FORUM D’ENTRAIDE INFORMATIQUE (FEI)
Site d’assistance et de sécurité informatique

Aide à la désinfection (pages publicitaires, moteur de recherche remplacé, redirections, virus...).
Règles du forum : Entraide concernant la désinfection et la sécurité informatique : en cas de publicités intempestives, pop-up, redirections, logiciels indésirables, ralentissements suspects, virus, etc.
Une désinfection complète vous sera assurée : désinfection, sécurisation, puis prévention.
Seuls les helpers (personnes qualifiées et formées à la désinfection) ainsi que le staff sont autorisés à apporter leur aide dans cette section.
Merci également de prendre connaissance de la charte générale du forum.
  • Avatar du membre
  • Avatar du membre
#201454
https://www.cjoint.com/c/JCbk2qdxCpm
https://www.cjoint.com/c/JCbk3Hg6NQm
https://www.cjoint.com/c/JCbk4h6mdCm
ET les ZHP cleaner, lancés avant ta demande :
https://www.cjoint.com/c/JCbk5mRKGQm
https://www.cjoint.com/c/JCbk53mJKhm

Conscient de ne pas avoir dons suivi exactement ton protocole, mais je suis paré à suivre scrupuleusement tes instructions, thanks
#201457
re Tinou

Lance Farbar

Image


Copies les lignes suivantes dans le cadre rouge


start::
CloseProcesses:
CreateRestorePoint:
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=shnl&hsimp=yhs-001&type=c11055dc37401dae4e47bebf3df&param1=IE&param2=4&param3=campaignID%3D983%26UserID%3D1010678482&param4=XPbueSzfBeG6K2MlxBpfEDPN+SxVpua8beXQzoS1GYKYX9iWjIAFEmvclWBbrhjndV++0pf457ScwisW9HijmBmjcGv8Wd2ZcSi8pfFEf6yohHlkCzLrSHN6HIqDGoDUuBNSyac5Wu5ujOemquhYW30ROnJ+cmcKCLWQxFBH0pAI9nwANEzqjfaMO6Vuz17Ydb3QML1iQEszhdd/SsuV067nrhEF+LTkFPBm5UcdLAyfsh50H784GnHRCS0a6RG4gQgIqHBPY9Ux3rRzUFEZVZazWiclT+Lise7VGE1VtZumAZ6nWpbDWfoXe3Nx3FgOO63U1EiecUJT3J4HVgNFR9UMA3tEssnySzXIGZzT7fA/HCRgUJ5O65IOIgE1vCO4Nelp9akKPQPOH8VcHcW37BlOngvFJhfzfiOKrWzsqPmXy84EbEmMdllqvhy4I8jUUUmQ8dUNBoD+wY6sJgFDZnRZICKlWsoBGEqTR4QoDIDrs7MrQ6a5h9wc7WBs3RFIdVdJBvqtOrpVDT3XgOxpT0T6WPpnKVyqOZbocUfp/FmOJ/l0Bmgu/9IQkWSscudv+FItb7ddtoWIiUGF1fy3XA98Bmj1NKfLepQiM1Fv3KmZhcOo2yeTsni2+N/nfL8BIWy49XRZfhD441qZwxMl2G7OaXPshkKGlae8eiBcUCy/Jx7X5g5ezZ8cje++Gk7z&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=shnl&hsimp=yhs-001&type=c11055dc37401dae4e47bebf3df&param1=IE&param2=4&param3=campaignID%3D983%26UserID%3D1010678482&param4=XPbueSzfBeG6K2MlxBpfEDPN+SxVpua8beXQzoS1GYKYX9iWjIAFEmvclWBbrhjndV++0pf457ScwisW9HijmBmjcGv8Wd2ZcSi8pfFEf6yohHlkCzLrSHN6HIqDGoDUuBNSyac5Wu5ujOemquhYW30ROnJ+cmcKCLWQxFBH0pAI9nwANEzqjfaMO6Vuz17Ydb3QML1iQEszhdd/SsuV067nrhEF+LTkFPBm5UcdLAyfsh50H784GnHRCS0a6RG4gQgIqHBPY9Ux3rRzUFEZVZazWiclT+Lise7VGE1VtZumAZ6nWpbDWfoXe3Nx3FgOO63U1EiecUJT3J4HVgNFR9UMA3tEssnySzXIGZzT7fA/HCRgUJ5O65IOIgE1vCO4Nelp9akKPQPOH8VcHcW37BlOngvFJhfzfiOKrWzsqPmXy84EbEmMdllqvhy4I8jUUUmQ8dUNBoD+wY6sJgFDZnRZICKlWsoBGEqTR4QoDIDrs7MrQ6a5h9wc7WBs3RFIdVdJBvqtOrpVDT3XgOxpT0T6WPpnKVyqOZbocUfp/FmOJ/l0Bmgu/9IQkWSscudv+FItb7ddtoWIiUGF1fy3XA98Bmj1NKfLepQiM1Fv3KmZhcOo2yeTsni2+N/nfL8BIWy49XRZfhD441qZwxMl2G7OaXPshkKGlae8eiBcUCy/Jx7X5g5ezZ8cje++Gk7z&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=shnl&hsimp=yhs-001&type=c11055dc37401dae4e47bebf3df&param1=IE&param2=4&param3=campaignID%3D983%26UserID%3D1010678482&param4=XPbueSzfBeG6K2MlxBpfEDPN+SxVpua8beXQzoS1GYKYX9iWjIAFEmvclWBbrhjndV++0pf457ScwisW9HijmBmjcGv8Wd2ZcSi8pfFEf6yohHlkCzLrSHN6HIqDGoDUuBNSyac5Wu5ujOemquhYW30ROnJ+cmcKCLWQxFBH0pAI9nwANEzqjfaMO6Vuz17Ydb3QML1iQEszhdd/SsuV067nrhEF+LTkFPBm5UcdLAyfsh50H784GnHRCS0a6RG4gQgIqHBPY9Ux3rRzUFEZVZazWiclT+Lise7VGE1VtZumAZ6nWpbDWfoXe3Nx3FgOO63U1EiecUJT3J4HVgNFR9UMA3tEssnySzXIGZzT7fA/HCRgUJ5O65IOIgE1vCO4Nelp9akKPQPOH8VcHcW37BlOngvFJhfzfiOKrWzsqPmXy84EbEmMdllqvhy4I8jUUUmQ8dUNBoD+wY6sJgFDZnRZICKlWsoBGEqTR4QoDIDrs7MrQ6a5h9wc7WBs3RFIdVdJBvqtOrpVDT3XgOxpT0T6WPpnKVyqOZbocUfp/FmOJ/l0Bmgu/9IQkWSscudv+FItb7ddtoWIiUGF1fy3XA98Bmj1NKfLepQiM1Fv3KmZhcOo2yeTsni2+N/nfL8BIWy49XRZfhD441qZwxMl2G7OaXPshkKGlae8eiBcUCy/Jx7X5g5ezZ8cje++Gk7z&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=shnl&hsimp=yhs-001&type=c11055dc37401dae4e47bebf3df&param1=IE&param2=4&param3=campaignID%3D983%26UserID%3D1010678482&param4=XPbueSzfBeG6K2MlxBpfEDPN+SxVpua8beXQzoS1GYKYX9iWjIAFEmvclWBbrhjndV++0pf457ScwisW9HijmBmjcGv8Wd2ZcSi8pfFEf6yohHlkCzLrSHN6HIqDGoDUuBNSyac5Wu5ujOemquhYW30ROnJ+cmcKCLWQxFBH0pAI9nwANEzqjfaMO6Vuz17Ydb3QML1iQEszhdd/SsuV067nrhEF+LTkFPBm5UcdLAyfsh50H784GnHRCS0a6RG4gQgIqHBPY9Ux3rRzUFEZVZazWiclT+Lise7VGE1VtZumAZ6nWpbDWfoXe3Nx3FgOO63U1EiecUJT3J4HVgNFR9UMA3tEssnySzXIGZzT7fA/HCRgUJ5O65IOIgE1vCO4Nelp9akKPQPOH8VcHcW37BlOngvFJhfzfiOKrWzsqPmXy84EbEmMdllqvhy4I8jUUUmQ8dUNBoD+wY6sJgFDZnRZICKlWsoBGEqTR4QoDIDrs7MrQ6a5h9wc7WBs3RFIdVdJBvqtOrpVDT3XgOxpT0T6WPpnKVyqOZbocUfp/FmOJ/l0Bmgu/9IQkWSscudv+FItb7ddtoWIiUGF1fy3XA98Bmj1NKfLepQiM1Fv3KmZhcOo2yeTsni2+N/nfL8BIWy49XRZfhD441qZwxMl2G7OaXPshkKGlae8eiBcUCy/Jx7X5g5ezZ8cje++Gk7z&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3655374664-1735676624-2911693723-1001 -> DefaultScope {bce42d98-b1cd-493f-a64c-107aae7521be} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=shnl&hsimp=yhs-001&type=c11055dc37401dae4e47bebf3df&param1=IE&param2=4&param3=campaignID%3D983%26UserID%3D1010678482&param4=XPbueSzfBeG6K2MlxBpfEDPN+SxVpua8beXQzoS1GYKYX9iWjIAFEmvclWBbrhjndV++0pf457ScwisW9HijmBmjcGv8Wd2ZcSi8pfFEf6yohHlkCzLrSHN6HIqDGoDUuBNSyac5Wu5ujOemquhYW30ROnJ+cmcKCLWQxFBH0pAI9nwANEzqjfaMO6Vuz17Ydb3QML1iQEszhdd/SsuV067nrhEF+LTkFPBm5UcdLAyfsh50H784GnHRCS0a6RG4gQgIqHBPY9Ux3rRzUFEZVZazWiclT+Lise7VGE1VtZumAZ6nWpbDWfoXe3Nx3FgOO63U1EiecUJT3J4HVgNFR9UMA3tEssnySzXIGZzT7fA/HCRgUJ5O65IOIgE1vCO4Nelp9akKPQPOH8VcHcW37BlOngvFJhfzfiOKrWzsqPmXy84EbEmMdllqvhy4I8jUUUmQ8dUNBoD+wY6sJgFDZnRZICKlWsoBGEqTR4QoDIDrs7MrQ6a5h9wc7WBs3RFIdVdJBvqtOrpVDT3XgOxpT0T6WPpnKVyqOZbocUfp/FmOJ/l0Bmgu/9IQkWSscudv+FItb7ddtoWIiUGF1fy3XA98Bmj1NKfLepQiM1Fv3KmZhcOo2yeTsni2+N/nfL8BIWy49XRZfhD441qZwxMl2G7OaXPshkKGlae8eiBcUCy/Jx7X5g5ezZ8cje++Gk7z&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3655374664-1735676624-2911693723-1001 -> {bce42d98-b1cd-493f-a64c-107aae7521be} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=shnl&hsimp=yhs-001&type=c11055dc37401dae4e47bebf3df&param1=IE&param2=4&param3=campaignID%3D983%26UserID%3D1010678482&param4=XPbueSzfBeG6K2MlxBpfEDPN+SxVpua8beXQzoS1GYKYX9iWjIAFEmvclWBbrhjndV++0pf457ScwisW9HijmBmjcGv8Wd2ZcSi8pfFEf6yohHlkCzLrSHN6HIqDGoDUuBNSyac5Wu5ujOemquhYW30ROnJ+cmcKCLWQxFBH0pAI9nwANEzqjfaMO6Vuz17Ydb3QML1iQEszhdd/SsuV067nrhEF+LTkFPBm5UcdLAyfsh50H784GnHRCS0a6RG4gQgIqHBPY9Ux3rRzUFEZVZazWiclT+Lise7VGE1VtZumAZ6nWpbDWfoXe3Nx3FgOO63U1EiecUJT3J4HVgNFR9UMA3tEssnySzXIGZzT7fA/HCRgUJ5O65IOIgE1vCO4Nelp9akKPQPOH8VcHcW37BlOngvFJhfzfiOKrWzsqPmXy84EbEmMdllqvhy4I8jUUUmQ8dUNBoD+wY6sJgFDZnRZICKlWsoBGEqTR4QoDIDrs7MrQ6a5h9wc7WBs3RFIdVdJBvqtOrpVDT3XgOxpT0T6WPpnKVyqOZbocUfp/FmOJ/l0Bmgu/9IQkWSscudv+FItb7ddtoWIiUGF1fy3XA98Bmj1NKfLepQiM1Fv3KmZhcOo2yeTsni2+N/nfL8BIWy49XRZfhD441qZwxMl2G7OaXPshkKGlae8eiBcUCy/Jx7X5g5ezZ8cje++Gk7z&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3655374664-1735676624-2911693723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03012020112139471 -> DefaultScope {bce42d98-b1cd-493f-a64c-107aae7521be} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=shnl&hsimp=yhs-001&type=c11055dc37401dae4e47bebf3df&param1=IE&param2=4&param3=campaignID%3D983%26UserID%3D1010678482&param4=XPbueSzfBeG6K2MlxBpfEDPN+SxVpua8beXQzoS1GYKYX9iWjIAFEmvclWBbrhjndV++0pf457ScwisW9HijmBmjcGv8Wd2ZcSi8pfFEf6yohHlkCzLrSHN6HIqDGoDUuBNSyac5Wu5ujOemquhYW30ROnJ+cmcKCLWQxFBH0pAI9nwANEzqjfaMO6Vuz17Ydb3QML1iQEszhdd/SsuV067nrhEF+LTkFPBm5UcdLAyfsh50H784GnHRCS0a6RG4gQgIqHBPY9Ux3rRzUFEZVZazWiclT+Lise7VGE1VtZumAZ6nWpbDWfoXe3Nx3FgOO63U1EiecUJT3J4HVgNFR9UMA3tEssnySzXIGZzT7fA/HCRgUJ5O65IOIgE1vCO4Nelp9akKPQPOH8VcHcW37BlOngvFJhfzfiOKrWzsqPmXy84EbEmMdllqvhy4I8jUUUmQ8dUNBoD+wY6sJgFDZnRZICKlWsoBGEqTR4QoDIDrs7MrQ6a5h9wc7WBs3RFIdVdJBvqtOrpVDT3XgOxpT0T6WPpnKVyqOZbocUfp/FmOJ/l0Bmgu/9IQkWSscudv+FItb7ddtoWIiUGF1fy3XA98Bmj1NKfLepQiM1Fv3KmZhcOo2yeTsni2+N/nfL8BIWy49XRZfhD441qZwxMl2G7OaXPshkKGlae8eiBcUCy/Jx7X5g5ezZ8cje++Gk7z&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3655374664-1735676624-2911693723-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03012020112139471 -> {bce42d98-b1cd-493f-a64c-107aae7521be} URL = hxxps://fr.search.yahoo.com/yhs/search?hspart=shnl&hsimp=yhs-001&type=c11055dc37401dae4e47bebf3df&param1=IE&param2=4&param3=campaignID%3D983%26UserID%3D1010678482&param4=XPbueSzfBeG6K2MlxBpfEDPN+SxVpua8beXQzoS1GYKYX9iWjIAFEmvclWBbrhjndV++0pf457ScwisW9HijmBmjcGv8Wd2ZcSi8pfFEf6yohHlkCzLrSHN6HIqDGoDUuBNSyac5Wu5ujOemquhYW30ROnJ+cmcKCLWQxFBH0pAI9nwANEzqjfaMO6Vuz17Ydb3QML1iQEszhdd/SsuV067nrhEF+LTkFPBm5UcdLAyfsh50H784GnHRCS0a6RG4gQgIqHBPY9Ux3rRzUFEZVZazWiclT+Lise7VGE1VtZumAZ6nWpbDWfoXe3Nx3FgOO63U1EiecUJT3J4HVgNFR9UMA3tEssnySzXIGZzT7fA/HCRgUJ5O65IOIgE1vCO4Nelp9akKPQPOH8VcHcW37BlOngvFJhfzfiOKrWzsqPmXy84EbEmMdllqvhy4I8jUUUmQ8dUNBoD+wY6sJgFDZnRZICKlWsoBGEqTR4QoDIDrs7MrQ6a5h9wc7WBs3RFIdVdJBvqtOrpVDT3XgOxpT0T6WPpnKVyqOZbocUfp/FmOJ/l0Bmgu/9IQkWSscudv+FItb7ddtoWIiUGF1fy3XA98Bmj1NKfLepQiM1Fv3KmZhcOo2yeTsni2+N/nfL8BIWy49XRZfhD441qZwxMl2G7OaXPshkKGlae8eiBcUCy/Jx7X5g5ezZ8cje++Gk7z&p={searchTerms}
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> Pas de fichier
FirewallRules: [{2B03C545-B44F-4869-9F64-F415C7EC2779}] => (Allow) C:\Users\edema\AppData\Local\Temp\7zS79CD\HPDiagnosticCoreUI.exe Pas de fichier
FirewallRules: [{CB9DD5C6-1B1C-4C1C-AA4B-AFCB30FC46C3}] => (Allow) C:\Users\edema\AppData\Local\Temp\7zS79CD\HPDiagnosticCoreUI.exe Pas de fichier
FirewallRules: [{96C82CB8-05F3-490C-B44E-84025C4AE044}] => (Allow) C:\Users\edema\AppData\Local\Temp\7zS46B8\HPDiagnosticCoreUI.exe Pas de fichier
FirewallRules: [{D7B0658A-F6ED-4827-AE12-8DC570CED2FB}] => (Allow) C:\Users\edema\AppData\Local\Temp\7zS46B8\HPDiagnosticCoreUI.exe Pas de fichier
FirewallRules: [{C2A6E407-9B80-4F65-939C-571BC02966F6}] => (Allow) C:\Users\edema\AppData\Local\Temp\7zS025F\HPDiagnosticCoreUI.exe Pas de fichier
FirewallRules: [{598DFD68-9B25-469F-8C14-CE686B9FDBCF}] => (Allow) C:\Users\edema\AppData\Local\Temp\7zS025F\HPDiagnosticCoreUI.exe Pas de fichier
FirewallRules: [{EB949A89-523B-4B4A-9D44-27759B5B93EE}] => (Allow) C:\Users\edema\AppData\Local\Temp\7zS11A0\HPDiagnosticCoreUI.exe Pas de fichier
FirewallRules: [{AADB3FBC-E866-448A-838D-D46030AB277E}] => (Allow) C:\Users\edema\AppData\Local\Temp\7zS11A0\HPDiagnosticCoreUI.exe Pas de fichier
DeleteValue: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION|ByteFence.exe
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|com.squirrel.Teams.Teams
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Chromium
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|Delete Cached Update Binary
DeleteValue: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|Delete Cached Standalone Update Binary
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{73755FDF-BD74-4820-9D97-15DEA30681F6}C:\program files (x86)\common files\oracle\java\javapath_target_623687890\java.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{79FC5763-4A28-4A2D-8A37-ADD3A53F9782}C:\program files (x86)\common files\oracle\java\javapath_target_623687890\java.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{9C5376F3-D284-4571-8E1A-063E1469FCC2}E:\frnt\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{700CF001-B6FA-487C-9C7A-F254E3E61320}E:\frnt\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{8B78B87D-39CC-40B1-A4C2-168A2A8A09B9}C:\program files (x86)\common files\oracle\java\javapath_target_623687890\java.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{2499C559-933C-4CFB-9CD4-0631F5F629EA}C:\program files (x86)\common files\oracle\java\javapath_target_623687890\java.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{257B1BE3-FF1F-4A31-BB53-AA76F253CF9A}C:\program files (x86)\common files\oracle\java\javapath_target_36315765\java.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{112CACBC-FED5-44C0-B1C9-AFE85158A8BA}C:\program files (x86)\common files\oracle\java\javapath_target_36315765\java.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{1961EBA3-C303-4C68-821A-A2C0998BF09F}E:\frnt\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{118BDF89-1317-419C-9C29-594CE00DB23B}E:\frnt\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{5CD5DC41-5B04-47FD-8F22-7E3B07316E6D}E:\frnt\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{CB30D065-9D1C-46A6-BD02-62708CC66013}E:\frnt\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{A187E022-468E-437B-B9BE-A239D59EFF74}C:\program files\java\jre1.8.0_181\bin\javaw.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{38374363-66EF-4CCE-978F-0C1A7C3A126F}C:\program files\java\jre1.8.0_181\bin\javaw.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{929B5698-2587-4E29-8691-841E37F031F0}C:\program files\java\jre1.8.0_181\bin\javaw.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{EC929B75-F3F8-4454-A440-6DE014CDC1C5}C:\program files\java\jre1.8.0_181\bin\javaw.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{1B232989-AC69-4027-87A0-62A704B0DFE2}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{2C8DDF7F-3AAB-4ED7-992B-4810D4102E4D}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_51\bin\javaw.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{9C1BF0B0-B8B4-4120-9C64-0C22C1353250}C:\program files (x86)\common files\oracle\java\javapath_target_36315765\java.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{EF972365-D4BA-4793-A702-27BAFECF9651}C:\program files (x86)\common files\oracle\java\javapath_target_36315765\java.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{88F92995-DE8B-44C1-8D71-9167511D2668}D:\fortnite gautier\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{5687DB4F-B764-442C-906D-CCCB5784394A}D:\fortnite gautier\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{631E24AF-2F52-4BEA-8058-41BA5F702F1C}D:\fortnite gautier\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{4A3D509F-6046-4634-B1A9-3F1A50DEE358}D:\fortnite gautier\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{5F54306F-FC86-4872-A397-D3A31F28104E}D:\program files\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{C19EF2AD-2F98-4AA0-B840-6D65EA01763B}D:\program files\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{C2CCD2E0-1B0A-4052-BD5D-5ED154F1FDEB}D:\program files\runtime\jre-x64\1.8.0_25\bin\javaw.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{E0616F7A-CA4D-4B69-BF6D-EC05884B3D1B}D:\program files\runtime\jre-x64\1.8.0_25\bin\javaw.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E3AC2353-DBFF-498B-B80E-C2FE952A61A5}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{4D158AA0-F605-43BC-BCE8-9C640B559F19}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{1FD7A556-3334-4B04-8EDC-CB47614E77A0}C:\program files (x86)\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B5C1B4C7-45FC-4870-ACFE-89AFF35AB725}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{B8488A3F-2F74-4158-835A-0926485642D5}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{6A21756C-6E1B-4ED6-B6FC-54219FB3B1CF}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{5AD68BA7-789E-4314-BDFA-CBB3374D8FA1}C:\program files (x86)\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{585A0F04-2307-4503-8A83-EFFDA9D01A2A}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{29BCE1CA-B3B5-4B67-BC1B-3B354FD7227C}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{C0299397-752D-448A-AFFE-C146C2C5B7DD}E:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{D954A9FB-B142-4575-9300-9D2F338063E5}E:\fortnite\fortnitegame\binaries\win64\fortniteclient-win64-shipping.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{53C7F232-21C6-4D9E-8725-CED7BB4CD07A}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{D4E11927-6CD8-4584-B323-CA71D6F20BF4}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{B7DC4849-397E-4952-B63A-A5898017CEDD}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{D43750D5-00B2-45B7-9B56-8FD199960FD7}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{842FFD54-A4F7-4433-8989-28720651DC27}D:\program files\runtime\jre-x64\1.8.0_25\bin\javaw.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{CDCD4C9F-F92C-404C-8E36-FD4A956CB529}D:\program files\runtime\jre-x64\1.8.0_25\bin\javaw.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{8A63B663-E4E3-4BB5-9A61-B6A3D323C234}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{66F6C265-810E-4559-BCD6-2AC73639FEF6}C:\program files (x86)\java\jre1.8.0_161\bin\javaw.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{8FB83B80-8DE2-49D8-B3C3-D74992071552}C:\programdata\oracle\java\javapath_target_761880328\java.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{630F5ECB-169D-4DEF-BC40-007020B6469B}C:\programdata\oracle\java\javapath_target_761880328\java.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{6A31CECA-91C0-419E-939C-06AE060FAF2E}C:\programdata\oracle\java\javapath_target_761880328\java.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{13FA4A2A-8245-45C0-8477-CAD1FB14D7EF}C:\programdata\oracle\java\javapath_target_761880328\java.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{E638BD95-0694-4297-8A42-DD3B300F14CF}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{3B3F338C-3A59-4AA4-B2EF-94D0C2F49DDA}D:\program files\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{43FE2BCE-E4D5-42EC-9937-0719CE5A3235}D:\program files\epic games\launcher\portal\binaries\win32\epicgameslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|TCP Query User{F43A0F04-191E-493F-8B7D-713E06E1788B}D:\program files\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|UDP Query User{A48666D8-AEE0-4709-8CD3-6DABCCB1E8EB}D:\program files\epic games\launcher\portal\binaries\win64\epicgameslauncher.exe
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{DC0ADC3A-80B8-4DA0-8288-0B7EBC231851}
DeleteValue: HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{194D9313-2BD8-4F7D-BA1F-910D964EE441}
DeleteKey: HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\WinRAR32
DeleteKey: HKLM\Software\Classes\CLSID\{B41DB860-8EE4-11D2-9906-E49FADC173CA}
DeleteKey: HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\WinRAR32
EmptyTemp:
end::



Corrige et heberge le rapport fixlog

@+
#201467
Salut Tinou

ceci maintenant

Télécharge ZHPCleaner de Nicolas Coolman sur ton bureau

https://www.sosvirus.net/telecharger/zhpcleaner/


Faire un click droit sur zhpcleaner


execute le en tant qu'administrateur

1/ ouvrir les options et tout cocher

Image


Image


Mode Scanner




Image


Le rapport se trouve sur ton bureau et

dans ton dossier utilisateur « %AppData% /ZHP »

ZHPCleaner (S).txt ---> Pour le rapport de Scan (Recherche)


héberger le rapport sur www.cjoint.com/ si volumineux

@+ Didier
#201502
Hello DID
C est bizarre : ça fait plusieurs fois que je te réponds et mon message semble disparaitre du forum.

Ci joint le rapport Maleware d'hier :

Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'événement de protection: 03/03/2020
Heure de l'événement de protection: 09:00
Fichier journal: 05bdc46f-5d25-11ea-b358-54e1ad8f8b72.json

-Informations du logiciel-
Version: 4.0.4.49
Version de composants: 1.0.823
Version de pack de mise à jour: 1.0.20150
Licence: Premium

-Informations système-
Système d'exploitation: Windows 10 (Build 18362.657)
Processeur: x64
Système de fichiers: NTFS
Utilisateur: System

-Détails du site Web bloqué-
Site Web malveillant: 1
, C:\Users\edema\AppData\Roaming\Cosekasonab.exe, Bloqué, -1, -1, 0.0.0

-Données du site Web-
Catégorie: Cheval de Troie
Domaine: d1pobxbdnb8vsp.cloudfront.net
Adresse IP: 13.225.29.156
Port: 80
Type: En sortie
Fichier: C:\Users\edema\AppData\Roaming\Cosekasonab.exe

(end)

Egalement le rapport de ce matin :
Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'analyse: 04/03/2020
Heure de l'analyse: 02:02
Fichier journal: c72e6264-5db3-11ea-a9b4-54e1ad8f8b72.json

-Informations du logiciel-
Version: 4.0.4.49
Version de composants: 1.0.823
Version de pack de mise à jour: 1.0.20182
Licence: Premium

-Informations système-
Système d'exploitation: Windows 10 (Build 18362.657)
Processeur: x64
Système de fichiers: NTFS
Utilisateur: System

-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Analyse lancée par: Planificateur
Résultat: Terminé
Objets analysés: 334460
Menaces détectées: 21
Menaces mises en quarantaine: 0
Temps écoulé: 7 min, 37 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Détection
PUM: Détection

-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)

Module: 0
(Aucun élément malveillant détecté)

Clé du registre: 1
PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{14E9FC29-4469-2DA9-F5E9-5D2925698EA9}, Aucune action de l'utilisateur, 871, 542290, , , ,

Valeur du registre: 0
(Aucun élément malveillant détecté)

Données du registre: 0
(Aucun élément malveillant détecté)

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 2
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove, Aucune action de l'utilisateur, 871, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\USERS\EDEMA\APPDATA\LOCAL\{150F2353-31A7-4FEB-5C3F-6A037857969B}, Aucune action de l'utilisateur, 871, 542290, 1.0.20182, , ame,

Fichier: 18
PUP.Optional.WinYahoo.TskLnk, C:\USERS\EDEMA\APPDATA\ROAMING\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk, Aucune action de l'utilisateur, 871, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\USERS\EDEMA\APPDATA\LOCAL\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HOWTOREMOVE\HOWTOREMOVE.HTML, Aucune action de l'utilisateur, 871, 542290, 1.0.20182, , ame,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\chromium-min.jpg, Aucune action de l'utilisateur, 871, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\control panel-min-min.JPG, Aucune action de l'utilisateur, 871, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\down.png, Aucune action de l'utilisateur, 871, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\ff menu.JPG, Aucune action de l'utilisateur, 871, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\ff search engine-min.png, Aucune action de l'utilisateur, 871, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\hp-min ff.png, Aucune action de l'utilisateur, 871, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\hp-min ie.png, Aucune action de l'utilisateur, 871, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\search engine.gif, Aucune action de l'utilisateur, 871, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\setup pages.gif, Aucune action de l'utilisateur, 871, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\sp-min.png, Aucune action de l'utilisateur, 871, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\start-min.jpg, Aucune action de l'utilisateur, 871, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\up.png, Aucune action de l'utilisateur, 871, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\fenedo, Aucune action de l'utilisateur, 871, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\fodeco, Aucune action de l'utilisateur, 871, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\uninst.exe, Aucune action de l'utilisateur, 871, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\uninstp.dat, Aucune action de l'utilisateur, 871, 542290, , , ,

Secteur physique: 0
(Aucun élément malveillant détecté)

WMI: 0
(Aucun élément malveillant détecté)


(end)
#201526
Salut Did
Sorry for the delay

Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'analyse: 05/03/2020
Heure de l'analyse: 02:02
Fichier journal: ee9c30c8-5e7c-11ea-b7bf-54e1ad8f8b72.json

-Informations du logiciel-
Version: 4.1.0.56
Version de composants: 1.0.835
Version de pack de mise à jour: 1.0.20232
Licence: Premium

-Informations système-
Système d'exploitation: Windows 10 (Build 18362.657)
Processeur: x64
Système de fichiers: NTFS
Utilisateur: System

-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Analyse lancée par: Planificateur
Résultat: Terminé
Objets analysés: 334643
Menaces détectées: 21
Menaces mises en quarantaine: 21
Temps écoulé: 6 min, 22 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Détection
PUM: Détection

-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)

Module: 0
(Aucun élément malveillant détecté)

Clé du registre: 1
PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{14E9FC29-4469-2DA9-F5E9-5D2925698EA9}, En quarantaine, 872, 542290, , , ,

Valeur du registre: 0
(Aucun élément malveillant détecté)

Données du registre: 0
(Aucun élément malveillant détecté)

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 2
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove, En quarantaine, 872, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\USERS\EDEMA\APPDATA\LOCAL\{150F2353-31A7-4FEB-5C3F-6A037857969B}, En quarantaine, 872, 542290, 1.0.20232, , ame,

Fichier: 18
PUP.Optional.WinYahoo.TskLnk, C:\USERS\EDEMA\APPDATA\ROAMING\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk, En quarantaine, 872, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\USERS\EDEMA\APPDATA\LOCAL\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HOWTOREMOVE\HOWTOREMOVE.HTML, En quarantaine, 872, 542290, 1.0.20232, , ame,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\chromium-min.jpg, En quarantaine, 872, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\control panel-min-min.JPG, En quarantaine, 872, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\down.png, En quarantaine, 872, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\ff menu.JPG, En quarantaine, 872, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\ff search engine-min.png, En quarantaine, 872, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\hp-min ff.png, En quarantaine, 872, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\hp-min ie.png, En quarantaine, 872, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\search engine.gif, En quarantaine, 872, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\setup pages.gif, En quarantaine, 872, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\sp-min.png, En quarantaine, 872, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\start-min.jpg, En quarantaine, 872, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\HowToRemove\up.png, En quarantaine, 872, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\fenedo, En quarantaine, 872, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\fodeco, En quarantaine, 872, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\uninst.exe, En quarantaine, 872, 542290, , , ,
PUP.Optional.WinYahoo.TskLnk, C:\Users\edema\AppData\Local\{150F2353-31A7-4FEB-5C3F-6A037857969B}\uninstp.dat, En quarantaine, 872, 542290, , , ,

Secteur physique: 0
(Aucun élément malveillant détecté)

WMI: 0
(Aucun élément malveillant détecté)


(end)
#201532
Salut tinou

ceci stp

Image AdliceDiag

Ici

Choisir la version voulue
  • Installer 32/64 bits

    Portable 32 bits

    Portable 64 bits
Image

Laissez les Paramétres par défaut

Image

Scannez

Ala fin du scan cliques sur le bouton results

puis sur le bouton Rapport

tu vas obtenir cet ecran

Image


onglet upload/suppressioncloud

assigner le helper did80

bouton Uploader

Tu vas obtenir un lien Permalink en bas de l'écran a me fournir
#201550
Salut Tinou

tu peux analyser sur www.virustotal.com/

tes fichiers

C:\Users\edema\AppData\Local\Sogurekopud\Rilupe.exe
C:\Users\edema\AppData\Local\1d5b3bb65e8ca8837b9876e5bcdb2584\dogekeseca.exe

donne moi les 2 rapports

http://zupimages.net/up/17/30/amtx.png[

didier
#201575
:hello: DID

Désolé, les deux fichiers que tu me demandent n'existent pas / plus dans les répertoires précités.

10 éléments nouveaux detectés hier par Maleware et mis en quarantaine. J ai l'impression que ces fichiers se trouvent dedans

Malwarebytes
www.malwarebytes.com

-Détails du journal-
Date de l'analyse: 07/03/2020
Heure de l'analyse: 11:20
Fichier journal: 4083a6fa-605d-11ea-b4a8-54e1ad8f8b72.json

-Informations du logiciel-
Version: 4.1.0.56
Version de composants: 1.0.835
Version de pack de mise à jour: 1.0.20352
Licence: Premium

-Informations système-
Système d'exploitation: Windows 10 (Build 18362.657)
Processeur: x64
Système de fichiers: NTFS
Utilisateur: System

-Résumé de l'analyse-
Type d'analyse: Analyse des menaces
Analyse lancée par: Planificateur
Résultat: Terminé
Objets analysés: 334696
Menaces détectées: 10
Menaces mises en quarantaine: 10
Temps écoulé: 19 min, 19 s

-Options d'analyse-
Mémoire: Activé
Démarrage: Activé
Système de fichiers: Activé
Archives: Activé
Rootkits: Désactivé
Heuristique: Activé
PUP: Détection
PUM: Détection

-Détails de l'analyse-
Processus: 0
(Aucun élément malveillant détecté)

Module: 0
(Aucun élément malveillant détecté)

Clé du registre: 6
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\dogekeseca\{1D5B3BB6-5E8C-A883-7B98-76E5BCDB2584}, En quarantaine, 0, 392686, , , ,
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FBC074F4-CAF1-4A3F-9AB2-CFC3B85A3634}, En quarantaine, 0, 392686, , , ,
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{FBC074F4-CAF1-4A3F-9AB2-CFC3B85A3634}, En quarantaine, 0, 392686, , , ,
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{11279480-CCB7-C18F-C20E-41B8A20580B4}\Rilupe, En quarantaine, 0, 392686, , , ,
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0AC57BD3-9C0A-4510-8815-F91DA7D582AB}, En quarantaine, 0, 392686, , , ,
Generic.Malware/Suspicious, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{0AC57BD3-9C0A-4510-8815-F91DA7D582AB}, En quarantaine, 0, 392686, , , ,

Valeur du registre: 0
(Aucun élément malveillant détecté)

Données du registre: 0
(Aucun élément malveillant détecté)

Flux de données: 0
(Aucun élément malveillant détecté)

Dossier: 0
(Aucun élément malveillant détecté)

Fichier: 4
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\dogekeseca\{1D5B3BB6-5E8C-A883-7B98-76E5BCDB2584}, En quarantaine, 0, 392686, , , ,
Generic.Malware/Suspicious, C:\USERS\EDEMA\APPDATA\LOCAL\1D5B3BB65E8CA8837B9876E5BCDB2584\DOGEKESECA.EXE, En quarantaine, 0, 392686, 1.0.20352, , shuriken,
Generic.Malware/Suspicious, C:\WINDOWS\SYSTEM32\TASKS\{11279480-CCB7-C18F-C20E-41B8A20580B4}\Rilupe, En quarantaine, 0, 392686, , , ,
Generic.Malware/Suspicious, C:\USERS\EDEMA\APPDATA\LOCAL\SOGUREKOPUD\RILUPE.EXE, En quarantaine, 0, 392686, 1.0.20352, , shuriken,

Secteur physique: 0
(Aucun élément malveillant détecté)

WMI: 0
(Aucun élément malveillant détecté)


(end)
#201611
Je n'ai pas lancé de désinfection volontaire.

Date de l'analyse: 07/03/2020
Heure de l'analyse: 11:20
Fichier journal: 4083a6fa-605d-11ea-b4a8-54e1ad8f8b72.json

le 6 je demandais adlicediag

tu as lancé malwarebytes seul

consignes non suivies

Configurez la redirection de port sur votre Freebo[…]

Willy

Hi there! I’ve always been passionate about […]

Merci pour la réponse ;) Pour verifier […]

Hello Ça me semble complexe, avez vous e[…]