10/2014 21:12:32] - |D| - C:\Program Files\Internet Explorer
[09/11/2014 19:46:32] - |D| - C:\Program Files\NVIDIA Corporation
[13/09/2014 08:45:34] - |HD| - C:\Program Files\Uninstall Information
[07/11/2014 11:22:13] - |D| - C:\Program Files\VS Revo Group
[09/10/2014 21:12:32] - |D| - C:\Program Files\Windows Defender
[09/10/2014 23:05:47] - |D| - C:\Program Files\Windows Journal
[09/10/2014 21:12:32] - |D| - C:\Program Files\Windows Mail
[09/10/2014 21:12:32] - |D| - C:\Program Files\Windows Media Player
[09/10/2014 21:12:32] - |D| - C:\Program Files\Windows Multimedia Platform
[09/10/2014 21:12:32] - |D| - C:\Program Files\Windows NT
[09/10/2014 21:12:32] - |D| - C:\Program Files\Windows Photo Viewer
[09/10/2014 21:12:32] - |D| - C:\Program Files\Windows Portable Devices
[09/10/2014 21:12:32] - |SHD| - C:\Program Files\Windows Sidebar
[09/10/2014 21:12:32] - |HD| - C:\Program Files\WindowsApps
[09/10/2014 21:12:32] - |D| - C:\Program Files\WindowsPowerShell

¤¤¤¤¤¤¤¤¤¤ | C:\Program Files (x86)\Common Files

[09/10/2014 21:12:31] - |D| - C:\Program Files (x86)\Common Files\Microsoft Shared
[09/10/2014 21:12:31] - |D| - C:\Program Files (x86)\Common Files\Services
[09/10/2014 21:12:31] - |D| - C:\Program Files (x86)\Common Files\System

¤¤¤¤¤¤¤¤¤¤ | C:\Program Files\Common Files

[09/10/2014 21:12:32] - |D| - C:\Program Files\Common Files\microsoft shared
[09/10/2014 21:12:32] - |D| - C:\Program Files\Common Files\Services
[09/10/2014 21:12:32] - |D| - C:\Program Files\Common Files\System

¤¤¤¤¤¤¤¤¤¤ | C:\Users\Boby Nashi\AppData\Roaming

[07/11/2014 09:42:50] - |D| - C:\Users\Boby Nashi\AppData\Roaming\Adobe
[10/11/2014 01:00:52] - |D| - C:\Users\Boby Nashi\AppData\Roaming\Identities
[07/11/2014 09:44:52] - |D| - C:\Users\Boby Nashi\AppData\Roaming\Macromedia
[09/11/2014 19:49:38] - |SD| - C:\Users\Boby Nashi\AppData\Roaming\Microsoft
[07/11/2014 11:14:22] - |D| - C:\Users\Boby Nashi\AppData\Roaming\Panda Security
[11/11/2014 14:06:38] - |D| - C:\Users\Boby Nashi\AppData\Roaming\pdfforge
[10/11/2014 15:34:07] - |D| - C:\Users\Boby Nashi\AppData\Roaming\vlc

¤¤¤¤¤¤¤¤¤¤ | C:\Users\Boby Nashi\AppData\Local

[09/11/2014 19:49:38] - |SHD| - C:\Users\Boby Nashi\AppData\Local\Application Data
[11/11/2014 13:57:09] - |D| - C:\Users\Boby Nashi\AppData\Local\Diagnostics
[07/11/2014 09:43:57] - |SHD| - C:\Users\Boby Nashi\AppData\Local\EmieSiteList
[07/11/2014 09:43:57] - |SHD| - C:\Users\Boby Nashi\AppData\Local\EmieUserList
[07/11/2014 09:47:35] - |D| - C:\Users\Boby Nashi\AppData\Local\Google
[09/11/2014 19:49:38] - |SHD| - C:\Users\Boby Nashi\AppData\Local\History
[09/11/2014 19:49:38] - |D| - C:\Users\Boby Nashi\AppData\Local\Microsoft
[10/11/2014 01:01:10] - |D| - C:\Users\Boby Nashi\AppData\Local\NVIDIA
[07/11/2014 09:42:49] - |D| - C:\Users\Boby Nashi\AppData\Local\Packages
[11/11/2014 14:08:28] - |D| - C:\Users\Boby Nashi\AppData\Local\PDFCreator
[07/11/2014 10:16:57] - |D| - C:\Users\Boby Nashi\AppData\Local\Programs
[09/11/2014 19:49:38] - |SHD| - C:\Users\Boby Nashi\AppData\Local\Temporary Internet Files
[07/11/2014 09:42:49] - |D| - C:\Users\Boby Nashi\AppData\Local\VirtualStore
[07/11/2014 11:22:22] - |D| - C:\Users\Boby Nashi\AppData\Local\VS Revo Group

¤¤¤¤¤¤¤¤¤¤ | C:\ProgramData

[09/10/2014 21:33:33] - |SHD| - C:\ProgramData\Application Data
[13/09/2014 08:26:30] - |D| - C:\ProgramData\Comms
[09/10/2014 21:33:33] - |SHD| - C:\ProgramData\Desktop
[09/10/2014 21:33:33] - |SHD| - C:\ProgramData\Documents
[09/10/2014 21:33:56] - |D| - C:\ProgramData\Feedback
[09/10/2014 21:12:31] - |SD| - C:\ProgramData\Microsoft
[07/11/2014 20:01:00] - |D| - C:\ProgramData\NVIDIA
[09/11/2014 19:46:40] - |D| - C:\ProgramData\NVIDIA Corporation
[07/11/2014 10:18:42] - |D| - C:\ProgramData\Panda Security
[11/11/2014 14:06:44] - |D| - C:\ProgramData\PDF Architect 2
[09/10/2014 21:12:31] - |D| - C:\ProgramData\regid.1991-06.com.microsoft
[09/10/2014 21:33:33] - |SHD| - C:\ProgramData\Start Menu
[09/10/2014 21:33:33] - |SHD| - C:\ProgramData\Templates
[07/11/2014 11:22:16] - |D| - C:\ProgramData\VS Revo Group

¤¤¤¤¤¤¤¤¤¤ | C:\WINDOWS\Tasks

[09/10/2014 21:33:34] - |AH| - C:\WINDOWS\Tasks\SA.DAT

¤¤¤¤¤¤¤¤¤¤ | C:\WINDOWS\System32\Tasks

[09/10/2014 21:12:31] - |D| - C:\WINDOWS\System32\Tasks\Microsoft

[X] : [14402 Ko]

Analyzed : 95969 | Modified : 64 | Infected : 140

¤¤¤¤¤¤¤¤¤¤ |EOF| ¤¤¤¤¤¤¤¤¤¤ | 12:19:35 | [45 Ko]
Avatar du membre

Re: Infection ordi

par 2011N2
 ven. 14 nov. 2014 15:52 #151089
Salut,

Fais ZHPFix comme ceci avec ces lignes, et poste le rapport.
Boby Nashi a écrit :J'aimerais bien apprendre à lire les rapports... Qu'est ce que tu recherches exactement dedans?
Des infections principalement. :)
Pour apprendre à lire les rapports, ça prend du temps mais il existe des centres de formation gratuits en ligne. Si tu veux tu as plus d'infos ici : http://www.forum-entraide-informatique. ... t8528.html

Gabriel.
Avatar du membre

Re: Infection ordi

par Boby Nashi
 ven. 14 nov. 2014 17:13 #151099
Salut Gabriel,

Voici le rapport!

http://cjoint.com/?DKorrFRw8cH

Pour ce qui est des cours, je n'ai pas vraiment le temps en ce moment (école d'ingé + entreprise + apprendre le japonais = manque de temps!! :p) mais je garde précieusement le lien pour plus tard.

Franck
Avatar du membre

Re: Infection ordi

par 2011N2
 mar. 2 déc. 2014 13:51 #152591
Bonjour,

Pas de problème. :)

Comment se comporte le PC ?
Fais un nouveau rapport ZHPDiag.

Gabriel.
Avatar du membre

Re: Infection ordi

par Boby Nashi
 mar. 2 déc. 2014 14:11 #152594
Ca va déja beaucoup mieux effectivement! Je suis en train de faire un scan sur mon pc avec Panda du coup ça bloque mon ZHPDiag (enfin je pense que ça vient de ça). Je te tiens au jus dès que j'y arrive.

Petites questions intermédiaires en attendant que ça finisse :
-Quel est pour toi le meilleurs combo de protection gratuit? J'utilise Panda et MBAM pour le moment mais j'ai peur qu'il y ait un pb de compatibilité
-Sais tu si on peut désinfecter un DD externe pour éviter de devoir le formater?
Avatar du membre

Re: Infection ordi

par 2011N2
 mar. 2 déc. 2014 14:21 #152596
Re,

D'accord. :)

Après je te donnerai la finalisation, tu verras, normalement tu trouveras les réponses à ces questions là-bas. :)

MBAM est compatible avec un antivirus, donc il est censé bien fonctionner avec Panda.
Et pour le DD externe oui, tu peux avec UsbFix (que tu verras dans la finalisation). ;)

Gabriel.
Avatar du membre

Re: Infection ordi

par Boby Nashi
 mer. 10 déc. 2014 15:42 #153092
Salut Gabriel,

j'ai enfin eu le temps de m'en occuper un peu! J'ai donc relancé un scan avec ZHPdiag que j'ai finalement du réinstaller vu qu'il ne fonctionnnait pas.

On va enfin arriver au bout de ce post :p

Comment tu tires du rapport le code à entrer pour ZHPFix?

http://cjoint.com/?DLkpXq04OC5
Avatar du membre

Re: Infection ordi

par 2011N2
 mer. 10 déc. 2014 16:45 #153099
Salut,

Bien. :D

Pour ZHPFix, il faut savoir interpréter le rapport, ce qui permet de faire le script ZHPFix. :)

D'ailleurs apparemment ton disque C est plein (0 Go de libre), il faudrait libérer quelques Go si possible.
Juste une toute petite trace dans un navigateur ; refais ZHPFix avec ces lignes et poste le rapport :
Code : Tout sélectionner
Script ZHPFix
O69 - SBI: SearchScopes [HKCU] {094B0205-20C6-4AEE-9C26-BDAEC8F94666} [DefaultScope] - (Vosteran) - http://Vosteran.com 
EmptyPrefetch
Gabriel.
Avatar du membre

Re: Infection ordi

par Boby Nashi
 mer. 10 déc. 2014 16:52 #153100
Cool! tout bon alors =)

oui mon disque est plein mais il ne fait que 25 Go c'est celui dédié à W10 j'en ai 3 autres avec de la place, je ne le touche plus lui!

Pour USBfix, j'ai juste à lancer l'analyse?
Avatar du membre

Re: Infection ordi

par Boby Nashi
 lun. 15 déc. 2014 11:54 #153444
Hey!

Alors je me suis lancé ce matin sur la finalisation et... ça commence mal! :p Alors quand j'ai lancé Secunia PSI il m'a dit qu'il n'arrivait pas à se connecter --' finalement après l'avoir relancé il a fait la recherche mais... il a freezé sur la page de chargement des recherches. Pourtant j'ai bien reçu une notification comme quoi il fallait faire des MaJ manuelles et quand je passe sur la miniature dans les icones cachés il m'indique "plusieurs de vos programmes requièrent des MaJ manuelles". mais il reste éternellement sur la page de démarrage avec loading marqué.

Une idée pour fixer ça?
Avatar du membre

Re: Infection ordi

par Boby Nashi
 lun. 15 déc. 2014 13:34 #153455
Ah si! finalement ça a fonctionné! Par contre, est-ce que je dois tout mettre à jour? Parce que j'ai quelques logiciels hum hum que je ne peux pas Maj...
Avatar du membre

Re: Infection ordi

par 2011N2
 lun. 15 déc. 2014 17:28 #153466
Salut,

D'accord. ^^ Qu'est-ce que tu ne peux pas mettre à jour ?
Après, est-ce que ça ne te permettrait pas d'en profiter pour désinstaller certains programmes dont tu ne te sers plus ?

Gabriel.
Avatar du membre

Re: Infection ordi

par Boby Nashi
 mar. 16 déc. 2014 10:42 #153499
Hey!

Alors toute la suite Adobe (PS, AI, etc.) je dois les garder et il y a un logiciel appelé Open VPN dont je ne connais pas l'usage. Est-ce que je peux le shooter sans risque?
Avatar du membre

Re: Infection ordi

par 2011N2
 mar. 16 déc. 2014 14:05 #153502
Salut,

OK, donc mets la suite Adobe à jour si possible. ;)
Et oui tu peux désinstaller Open VPN sans problème.

Gabriel.
Avatar du membre

Re: Infection ordi

par 2011N2
 mar. 16 déc. 2014 18:26 #153522
Salut,

Passe UsbFix en suppression et poste le rapport stp.
Boby Nashi a écrit :Je ne sais pas si mon dd à formater est récupérable :/
Précise ?

Gabriel.
Avatar du membre

Re: Infection ordi

par Boby Nashi
 mer. 17 déc. 2014 10:31 #153557
Il me demande toujours de le formater après nettoyage et redémarrage :(

Je peux passer à l'étape suivante de la finalisation?
Avatar du membre

Re: Infection ordi

par Boby Nashi
 mer. 17 déc. 2014 10:41 #153558
Ah et depuis mon ordi plante en fait... tous les icônes disparaissent du bureau ainsi que la barre des tâches en bas de l'écran (celle ou il y a le bouton démarrer)...

MAJ :

ça semble s'être fixé quand il a fait une maj et redémarré une nouvelle fois! je suis donc prêt pour la suite de la finalisation avec toujours le problème de dd externe à formater (j'ai des documents importants dedans :( )
Avatar du membre

Re: Infection ordi

par 2011N2
 mer. 17 déc. 2014 16:10 #153573
Salut,

T'as possibilité de voir si ton disque dur fonctionne normalement sur un autre PC ?

Gabriel.
 Répondre
 Retourner vers « Désinfection »
désinstaller sophos

j'ai fait une recherche sophos avec regedit https[…]

FLTL_READ_MORE
Букмекерийн газар

Сайн уу. Би та бүхэнд Мелбет Монгол https://melbe[…]

FLTL_READ_MORE
Заказ наружной рекламы в Нижнем Новгороде

Рекламно-Производственная Компания «Ресурс&r[…]

FLTL_READ_MORE
Des conseils pour intégrer un chatbot sur mon site e-commerce?

Bonjour, Oui le chabot est très utile il p[…]

FLTL_READ_MORE
FLTL_VIEW_MORE_TOPICS