- mer. 14 déc. 2016 13:31
#181860
Yo salut a tous !
Je viens vers vous car depuis peu mon pc a des comportements etranges et tout me laisser penser qu'il est verolé, et malheureusement, il semblerais qu'il le soit bien plus que je l'imaginais :/ J'ai passé plusieurs scan/antivirus, donc adwcleaner, qui trouve toujours le meme nombre de menace, c'est a dire 93. J'ai passé JRT aussi, puis j'ai installé Avast. Je vous passe les deux rapports. En premier le rapport adwcleaner de ce matin. En deuxieme le rapport JRT.
Et finalement voici un screen de ce que me dis Avast.
Voila, j'espere avoir été claire
Merci a ceux qui se pencheront sur mon probleme !
Je viens vers vous car depuis peu mon pc a des comportements etranges et tout me laisser penser qu'il est verolé, et malheureusement, il semblerais qu'il le soit bien plus que je l'imaginais :/ J'ai passé plusieurs scan/antivirus, donc adwcleaner, qui trouve toujours le meme nombre de menace, c'est a dire 93. J'ai passé JRT aussi, puis j'ai installé Avast. Je vous passe les deux rapports. En premier le rapport adwcleaner de ce matin. En deuxieme le rapport JRT.
ABBC3_SPOILER_SHOW
# AdwCleaner v6.040 - Rapport créé le 14/12/2016 à 11:47:57
# Mis à jour le 02/12/2016 par Malwarebytes
# Base de données : 2016-12-14.1 [Serveur]
# Système d'exploitation : Windows 10 Pro (X64)
# Nom d'utilisateur : SoraruP - T300L
# Exécuté depuis : C:\Users\Bob Denard\Downloads\adwcleaner_6.040.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
Service trouvé: iSafeKrnl
Service trouvé: iSafeKrnlKit
Service trouvé: iSafeKrnlMon
Service trouvé: iSafeKrnlR3
Service trouvé: iSafeNetFilter
Service trouvé: iSafeService
Service trouvé: FirefoxU
Service trouvé: WinSAPSvc
Service trouvé: Archer
Service trouvé: iThemes5
***** [ Dossiers ] *****
Dossier trouvé: C:\Users\Bob Denard\AppData\Roaming\Elex-tech
Dossier trouvé: C:\Users\Bob Denard\AppData\Roaming\aMule
Dossier trouvé: C:\ProgramData\WinSAPSvc
Dossier trouvé: C:\ProgramData\winsapsvc
Dossier trouvé: C:\ProgramData\Application Data\WinSAPSvc
Dossier trouvé: C:\ProgramData\Application Data\winsapsvc
Dossier trouvé: C:\Program Files (x86)\Elex-tech
Dossier trouvé: C:\Program Files (x86)\WinArcher
Dossier trouvé: C:\Program Files (x86)\UvConverter
Dossier trouvé: C:\Program Files (x86)\winarcher
Dossier trouvé: C:\Program Files (x86)\amuleC1
Dossier trouvé: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\aMule
Dossier trouvé: C:\Program Files (x86)\Firefox
Dossier trouvé: C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\extensions\arthurj8283@gmail.com
Dossier trouvé: C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\extensions\arthurj8283@gmail.com
Dossier trouvé: C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\extensions\arthurj8283@gmail.com
Dossier trouvé: C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\extensions\arthurj8283@gmail.com
***** [ Fichiers ] *****
Fichier trouvé: C:\WINDOWS\SysNative\drivers\iSafeNetFilter.sys
Fichier trouvé: C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\searchplugins\amisites.xml
***** [ DLL ] *****
Aucune DLL patchée trouvée.
***** [ WMI ] *****
Aucune clé malveillante trouvée.
***** [ Raccourcis ] *****
Raccourci infecté: C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www.amisites.com/?type=sc&ts=1481709912 ... 4424402435 )
Raccourci infecté: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.amisites.com/?type=sc&ts=1481709912 ... DiskXSD6SN
Raccourci infecté: C:\Users\Bob Denard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( hxxp://www.amisites.com/?type=sc&ts=1481709912 ... mae0tbt1gd
Raccourci infecté: C:\Users\Bob Denard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.amisites.com/?type=sc&ts=1481709912 ... z3beg9mae0
Raccourci infecté: C:\Users\Bob Denard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www.amisites.com/?type=sc&ts=1481709912 ... 5gdz3beg9m
***** [ Tâches planifiées ] *****
Aucune tâche malveillante trouvée.
***** [ Registre ] *****
Clé trouvée: HKU\.DEFAULT\Software\ompndb
Clé trouvée: HKU\.DEFAULT\Software\jhtrsq
Clé trouvée: HKU\S-1-5-18\Software\ompndb
Clé trouvée: HKU\S-1-5-18\Software\jhtrsq
Clé trouvée: HKLM\SOFTWARE\Elex-tech
Clé trouvée: HKLM\SOFTWARE\ScreenShot
Clé trouvée: HKLM\SOFTWARE\ompndb
Clé trouvée: HKLM\SOFTWARE\WinArcher
Clé trouvée: HKLM\SOFTWARE\amisitesSoftware
Clé trouvée: HKLM\SOFTWARE\jhtrsq
Clé trouvée: HKLM\SOFTWARE\UvConv
Clé trouvée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Clé trouvée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19539992-061C-4E8B-9053-07B175303AF4}
Clé trouvée: [x64] HKLM\SOFTWARE\ompndb
Clé trouvée: [x64] HKLM\SOFTWARE\jhtrsq
Clé trouvée: HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
Clé trouvée: HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B68CE107A2DED706DC47D6BC4BF3C4C1
Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C767D9D7BB3F9C4B839FF09B6C80DCF
Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4EE2F0310EBEC29A0C48C035C43786AA
Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2A47D6F1D42DD81A292C027724D291
Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02C076B2283AB74D88D5E4D34BC497FF
Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
Clé trouvée: [x64] HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
Clé trouvée: [x64] HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
Donnée trouvée: HKU\S-1-5-21-3354676343-651119454-3863697023-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... 0tbt1gdg&f
Donnée trouvée: HKU\S-1-5-21-3354676343-651119454-3863697023-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... eg9mae0tbt
Donnée trouvée: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... 28G1002_13
Donnée trouvée: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... 6SN1M128G1
Donnée trouvée: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... 6SN1M128G1
Donnée trouvée: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.amisites.com/search/?type=ds&ts=148 ... anDiskXSD6
Donnée trouvée: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.amisites.com/search/?type=ds&ts=148 ... SD6SN1M128
Donnée trouvée: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... 28G1002_13
Donnée trouvée: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... 1M128G1002_
Donnée trouvée: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... SD6SN1M128
Donnée trouvée: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... SD6SN1M128
Donnée trouvée: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.amisites.com/search/?type=ds&ts=148 ... =SanDiskXS
Donnée trouvée: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.amisites.com/search/?type=ds&ts=148 ... kXSD6SN1M1
Donnée trouvée: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... 1M128G1002_
Clé trouvée: HKU\S-1-5-21-3354676343-651119454-3863697023-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Donnée trouvée: HKU\S-1-5-21-3354676343-651119454-3863697023-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Donnée trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Clé trouvée: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Donnée trouvée: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Donnée trouvée: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - "c:\program files (x86)\internet explorer\iexplore.exe" hxxp://www.amisites.com/?type=sc&ts=1481709912 ... 5fe4fa9969
Donnée trouvée: HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [] - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.amisites.com/?type=sc&ts=1481709912 ... fa9969ad93
Valeur trouvée: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
Valeur trouvée: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
Valeur trouvée: HKLM\SYSTEM\CurrentControlSet\Services\Themes [DependOnService]
Valeur trouvée: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
Valeur trouvée: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
Valeur trouvée: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
Valeur trouvée: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
***** [ Navigateurs web ] *****
Firefox préf trouvée: [C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\prefs.js] - "browser.newtab.url" - "hxxp://www.luckysearch123.com?type=hp&ts=14815 ... 1209&uid=s
Firefox préf trouvée: [C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\prefs.js] - "browser.search.searchengine.iconURL" - "hxxp://www.luckysearch123.com/favicon.ico?t=1"
Firefox préf trouvée: [C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\prefs.js] - "browser.search.searchengine.url" - "hxxp://www.luckysearch123.com/search.php?type=ds&ts=148153
Firefox préf trouvée: [C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\prefs.js] - "browser.startup.homepage" - "hxxp://www.amisites.com/?type=hp&ts=1481709912 ... d45fe4fa99
Aucune préférence Chromium malveillante trouvée.
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [9754 octets] - [25/11/2016 16:53:10]
C:\AdwCleaner\AdwCleaner[C2].txt - [1263 octets] - [29/11/2016 08:34:18]
C:\AdwCleaner\AdwCleaner[C3].txt - [6899 octets] - [05/12/2016 16:52:17]
C:\AdwCleaner\AdwCleaner[C4].txt - [6739 octets] - [11/12/2016 13:05:05]
C:\AdwCleaner\AdwCleaner[S0].txt - [9293 octets] - [25/11/2016 16:52:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [1451 octets] - [29/11/2016 08:32:18]
C:\AdwCleaner\AdwCleaner[S2].txt - [6197 octets] - [05/12/2016 16:50:39]
C:\AdwCleaner\AdwCleaner[S3].txt - [14988 octets] - [09/12/2016 17:07:12]
C:\AdwCleaner\AdwCleaner[S4].txt - [8611 octets] - [11/12/2016 13:03:48]
C:\AdwCleaner\AdwCleaner[S5].txt - [12285 octets] - [14/12/2016 11:47:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [12360 octets] ##########
# Mis à jour le 02/12/2016 par Malwarebytes
# Base de données : 2016-12-14.1 [Serveur]
# Système d'exploitation : Windows 10 Pro (X64)
# Nom d'utilisateur : SoraruP - T300L
# Exécuté depuis : C:\Users\Bob Denard\Downloads\adwcleaner_6.040.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
Service trouvé: iSafeKrnl
Service trouvé: iSafeKrnlKit
Service trouvé: iSafeKrnlMon
Service trouvé: iSafeKrnlR3
Service trouvé: iSafeNetFilter
Service trouvé: iSafeService
Service trouvé: FirefoxU
Service trouvé: WinSAPSvc
Service trouvé: Archer
Service trouvé: iThemes5
***** [ Dossiers ] *****
Dossier trouvé: C:\Users\Bob Denard\AppData\Roaming\Elex-tech
Dossier trouvé: C:\Users\Bob Denard\AppData\Roaming\aMule
Dossier trouvé: C:\ProgramData\WinSAPSvc
Dossier trouvé: C:\ProgramData\winsapsvc
Dossier trouvé: C:\ProgramData\Application Data\WinSAPSvc
Dossier trouvé: C:\ProgramData\Application Data\winsapsvc
Dossier trouvé: C:\Program Files (x86)\Elex-tech
Dossier trouvé: C:\Program Files (x86)\WinArcher
Dossier trouvé: C:\Program Files (x86)\UvConverter
Dossier trouvé: C:\Program Files (x86)\winarcher
Dossier trouvé: C:\Program Files (x86)\amuleC1
Dossier trouvé: C:\WINDOWS\SysWoW64\config\systemprofile\AppData\Roaming\aMule
Dossier trouvé: C:\Program Files (x86)\Firefox
Dossier trouvé: C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\extensions\arthurj8283@gmail.com
Dossier trouvé: C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\extensions\arthurj8283@gmail.com
Dossier trouvé: C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\extensions\arthurj8283@gmail.com
Dossier trouvé: C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\extensions\arthurj8283@gmail.com
***** [ Fichiers ] *****
Fichier trouvé: C:\WINDOWS\SysNative\drivers\iSafeNetFilter.sys
Fichier trouvé: C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\searchplugins\amisites.xml
***** [ DLL ] *****
Aucune DLL patchée trouvée.
***** [ WMI ] *****
Aucune clé malveillante trouvée.
***** [ Raccourcis ] *****
Raccourci infecté: C:\Users\Public\Desktop\Mozilla Firefox.lnk ( hxxp://www.amisites.com/?type=sc&ts=1481709912 ... 4424402435 )
Raccourci infecté: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.amisites.com/?type=sc&ts=1481709912 ... DiskXSD6SN
Raccourci infecté: C:\Users\Bob Denard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk ( hxxp://www.amisites.com/?type=sc&ts=1481709912 ... mae0tbt1gd
Raccourci infecté: C:\Users\Bob Denard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.amisites.com/?type=sc&ts=1481709912 ... z3beg9mae0
Raccourci infecté: C:\Users\Bob Denard\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk ( hxxp://www.amisites.com/?type=sc&ts=1481709912 ... 5gdz3beg9m
***** [ Tâches planifiées ] *****
Aucune tâche malveillante trouvée.
***** [ Registre ] *****
Clé trouvée: HKU\.DEFAULT\Software\ompndb
Clé trouvée: HKU\.DEFAULT\Software\jhtrsq
Clé trouvée: HKU\S-1-5-18\Software\ompndb
Clé trouvée: HKU\S-1-5-18\Software\jhtrsq
Clé trouvée: HKLM\SOFTWARE\Elex-tech
Clé trouvée: HKLM\SOFTWARE\ScreenShot
Clé trouvée: HKLM\SOFTWARE\ompndb
Clé trouvée: HKLM\SOFTWARE\WinArcher
Clé trouvée: HKLM\SOFTWARE\amisitesSoftware
Clé trouvée: HKLM\SOFTWARE\jhtrsq
Clé trouvée: HKLM\SOFTWARE\UvConv
Clé trouvée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Clé trouvée: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{19539992-061C-4E8B-9053-07B175303AF4}
Clé trouvée: [x64] HKLM\SOFTWARE\ompndb
Clé trouvée: [x64] HKLM\SOFTWARE\jhtrsq
Clé trouvée: HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
Clé trouvée: HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B68CE107A2DED706DC47D6BC4BF3C4C1
Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C767D9D7BB3F9C4B839FF09B6C80DCF
Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4EE2F0310EBEC29A0C48C035C43786AA
Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2A47D6F1D42DD81A292C027724D291
Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02C076B2283AB74D88D5E4D34BC497FF
Clé trouvée: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F39E5917C417B4041A46F88010121C6E
Clé trouvée: [x64] HKLM\SOFTWARE\Classes\Installer\Features\F39E5917C417B4041A46F88010121C6E
Clé trouvée: [x64] HKLM\SOFTWARE\Classes\Installer\Products\F39E5917C417B4041A46F88010121C6E
Donnée trouvée: HKU\S-1-5-21-3354676343-651119454-3863697023-1001\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... 0tbt1gdg&f
Donnée trouvée: HKU\S-1-5-21-3354676343-651119454-3863697023-1001\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... eg9mae0tbt
Donnée trouvée: HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... 28G1002_13
Donnée trouvée: HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... 6SN1M128G1
Donnée trouvée: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... 6SN1M128G1
Donnée trouvée: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.amisites.com/search/?type=ds&ts=148 ... anDiskXSD6
Donnée trouvée: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.amisites.com/search/?type=ds&ts=148 ... SD6SN1M128
Donnée trouvée: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... 28G1002_13
Donnée trouvée: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... 1M128G1002_
Donnée trouvée: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... SD6SN1M128
Donnée trouvée: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... SD6SN1M128
Donnée trouvée: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.amisites.com/search/?type=ds&ts=148 ... =SanDiskXS
Donnée trouvée: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.amisites.com/search/?type=ds&ts=148 ... kXSD6SN1M1
Donnée trouvée: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.amisites.com/?type=hp&ts=1481709912 ... 1M128G1002_
Clé trouvée: HKU\S-1-5-21-3354676343-651119454-3863697023-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Donnée trouvée: HKU\S-1-5-21-3354676343-651119454-3863697023-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Clé trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Donnée trouvée: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Clé trouvée: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Donnée trouvée: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] -
Donnée trouvée: HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [] - "c:\program files (x86)\internet explorer\iexplore.exe" hxxp://www.amisites.com/?type=sc&ts=1481709912 ... 5fe4fa9969
Donnée trouvée: HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command [] - "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.amisites.com/?type=sc&ts=1481709912 ... fa9969ad93
Valeur trouvée: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [WinSAPSvc]
Valeur trouvée: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost [ArcherGroupEx]
Valeur trouvée: HKLM\SYSTEM\CurrentControlSet\Services\Themes [DependOnService]
Valeur trouvée: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
Valeur trouvée: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
Valeur trouvée: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
Valeur trouvée: HKLM\SOFTWARE\Mozilla\Firefox\Extensions [arthurj8283@gmail.com]
***** [ Navigateurs web ] *****
Firefox préf trouvée: [C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\prefs.js] - "browser.newtab.url" - "hxxp://www.luckysearch123.com?type=hp&ts=14815 ... 1209&uid=s
Firefox préf trouvée: [C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\prefs.js] - "browser.search.searchengine.iconURL" - "hxxp://www.luckysearch123.com/favicon.ico?t=1"
Firefox préf trouvée: [C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\prefs.js] - "browser.search.searchengine.url" - "hxxp://www.luckysearch123.com/search.php?type=ds&ts=148153
Firefox préf trouvée: [C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\prefs.js] - "browser.startup.homepage" - "hxxp://www.amisites.com/?type=hp&ts=1481709912 ... d45fe4fa99
Aucune préférence Chromium malveillante trouvée.
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [9754 octets] - [25/11/2016 16:53:10]
C:\AdwCleaner\AdwCleaner[C2].txt - [1263 octets] - [29/11/2016 08:34:18]
C:\AdwCleaner\AdwCleaner[C3].txt - [6899 octets] - [05/12/2016 16:52:17]
C:\AdwCleaner\AdwCleaner[C4].txt - [6739 octets] - [11/12/2016 13:05:05]
C:\AdwCleaner\AdwCleaner[S0].txt - [9293 octets] - [25/11/2016 16:52:18]
C:\AdwCleaner\AdwCleaner[S1].txt - [1451 octets] - [29/11/2016 08:32:18]
C:\AdwCleaner\AdwCleaner[S2].txt - [6197 octets] - [05/12/2016 16:50:39]
C:\AdwCleaner\AdwCleaner[S3].txt - [14988 octets] - [09/12/2016 17:07:12]
C:\AdwCleaner\AdwCleaner[S4].txt - [8611 octets] - [11/12/2016 13:03:48]
C:\AdwCleaner\AdwCleaner[S5].txt - [12285 octets] - [14/12/2016 11:47:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S5].txt - [12360 octets] ##########
ABBC3_SPOILER_SHOW
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Pro x64
Ran by SoraruP (Administrator) on 14/12/2016 at 11:53:14.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 5
Failed to delete: C:\Users\Bob Denard\AppData\Roaming\elex-tech (Folder)
Failed to delete: C:\WINDOWS\system32\drivers\isafenetfilter.sys (File)
Failed to delete: C:\Program Files (x86)\elex-tech (Folder)
Successfully deleted: C:\ProgramData\nico mak computing (Folder)
Successfully deleted: C:\Users\Bob Denard\AppData\Roaming\nico mak computing (Folder)
Deleted the following from C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\prefs.js
user_pref(browser.search.searchengine.alias, );
user_pref(browser.search.searchengine.name, luck);
user_pref(browser.search.searchengine.ref, );
user_pref(browser.search.searchengine.ts, 1481530029);
user_pref(browser.search.searchengine.type, );
user_pref(browser.search.searchengine.uid, sandiskxsd6sn1m128g1002_134424402435);
Registry: 6
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnl (Registry Key)
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnlKit (Registry Key)
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnlR3 (Registry Key)
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\iSafeNetFilter (Registry Key)
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\iSafeService (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnlMon (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/12/2016 at 11:54:00.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 10 Pro x64
Ran by SoraruP (Administrator) on 14/12/2016 at 11:53:14.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
File System: 5
Failed to delete: C:\Users\Bob Denard\AppData\Roaming\elex-tech (Folder)
Failed to delete: C:\WINDOWS\system32\drivers\isafenetfilter.sys (File)
Failed to delete: C:\Program Files (x86)\elex-tech (Folder)
Successfully deleted: C:\ProgramData\nico mak computing (Folder)
Successfully deleted: C:\Users\Bob Denard\AppData\Roaming\nico mak computing (Folder)
Deleted the following from C:\Users\Bob Denard\AppData\Roaming\Mozilla\Firefox\Profiles\14k5e964.default-1462644100556\prefs.js
user_pref(browser.search.searchengine.alias, );
user_pref(browser.search.searchengine.name, luck);
user_pref(browser.search.searchengine.ref, );
user_pref(browser.search.searchengine.ts, 1481530029);
user_pref(browser.search.searchengine.type, );
user_pref(browser.search.searchengine.uid, sandiskxsd6sn1m128g1002_134424402435);
Registry: 6
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnl (Registry Key)
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnlKit (Registry Key)
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnlR3 (Registry Key)
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\iSafeNetFilter (Registry Key)
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\iSafeService (Registry Key)
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\iSafeKrnlMon (Registry Key)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14/12/2016 at 11:54:00.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Voila, j'espere avoir été claire
Merci a ceux qui se pencheront sur mon probleme !
FLTL_BYYacyn