Sujet Précédent Sujet Suivant

Supprimer remote destok access, omiga plus, winservice 86

Résolu/Fermé
estelle91240 Messages postés 16 Date d'inscription vendredi 12 août 2011 Statut Membre Dernière intervention 26 janvier 2015 - Modifié par Malekal_morte- le 18/01/2015 à 18:21
LeTech67 Messages postés 6 Date d'inscription vendredi 27 février 2015 Statut Membre Dernière intervention 2 mars 2015 - 27 févr. 2015 à 20:56
Bonjour,

Depuis un peu plus d'une semaine, j'ai quelques logiciels qui se téléchargent tous seuls, comme remote destok access, omiga plus, winservice 86, my pc back up, any protect. J'ai essayé de les désinstaller mais rien n'y fait ils se retéléchargent. Est ce que quelqu'un pourrait me donner un solution simple et rapide s'il vous plait

Merci de vos réponses
A voir également:

8 réponses

Réponse 1 / 8
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
18 janv. 2015 à 18:21
Salut,

Tu as installé des adwares et programmes parasites sur ton PC qui ouvrent des publicités et ralentissent l'ordinateur et les navigateurs WEB.
Voici la procédure à suivre pour les supprimer :

Commence par ceci :

Suis le tutorial AdwCleaner https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= ( d'Xplode )
Télécharge le sur ton bureau ou dossier de téléchargement.
Lance AdwCleaner, clique sur [Scanner].
L'analyse peux durer plusieurs minutes, patiente.
Une fois le scan terminé, ne décoche rien, clique sur [Nettoyer]

Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.

Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt


puis :

Suis ce tutoriel FRST: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
Cela va générer trois rapports FRST :
* FRST.txt
* Shortcut.txt
* Additionnal.txt

Envoie comme expliqué, ces trois rapports sur le site pjjoint et donne les trois liens pjjoint de ces rapports afin qu'ils puissent être consultés.



0
estelle91240 Messages postés 16 Date d'inscription vendredi 12 août 2011 Statut Membre Dernière intervention 26 janvier 2015 1
20 janv. 2015 à 19:11
voilà le rapport d'adwcleaner : # AdwCleaner v4.108 - Rapport créé le 20/01/2015 à 18:56:34
# Mis à jour le 17/01/2015 par Xplode
# Database : 2015-01-18.1 [Live]
# Système d'exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
# Nom d'utilisateur : estelle - ESTELLE-PC
# Exécuté depuis : C:\Users\estelle\Downloads\AdwCleaner-4.108.exe
# Option : Nettoyer

***** [ Services ] *****

Service Supprimé : BackupStack
[#] Service Supprimé : globalUpdate
[#] Service Supprimé : globalUpdatem
Service Supprimé : WindowsMangerProtect
Service Supprimé : IHProtect Service
Service Supprimé : serverca

***** [ Fichiers / Dossiers ] *****

Dossier Supprimé : C:\ProgramData\WindowsMangerProtect
Dossier Supprimé : C:\ProgramData\MailUpdate
Dossier Supprimé : C:\ProgramData\IHProtectUpDate
Dossier Supprimé : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Dossier Supprimé : C:\Program Files (x86)\AnyProtectEx
Dossier Supprimé : C:\Program Files (x86)\globalUpdate
Dossier Supprimé : C:\Program Files (x86)\MyPC Backup
Dossier Supprimé : C:\Program Files (x86)\SupTab
Dossier Supprimé : C:\Program Files (x86)\winservice86
Dossier Supprimé : C:\Program Files (x86)\XTab
Dossier Supprimé : C:\Program Files (x86)\ver4BlockAndSurf
Dossier Supprimé : C:\Program Files (x86)\gmsd_fr_108
Dossier Supprimé : C:\Users\estelle\AppData\Local\ConvertAd
Dossier Supprimé : C:\Users\estelle\AppData\Local\globalUpdate
Dossier Supprimé : C:\Users\estelle\AppData\Local\ZombieNews
Dossier Supprimé : C:\Users\estelle\AppData\Local\SmartWeb
Dossier Supprimé : C:\Users\estelle\AppData\Local\gmsd_fr_108
Dossier Supprimé : C:\Users\estelle\AppData\LocalLow\SmartWeb
Dossier Supprimé : C:\Users\estelle\AppData\Roaming\AnyProtectEx
Dossier Supprimé : C:\Users\estelle\AppData\Roaming\cacaoweb
Dossier Supprimé : C:\Users\estelle\AppData\Roaming\omiga-plus
Dossier Supprimé : C:\Users\estelle\AppData\Roaming\VOPackage
Dossier Supprimé : C:\Users\estelle\AppData\Roaming\MailUpdate
Dossier Supprimé : C:\Users\estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Dossier Supprimé : C:\Users\estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Dossier Supprimé : C:\Users\estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Dossier Supprimé : C:\Users\estelle\AppData\Roaming\Mozilla\Firefox\Profiles\a4qkpprg.default\Extensions\cacaoweb@cacaoweb.org
Dossier Supprimé : C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhnlfcnabnbokbggfmmbanomoegfmhba
/!\ Non Supprimé ( Junction ) : C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhnlfcnabnbokbggfmmbanomoegfmhba
Fichier Supprimé : C:\Users\estelle\AppData\Local\Temp\Uninstall.exe
Fichier Supprimé : C:\Users\estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Fichier Supprimé : C:\Users\estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SmartWeb.lnk
Fichier Supprimé : C:\Users\estelle\Desktop\AnyProtect.lnk
Fichier Supprimé : C:\Users\estelle\Desktop\cacaoweb.exe
Fichier Supprimé : C:\Users\estelle\Desktop\Continue Live Installation.lnk
Fichier Supprimé : C:\Users\estelle\Desktop\MyPC Backup.lnk
Fichier Supprimé : C:\Users\estelle\Desktop\Sync Folder.lnk
Fichier Supprimé : C:\Users\estelle\AppData\Roaming\Mozilla\Firefox\Profiles\a4qkpprg.default\user.js
Fichier Supprimé : C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Fichier Supprimé : C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Fichier Supprimé : C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Fichier Supprimé : C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
Fichier Supprimé : C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Fichier Supprimé : C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Fichier Supprimé : C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
Fichier Supprimé : C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
Fichier Supprimé : C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage
Fichier Supprimé : C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal

***** [ Tâches planifiées ] *****

Tâche Supprimée : APSnotifierPP1
Tâche Supprimée : APSnotifierPP2
Tâche Supprimée : APSnotifierPP3
Tâche Supprimée : BlockAndSurf Update
Tâche Supprimée : globalUpdateUpdateTaskMachineCore
Tâche Supprimée : globalUpdateUpdateTaskMachineUA
Tâche Supprimée : LaunchSignup
Tâche Supprimée : SmartWeb Upgrade Trigger Task
Tâche Supprimée : 702c4bc3-b4a4-403d-902d-435e44c70b6d-1
Tâche Supprimée : 702c4bc3-b4a4-403d-902d-435e44c70b6d-12
Tâche Supprimée : 702c4bc3-b4a4-403d-902d-435e44c70b6d-2
Tâche Supprimée : 702c4bc3-b4a4-403d-902d-435e44c70b6d-5
Tâche Supprimée : 702c4bc3-b4a4-403d-902d-435e44c70b6d-5_user
Tâche Supprimée : 702c4bc3-b4a4-403d-902d-435e44c70b6d-6
Tâche Supprimée : 702c4bc3-b4a4-403d-902d-435e44c70b6d-7
Tâche Supprimée : 768bd328-465d-467d-b8e3-7dfd665cd347-1
Tâche Supprimée : 768bd328-465d-467d-b8e3-7dfd665cd347-12
Tâche Supprimée : 768bd328-465d-467d-b8e3-7dfd665cd347-2
Tâche Supprimée : 768bd328-465d-467d-b8e3-7dfd665cd347-5
Tâche Supprimée : 768bd328-465d-467d-b8e3-7dfd665cd347-5_user
Tâche Supprimée : 768bd328-465d-467d-b8e3-7dfd665cd347-6
Tâche Supprimée : 768bd328-465d-467d-b8e3-7dfd665cd347-7
Tâche Supprimée : 96e1f90a-b093-42e1-b7bb-db82e2740f78-1
Tâche Supprimée : 96e1f90a-b093-42e1-b7bb-db82e2740f78-12
Tâche Supprimée : 96e1f90a-b093-42e1-b7bb-db82e2740f78-2
Tâche Supprimée : 96e1f90a-b093-42e1-b7bb-db82e2740f78-5
Tâche Supprimée : 96e1f90a-b093-42e1-b7bb-db82e2740f78-5_user
Tâche Supprimée : 96e1f90a-b093-42e1-b7bb-db82e2740f78-6
Tâche Supprimée : 96e1f90a-b093-42e1-b7bb-db82e2740f78-7

***** [ Raccourcis ] *****

Raccourci Désinfecté : C:\Users\Public\Desktop\Google Chrome.lnk
Raccourci Désinfecté : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Raccourci Désinfecté : C:\Users\estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Raccourci Désinfecté : C:\Users\estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Raccourci Désinfecté : C:\Users\estelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Raccourci Désinfecté : C:\Users\estelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Raccourci Désinfecté : C:\Users\estelle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk

***** [ Registre ] *****

Valeur Supprimée : HKCU\Software\Mozilla\Firefox\Extensions [{DACC7D21-88D3-8701-79DB-50B30225DE6E}]
Valeur Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [cacaoweb]
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Clé Supprimée : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Clé Supprimée : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Clé Supprimée : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Valeur Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_fr_108]
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Clé Supprimée : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{F0583F65-1649-E298-C76A-1087A3CD9B79}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611471155}
Clé Supprimée : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622472255}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655475555}
Clé Supprimée : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666476655}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Clé Supprimée : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440644474455}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0583F65-1649-E298-C76A-1087A3CD9B79}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611471155}
Clé Supprimée : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611471155}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0625e594-dcff-4ec9-b5a4-c75ad9ded4da}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08051233-3a84-48b8-8ac4-38214d747544}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20eaf7e6-6c63-4c44-92a6-07949ce5abce}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{256b6019-de12-4cc1-a693-d7ef553fced2}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dc64803-aac5-4cd7-a012-63a86baebbc9}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{347055ce-e082-43db-a7a5-b0cefe4b3b54}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{364d6f6e-76e5-4fc0-abc3-c70971b91ba4}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{365e7d9b-c8fb-4a5f-af8a-821305191493}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39a5cf05-c258-4697-aeff-fae7a5ee793f}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{407b900b-46c1-47c8-91e2-1312d656f9ab}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54f7a270-9c3f-4a9d-a87a-f4b28becd25f}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5aa9534b-81ff-4db8-b99d-40e6491798e4}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6498641f-f849-4e92-994c-45083ae21a3f}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76d838ae-769d-4baa-a23b-085cddcffa9f}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7b6f2b8e-3326-4cf2-8336-49248b2f2a46}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a010b825-e07f-4ebe-a445-db2d29c279d9}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cbd98764-c071-41bb-8713-54db18d3bc0c}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ce63f78a-dcce-4127-ab0e-e0776cbcbf5f}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d26b5519-3f30-4fd4-8068-34ad221ab9a6}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d2ef5b14-cda0-4ee8-b033-14f4ba210f0e}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d71c3d9c-3d97-4ab9-8087-a7ed4dce4f59}
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e150f52d-2ada-4aa3-9eb6-c33be077d78e}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{F0583F65-1649-E298-C76A-1087A3CD9B79}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611471155}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622472255}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655475555}
Clé Supprimée : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666476655}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0583F65-1649-E298-C76A-1087A3CD9B79}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611471155}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0625e594-dcff-4ec9-b5a4-c75ad9ded4da}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{08051233-3a84-48b8-8ac4-38214d747544}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20eaf7e6-6c63-4c44-92a6-07949ce5abce}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{256b6019-de12-4cc1-a693-d7ef553fced2}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2dc64803-aac5-4cd7-a012-63a86baebbc9}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{347055ce-e082-43db-a7a5-b0cefe4b3b54}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{364d6f6e-76e5-4fc0-abc3-c70971b91ba4}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{365e7d9b-c8fb-4a5f-af8a-821305191493}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{39a5cf05-c258-4697-aeff-fae7a5ee793f}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{407b900b-46c1-47c8-91e2-1312d656f9ab}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{54f7a270-9c3f-4a9d-a87a-f4b28becd25f}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5aa9534b-81ff-4db8-b99d-40e6491798e4}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6498641f-f849-4e92-994c-45083ae21a3f}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76d838ae-769d-4baa-a23b-085cddcffa9f}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7b6f2b8e-3326-4cf2-8336-49248b2f2a46}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a010b825-e07f-4ebe-a445-db2d29c279d9}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{cbd98764-c071-41bb-8713-54db18d3bc0c}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ce63f78a-dcce-4127-ab0e-e0776cbcbf5f}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d26b5519-3f30-4fd4-8068-34ad221ab9a6}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d2ef5b14-cda0-4ee8-b033-14f4ba210f0e}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d71c3d9c-3d97-4ab9-8087-a7ed4dce4f59}
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{e150f52d-2ada-4aa3-9eb6-c33be077d78e}
Donnée Restaurée : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SAFARI.EXE\shell\open\command
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Clé Supprimée : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
Clé Supprimée : HKCU\Software\AnyProtect
Clé Supprimée : HKCU\Software\cacaoweb
Clé Supprimée : HKCU\Software\GlobalUpdate
Clé Supprimée : HKCU\Software\InstalledBrowserExtensions
Clé Supprimée : HKCU\Software\Tutorials
Clé Supprimée : HKCU\Software\TutoTag
Clé Supprimée : HKCU\Software\winservice86-nv
Clé Supprimée : HKCU\Software\AppDataLow\Software\BlockAndSurf
Clé Supprimée : HKCU\Software\AppDataLow\Software\Crossrider
Clé Supprimée : HKCU\Software\AppDataLow\Software\winservice86
Clé Supprimée : HKCU\Software\AppDataLow\Software\SmartWeb
Clé Supprimée : HKLM\SOFTWARE\GlobalUpdate
Clé Supprimée : HKLM\SOFTWARE\InstalledBrowserExtensions
Clé Supprimée : HKLM\SOFTWARE\omiga-plusSoftware
Clé Supprimée : HKLM\SOFTWARE\SupDp
Clé Supprimée : HKLM\SOFTWARE\SupTab
Clé Supprimée : HKLM\SOFTWARE\supWindowsMangerProtect
Clé Supprimée : HKLM\SOFTWARE\Tutorials
Clé Supprimée : HKLM\SOFTWARE\winservice86-nv
Clé Supprimée : HKLM\SOFTWARE\winservice86
Clé Supprimée : HKLM\SOFTWARE\GAMESDESKTOP
Clé Supprimée : HKLM\SOFTWARE\IHProtect
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\winservice86
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ConvertAd
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\D3B3AEBF-2B63-DFDC-6BFF-14AEE576EC6C
Clé Supprimée : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_fr_108_is1
Clé Supprimée : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Clé Supprimée : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup

***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17496

Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Paramètre Restauré : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Paramètre Restauré : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Paramètre Restauré : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v7.0.1 (fr)


-\\ Google Chrome v29.0.1547.76


*************************

AdwCleaner[R0].txt - [101913 octets] - [21/12/2014 19:03:17]
AdwCleaner[R1].txt - [16683 octets] - [16/01/2015 20:11:32]
AdwCleaner[R2].txt - [9137 octets] - [16/01/2015 20:11:55]
AdwCleaner[R3].txt - [26239 octets] - [20/01/2015 18:45:57]
AdwCleaner[S0].txt - [98249 octets] - [21/12/2014 19:09:00]
AdwCleaner[S1].txt - [15105 octets] - [16/01/2015 20:18:07]
AdwCleaner[S2].txt - [24060 octets] - [20/01/2015 18:56:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [24121 octets] ##########
0
estelle91240 Messages postés 16 Date d'inscription vendredi 12 août 2011 Statut Membre Dernière intervention 26 janvier 2015 1
20 janv. 2015 à 20:40
les trois autres liens
-https://pjjoint.malekal.com/files.php?id=FRST_20150120_v65z14d10z14
-https://pjjoint.malekal.com/files.php?id=20150120_r12i8r1211c12
-https://pjjoint.malekal.com/files.php?id=20150120_c8r10x514r9

Que dois-je faire maintenant ?
0
LeTech67 Messages postés 6 Date d'inscription vendredi 27 février 2015 Statut Membre Dernière intervention 2 mars 2015
27 févr. 2015 à 20:56
Allo, jai aussi le même problème et voici le lien du rapport

https://pjjoint.malekal.com/files.php?id=20150227_z9b14t8i14p12

S.v.p. aidez moi.
Merci
0
Réponse 2 / 8
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
20 janv. 2015 à 23:17
Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :


HKLM-x32\...\Run: [SmartWeb] => C:\Users\estelle\AppData\Local\SmartWeb\SmartWebHelper.exe
Startup: C:\Users\estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54065;https=127.0.0.1:54065 [Attention - Possible Proxy Malicieux]
BHO: winservice86 -> {11111111-1111-1111-1111-110611471155} -> C:\Program Files (x86)\winservice86\winservice86-bho64.dll (Corporate Inc)
BHO-x32: winservice86 -> {11111111-1111-1111-1111-110611471155} -> C:\Program Files (x86)\winservice86\winservice86-bho.dll (Corporate Inc)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
CHR Extension: (winservice86) - C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\onhcengeacabehdkdhbdcigfolmmakof [2015-01-06]
CHR Extension: (Amazon for Chrome) - C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2013-04-17]
CHR Extension: (Smart Display) - C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbpohikckhbcljgombipcdoinkaedlfa [2013-04-17]
CHR HKLM-x32\...\Chrome\Extension: [gfkbfjcbkhnmiignagpkiijohkcdkffb] - No Path
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION
R2 ifRplrOV; C:\ProgramData\skFeoI\ifRplrOV.exe [2726256 2014-12-21] (Time Lapse Solutions)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-20] (SysTool PasSame LIMITED) [File not signed]
R2 webinstrNHKT; C:\Windows\system32\Drivers\webinstrNHKT.sys [56432 2015-01-18] (Corsica)
2015-01-20 19:29 - 2015-01-20 19:29 - 00004022 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-01-20 19:29 - 2015-01-20 19:29 - 00001978 _____ () C:\Users\estelle\Desktop\Sync Folder.lnk
2015-01-20 19:28 - 2015-01-20 19:29 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-01-20 19:28 - 2015-01-20 19:28 - 00001078 _____ () C:\Users\estelle\Desktop\MyPC Backup.lnk
2015-01-20 19:28 - 2015-01-20 19:28 - 00000000 ____D () C:\Users\estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2015-01-20 19:28 - 2015-01-20 19:28 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-20 19:27 - 2015-01-20 19:28 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-20 19:27 - 2015-01-20 19:27 - 00000000 ____D () C:\Users\estelle\AppData\Roaming\omiga-plus
2015-01-20 19:27 - 2015-01-20 19:27 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-20 19:26 - 2015-01-20 19:26 - 00000000 ____D () C:\Users\estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-01-20 19:24 - 2015-01-20 19:25 - 00000000 ____D () C:\Users\estelle\AppData\Roaming\VOPackage
2015-01-20 19:22 - 2015-01-20 19:22 - 00006464 _____ () C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-1
2015-01-20 19:22 - 2015-01-20 19:22 - 00005462 _____ () C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5
2015-01-20 19:22 - 2015-01-20 19:22 - 00005126 _____ () C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-2
2015-01-20 19:22 - 2015-01-20 19:22 - 00003434 _____ () C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-1.job
2015-01-20 19:22 - 2015-01-20 19:22 - 00002432 _____ () C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5_user.job
2015-01-20 19:22 - 2015-01-20 19:22 - 00002432 _____ () C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5.job
2015-01-20 19:22 - 2015-01-20 19:22 - 00002096 _____ () C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-2.job
2015-01-20 19:21 - 2015-01-20 19:26 - 00000954 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-01-20 19:21 - 2015-01-20 19:26 - 00000950 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-20 19:21 - 2015-01-20 19:21 - 00008876 _____ () C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-6
2015-01-20 19:21 - 2015-01-20 19:21 - 00008534 _____ () C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-7
2015-01-20 19:21 - 2015-01-20 19:21 - 00006956 _____ () C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-12
2015-01-20 19:21 - 2015-01-20 19:21 - 00005848 _____ () C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-6.job
2015-01-20 19:21 - 2015-01-20 19:21 - 00005504 _____ () C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-7.job
2015-01-20 19:21 - 2015-01-20 19:21 - 00003952 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-01-20 19:21 - 2015-01-20 19:21 - 00003926 _____ () C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-12.job
2015-01-20 19:21 - 2015-01-20 19:21 - 00003698 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-01-20 19:21 - 2015-01-20 19:21 - 00000000 ____D () C:\Users\estelle\AppData\Local\globalUpdate
2015-01-20 19:21 - 2015-01-20 19:21 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-01-20 19:21 - 2015-01-20 19:21 - 00000000 ____D () C:\Program Files (x86)\0a1b8acd-a52a-488d-bdee-77150bc737e2
2015-01-20 19:20 - 2015-01-20 19:22 - 00000000 ____D () C:\Program Files (x86)\winservice86
2015-01-20 19:06 - 2015-01-20 19:30 - 00000000 ____D () C:\Users\estelle\AppData\Local\ZombieNews
2015-01-20 18:41 - 2015-01-20 18:44 - 02186752 _____ () C:\Users\estelle\Downloads\AdwCleaner-4.108.exe
2015-01-18 18:10 - 2015-01-18 18:10 - 00056432 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNHKT.sys
2015-01-18 18:10 - 2015-01-18 18:10 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
2015-01-18 11:16 - 2015-01-18 11:17 - 00000000 ____D () C:\Program Files (x86)\a4aba71c-b51e-401b-99e2-28dd1bc2ab59
2015-01-17 16:25 - 2015-01-17 16:25 - 00628496 _____ (CMI Limited) C:\Users\estelle\AppData\Local\nsaAB0B.tmp
2015-01-17 16:08 - 2015-01-17 16:08 - 00000000 ____D () C:\Program Files (x86)\4ff07ec6-a13b-41f4-bf55-c36d092a4973
2015-01-16 20:37 - 2015-01-16 20:37 - 00000000 ____D () C:\Program Files (x86)\ab6f9d04-b432-4d5a-8dac-b05c11ffb3b7
2015-01-04 18:36 - 2015-01-04 18:37 - 00000000 ____D () C:\Program Files (x86)\12712d1e-3786-4fca-a538-e7151eda05b1
2015-01-02 15:52 - 2015-01-20 19:21 - 00000000 ____D () C:\Program Files (x86)\14c0aeab-bf5d-4ff4-a142-8c9add133660
2015-01-02 00:11 - 2015-01-02 00:11 - 00720376 _____ () C:\Users\estelle\Downloads\Setup.exe
2015-01-01 16:21 - 2015-01-01 16:21 - 00000000 ____D () C:\Program Files (x86)\c07c4c5f-ee62-447e-af56-fd9f5dbe8bb4
2014-12-30 20:03 - 2014-12-30 20:03 - 00003284 _____ () C:\Windows\System32\Tasks\rpNstFd7RTQjxL0
2014-12-30 20:03 - 2014-12-30 20:03 - 00003244 _____ () C:\Windows\System32\Tasks\wWrklurHfOfHSiE
2014-12-30 20:03 - 2014-12-30 20:03 - 00000000 ____D () C:\Users\estelle\AppData\Roaming\FQskLmk
2014-12-30 20:03 - 2014-12-30 20:03 - 00000000 ____D () C:\Users\estelle\AppData\Roaming\29BMgpi
2014-12-28 20:06 - 2014-12-28 20:06 - 00000000 ____D () C:\Program Files (x86)\7a1e5266-7ed7-4bdd-bc5c-5b734bc4767e
2014-12-25 21:27 - 2015-01-02 15:52 - 00000000 ____D () C:\Program Files (x86)\3df1d12f-4fb1-4eb8-88e4-6963d6c4c56d
2014-12-24 11:30 - 2014-12-24 11:30 - 00000000 ____D () C:\Program Files (x86)\ae8a6b25-80e5-4f18-b160-9f9f9b1e5a5b
2014-12-23 13:02 - 2014-12-24 11:30 - 00000000 ____D () C:\Program Files (x86)\43b01b28-3cfc-4e3c-b09c-4a9e243a8a26
2014-12-22 12:29 - 2015-01-04 18:37 - 00000000 ____D () C:\Program Files (x86)\25deb363-8ba4-41e6-b3e2-3d2c00643113
2014-12-30 20:03 - 2014-11-30 15:48 - 00000000 ____D () C:\Users\estelle\AppData\Roaming\73dkB6J
2011-08-09 12:25 - 2011-08-09 12:25 - 0000000 _____ () C:\ProgramData\e25fe3ce6bd5258c83c11e2d8bb54010_c
Task: {1BEE25CC-6E6E-4604-B939-5A295C4235C0} - System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-7 => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-7.exe [2015-01-20] (Corporate Inc) <==== ATTENTION
Task: {1F4977F8-2CD3-48C5-947D-7003973A5CA6} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-20] (globalUpdate) <==== ATTENTION
Task: {4488AA1F-65E4-480B-9089-FFE412DCD20D} - System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5_user => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5.exe [2015-01-20] (Corporate Inc) <==== ATTENTION
Task: {519279DF-A974-4343-8D81-542010FF5ED3} - System32\Tasks\{72D50672-2E41-49FF-A680-E55AFADAF66D} => pcalua.exe -a "C:\Users\estelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\59BCSF1Z\office2003-KB980373-FullFile-FRA[1].exe" -d C:\Users\estelle\Desktop
Task: {55610DEC-B841-4E88-95CD-AA323971BE17} - System32\Tasks\{B371CCBB-23D6-43FD-840C-06B087BC2E79} => pcalua.exe -a C:\Users\estelle\Downloads\eMule0.50a-Installer(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5E68EF3C-BAE7-4D35-918D-B7C324907EF6} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-25] (MyPC Backup) <==== ATTENTION
Task: {608FDA6D-3D2C-496A-8AFD-4AE689A78D54} - System32\Tasks\{F9BEB21C-E22C-418D-AD02-03AF90FD713B} => C:\Program Files (x86)\Jeux.fr\Romantic Discoveries Bundle - 3 in 1\Launch.exe
Task: {66C14EE5-F7E3-4944-A169-E68F714A11DE} - System32\Tasks\{49FF8177-3072-45F2-B7E8-458A5712430F} => pcalua.exe -a C:\Users\estelle\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=slbnew <==== ATTENTION
Task: {6701847A-841E-428E-916C-28A58B61B6D7} - System32\Tasks\{37B742F8-6036-42C0-995E-FC6CDF5595B3} => pcalua.exe -a "C:\Users\estelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJ1UP4SF\eMule0.50a-Installer[1].exe" -d C:\Users\estelle\Desktop
Task: {6C8F4A2C-7B0F-4CBA-8132-D8E41E60E51F} - System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-6 => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-6.exe [2015-01-20] (Corporate Inc) <==== ATTENTION
Task: {7A0F5117-B99C-4634-98F2-66800D36413C} - System32\Tasks\{D975A46B-046D-4C98-BCA6-85F61A0B006C} => pcalua.exe -a C:\Users\estelle\Desktop\Nanny_Mania-setup.exe -d C:\Users\estelle\Desktop
Task: {7E083BDE-97C6-4007-90DA-D8F73D6E6B50} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {7ED06C80-E683-4C1C-A359-6629FB6A2AA6} - System32\Tasks\JrRJLjeiboOjLr5 => C:\Users\estelle\AppData\Roaming\73dkB6J\O22qbQL.exe [2014-11-30] ( )
Task: {8BED4087-0671-4441-B9EA-B748D7204C0A} - System32\Tasks\{7BDDA8DA-51AF-45A6-8628-5B12659C32B9} => pcalua.exe -a C:\Users\estelle\Desktop\mostick.exe -d C:\Users\estelle\Desktop
Task: {940B9962-455A-4B83-8883-529AA1D67C71} - System32\Tasks\wWrklurHfOfHSiE => C:\Users\estelle\AppData\Roaming\29BMgpi\Rfi1nrJ.exe [2014-12-30] ( )
Task: {A0C3286B-1204-48B6-902D-F130CA3EC46B} - System32\Tasks\{6ED5F24D-5542-41D4-B6D3-FFE804BD8189} => pcalua.exe -a "C:\Program Files (x86)\RealArcade\Installer\bin\gameinstaller.exe" -c "C:\Program Files (x86)\RealArcade\Installer\installerMain.clf" "C:\Program Files (x86)\RealArcade\Installer\uninstall\b8bd7699b2ea16ba442c133a5c1b6a24.rguninst" "AddRemove"
Task: {A1335AF5-809E-487E-9409-44927C225A5F} - System32\Tasks\{37B97F0C-D933-4579-BDB4-EA90F125EDEA} => pcalua.exe -a C:\Users\estelle\Downloads\diner_dash_5_boom_93842292-setup.exe -d C:\Windows\system32
Task: {A4126D0D-BD81-47A1-B25C-4FED4A2DB873} - System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-2 => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-2.exe [2015-01-20] (Corporate Inc) <==== ATTENTION
Task: {B2E3C2A3-30A9-4F85-A0C7-9C1545EAE511} - System32\Tasks\{55C1335E-D6F2-48B6-BEF2-6BF8EEC443CD} => pcalua.exe -a "C:\Users\estelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIEG9I0G\IMBoosterSetup.v9fhsioko1b2zfmsn5u72f47[1].exe" -d C:\Users\estelle\Desktop
Task: {B5D420C4-27F2-4674-9F44-1BFDE94A9F5A} - System32\Tasks\PenWes => C:\Program Files (x86)\PenWes\dnshelper.exe <==== ATTENTION
Task: {B68D5D47-C5F5-45C9-AA72-0B1F49363C68} - System32\Tasks\{2BB1A19B-5699-4E90-95F3-915563FA6364} => pcalua.exe -a C:\Users\estelle\Downloads\eMule0.50a-Installer(4).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {BC84F7AE-6C47-40B8-8B9D-8F4B0B528BF0} - System32\Tasks\{044FE1C3-8959-4C6C-989E-8E7FDFB1B04C} => pcalua.exe -a "C:\Users\estelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GRZ24L4\robins-quest_s5_l4_gF5927T1L4_d1118781112[1].exe" -d C:\Users\estelle\Desktop
Task: {BE8E5F3D-A9FD-4040-AFC8-A098F14BA88C} - System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5 => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5.exe [2015-01-20] (Corporate Inc) <==== ATTENTION
Task: {C4C68E53-4848-416A-9683-80BF078F243E} - System32\Tasks\{B792F1C7-55DE-4EC4-B52C-3E7157CE96B2} => pcalua.exe -a "C:\Program Files (x86)\Jeux.fr\Farm Frenzy 3 Ice Age\Uninstall.exe" -c "C:\Program Files (x86)\Jeux.fr\Farm Frenzy 3 Ice Age\install.log"
Task: {C51842CB-FA83-4CBE-BE4A-03EA7E887810} - System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-1 => C:\Program Files (x86)\winservice86\winservice86-codedownloader.exe [2015-01-20] (Corporate Inc) <==== ATTENTION
Task: {C692DF2F-1A24-4C04-91DF-F3692F40B297} - System32\Tasks\rpNstFd7RTQjxL0 => C:\Users\estelle\AppData\Roaming\FQskLmk\YLN8KEg.exe [2014-12-30] ( )
Task: {CAAA0F03-D5D4-474D-92A0-23EE9FC6D81C} - System32\Tasks\{2B8C0C39-B624-4A72-98A5-BCFE2B8112E4} => pcalua.exe -a "C:\Program Files (x86)\HBLite\bin\11.0.363.0\HBLiteUninstaller.exe" -c Web
Task: {DDA9A66E-D435-4D6B-BCC0-C158C1CDFA3E} - System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-12 => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-12.exe [2015-01-20] (Corporate Inc) <==== ATTENTION
Task: C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-1.job => C:\Program Files (x86)\winservice86\winservice86-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-12.job => C:\Users\estelle\AppData\Local\Temp\nsc4847.tmp\Gjgkq.exe <==== ATTENTION
Task: C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-2.job => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5.job => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5_user.job => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-6.job => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-7.job => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION


Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur


puis réinitialise tes navigateurs:
==================================
Réinitialise tes navigateurs et ou manuellement reparamètre tes navigateurs WEB (page de démarrage, moteur de recherche etc) mais aussi supprimer/désactiver les extensions inutiles/parasites :
* Firefox : https://www.malekal.com/reparer-firefox/?t=36057&start=
* Google Chrome : https://www.malekal.com/reparer-google-chrome/?t=35837&start=
* Internet Explorer et modules complémentaires / moteurs de recherche : https://forum.malekal.com/viewtopic.php?t=41399&start=

0
estelle91240 Messages postés 16 Date d'inscription vendredi 12 août 2011 Statut Membre Dernière intervention 26 janvier 2015 1
21 janv. 2015 à 16:44
voilà le rapport affiché:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-01-2015
Ran by estelle at 2015-01-21 16:36:24 Run:1
Running from C:\Users\estelle\Desktop
Loaded Profiles: estelle (Available profiles: estelle)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKLM-x32\...\Run: [SmartWeb] => C:\Users\estelle\AppData\Local\SmartWeb\SmartWebHelper.exe
Startup: C:\Users\estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
ProxyEnable: [.DEFAULT] => Internet Explorer PROXY is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54065;https=127.0.0.1:54065 [Attention - Possible PROXY Malicieux]
BHO: winservice86 -> {11111111-1111-1111-1111-110611471155} -> C:\Program Files (x86)\winservice86\winservice86-bho64.dll (Corporate Inc)
BHO-x32: winservice86 -> {11111111-1111-1111-1111-110611471155} -> C:\Program Files (x86)\winservice86\winservice86-bho.dll (Corporate Inc)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\XTab\SupTab.dll (Thinknice Co. Limited)
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
CHR Extension: (winservice86) - C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\onhcengeacabehdkdhbdcigfolmmakof [2015-01-06]
CHR Extension: (Amazon for Chrome) - C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2013-04-17]
CHR Extension: (Smart Display) - C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbpohikckhbcljgombipcdoinkaedlfa [2013-04-17]
CHR HKLM-x32\...\Chrome\Extension: [gfkbfjcbkhnmiignagpkiijohkcdkffb] - No Path
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [53832 2014-11-25] (Just Develop It) <==== ATTENTION
R2 ifRplrOV; C:\ProgramData\skFeoI\ifRplrOV.exe [2726256 2014-12-21] (Time Lapse Solutions)
R2 IHProtect Service; C:\Program Files (x86)\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-01-20] (SysTool PasSame LIMITED) [File not signed]
R2 webinstrNHKT; C:\Windows\system32\Drivers\webinstrNHKT.sys [56432 2015-01-18] (Corsica)
2015-01-20 19:29 - 2015-01-20 19:29 - 00004022 _____ () C:\Windows\System32\Tasks\LaunchSignup
2015-01-20 19:29 - 2015-01-20 19:29 - 00001978 _____ () C:\Users\estelle\Desktop\Sync Folder.lnk
2015-01-20 19:28 - 2015-01-20 19:29 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2015-01-20 19:28 - 2015-01-20 19:28 - 00001078 _____ () C:\Users\estelle\Desktop\MyPC Backup.lnk
2015-01-20 19:28 - 2015-01-20 19:28 - 00000000 ____D () C:\Users\estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2015-01-20 19:28 - 2015-01-20 19:28 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-01-20 19:27 - 2015-01-20 19:28 - 00000000 ____D () C:\Program Files (x86)\XTab
2015-01-20 19:27 - 2015-01-20 19:27 - 00000000 ____D () C:\Users\estelle\AppData\Roaming\omiga-plus
2015-01-20 19:27 - 2015-01-20 19:27 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-01-20 19:26 - 2015-01-20 19:26 - 00000000 ____D () C:\Users\estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2015-01-20 19:24 - 2015-01-20 19:25 - 00000000 ____D () C:\Users\estelle\AppData\Roaming\VOPackage
2015-01-20 19:22 - 2015-01-20 19:22 - 00006464 _____ () C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-1
2015-01-20 19:22 - 2015-01-20 19:22 - 00005462 _____ () C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5
2015-01-20 19:22 - 2015-01-20 19:22 - 00005126 _____ () C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-2
2015-01-20 19:22 - 2015-01-20 19:22 - 00003434 _____ () C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-1.job
2015-01-20 19:22 - 2015-01-20 19:22 - 00002432 _____ () C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5_user.job
2015-01-20 19:22 - 2015-01-20 19:22 - 00002432 _____ () C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5.job
2015-01-20 19:22 - 2015-01-20 19:22 - 00002096 _____ () C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-2.job
2015-01-20 19:21 - 2015-01-20 19:26 - 00000954 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2015-01-20 19:21 - 2015-01-20 19:26 - 00000950 _____ () C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2015-01-20 19:21 - 2015-01-20 19:21 - 00008876 _____ () C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-6
2015-01-20 19:21 - 2015-01-20 19:21 - 00008534 _____ () C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-7
2015-01-20 19:21 - 2015-01-20 19:21 - 00006956 _____ () C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-12
2015-01-20 19:21 - 2015-01-20 19:21 - 00005848 _____ () C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-6.job
2015-01-20 19:21 - 2015-01-20 19:21 - 00005504 _____ () C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-7.job
2015-01-20 19:21 - 2015-01-20 19:21 - 00003952 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
2015-01-20 19:21 - 2015-01-20 19:21 - 00003926 _____ () C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-12.job
2015-01-20 19:21 - 2015-01-20 19:21 - 00003698 _____ () C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
2015-01-20 19:21 - 2015-01-20 19:21 - 00000000 ____D () C:\Users\estelle\AppData\Local\globalUpdate
2015-01-20 19:21 - 2015-01-20 19:21 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-01-20 19:21 - 2015-01-20 19:21 - 00000000 ____D () C:\Program Files (x86)\0a1b8acd-a52a-488d-bdee-77150bc737e2
2015-01-20 19:20 - 2015-01-20 19:22 - 00000000 ____D () C:\Program Files (x86)\winservice86
2015-01-20 19:06 - 2015-01-20 19:30 - 00000000 ____D () C:\Users\estelle\AppData\Local\ZombieNews
2015-01-20 18:41 - 2015-01-20 18:44 - 02186752 _____ () C:\Users\estelle\Downloads\AdwCleaner-4.108.exe
2015-01-18 18:10 - 2015-01-18 18:10 - 00056432 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNHKT.sys
2015-01-18 18:10 - 2015-01-18 18:10 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
2015-01-18 11:16 - 2015-01-18 11:17 - 00000000 ____D () C:\Program Files (x86)\a4aba71c-b51e-401b-99e2-28dd1bc2ab59
2015-01-17 16:25 - 2015-01-17 16:25 - 00628496 _____ (CMI Limited) C:\Users\estelle\AppData\Local\nsaAB0B.tmp
2015-01-17 16:08 - 2015-01-17 16:08 - 00000000 ____D () C:\Program Files (x86)\4ff07ec6-a13b-41f4-bf55-c36d092a4973
2015-01-16 20:37 - 2015-01-16 20:37 - 00000000 ____D () C:\Program Files (x86)\ab6f9d04-b432-4d5a-8dac-b05c11ffb3b7
2015-01-04 18:36 - 2015-01-04 18:37 - 00000000 ____D () C:\Program Files (x86)\12712d1e-3786-4fca-a538-e7151eda05b1
2015-01-02 15:52 - 2015-01-20 19:21 - 00000000 ____D () C:\Program Files (x86)\14c0aeab-bf5d-4ff4-a142-8c9add133660
2015-01-02 00:11 - 2015-01-02 00:11 - 00720376 _____ () C:\Users\estelle\Downloads\Setup.exe
2015-01-01 16:21 - 2015-01-01 16:21 - 00000000 ____D () C:\Program Files (x86)\c07c4c5f-ee62-447e-af56-fd9f5dbe8bb4
2014-12-30 20:03 - 2014-12-30 20:03 - 00003284 _____ () C:\Windows\System32\Tasks\rpNstFd7RTQjxL0
2014-12-30 20:03 - 2014-12-30 20:03 - 00003244 _____ () C:\Windows\System32\Tasks\wWrklurHfOfHSiE
2014-12-30 20:03 - 2014-12-30 20:03 - 00000000 ____D () C:\Users\estelle\AppData\Roaming\FQskLmk
2014-12-30 20:03 - 2014-12-30 20:03 - 00000000 ____D () C:\Users\estelle\AppData\Roaming\29BMgpi
2014-12-28 20:06 - 2014-12-28 20:06 - 00000000 ____D () C:\Program Files (x86)\7a1e5266-7ed7-4bdd-bc5c-5b734bc4767e
2014-12-25 21:27 - 2015-01-02 15:52 - 00000000 ____D () C:\Program Files (x86)\3df1d12f-4fb1-4eb8-88e4-6963d6c4c56d
2014-12-24 11:30 - 2014-12-24 11:30 - 00000000 ____D () C:\Program Files (x86)\ae8a6b25-80e5-4f18-b160-9f9f9b1e5a5b
2014-12-23 13:02 - 2014-12-24 11:30 - 00000000 ____D () C:\Program Files (x86)\43b01b28-3cfc-4e3c-b09c-4a9e243a8a26
2014-12-22 12:29 - 2015-01-04 18:37 - 00000000 ____D () C:\Program Files (x86)\25deb363-8ba4-41e6-b3e2-3d2c00643113
2014-12-30 20:03 - 2014-11-30 15:48 - 00000000 ____D () C:\Users\estelle\AppData\Roaming\73dkB6J
2011-08-09 12:25 - 2011-08-09 12:25 - 0000000 _____ () C:\ProgramData\e25fe3ce6bd5258c83c11e2d8bb54010_c
Task: {1BEE25CC-6E6E-4604-B939-5A295C4235C0} - System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-7 => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-7.exe [2015-01-20] (Corporate Inc) <==== ATTENTION
Task: {1F4977F8-2CD3-48C5-947D-7003973A5CA6} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2015-01-20] (globalUpdate) <==== ATTENTION
Task: {4488AA1F-65E4-480B-9089-FFE412DCD20D} - System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5_user => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5.exe [2015-01-20] (Corporate Inc) <==== ATTENTION
Task: {519279DF-A974-4343-8D81-542010FF5ED3} - System32\Tasks\{72D50672-2E41-49FF-A680-E55AFADAF66D} => pcalua.exe -a "C:\Users\estelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\59BCSF1Z\office2003-KB980373-FullFile-FRA[1].exe" -d C:\Users\estelle\Desktop
Task: {55610DEC-B841-4E88-95CD-AA323971BE17} - System32\Tasks\{B371CCBB-23D6-43FD-840C-06B087BC2E79} => pcalua.exe -a C:\Users\estelle\Downloads\eMule0.50a-Installer(1).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {5E68EF3C-BAE7-4D35-918D-B7C324907EF6} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-11-25] (MyPC Backup) <==== ATTENTION
Task: {608FDA6D-3D2C-496A-8AFD-4AE689A78D54} - System32\Tasks\{F9BEB21C-E22C-418D-AD02-03AF90FD713B} => C:\Program Files (x86)\Jeux.fr\Romantic Discoveries Bundle - 3 in 1\Launch.exe
Task: {66C14EE5-F7E3-4944-A169-E68F714A11DE} - System32\Tasks\{49FF8177-3072-45F2-B7E8-458A5712430F} => pcalua.exe -a C:\Users\estelle\AppData\Roaming\webssearches\UninstallManager.exe -c -ptid=slbnew <==== ATTENTION
Task: {6701847A-841E-428E-916C-28A58B61B6D7} - System32\Tasks\{37B742F8-6036-42C0-995E-FC6CDF5595B3} => pcalua.exe -a "C:\Users\estelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BJ1UP4SF\eMule0.50a-Installer[1].exe" -d C:\Users\estelle\Desktop
Task: {6C8F4A2C-7B0F-4CBA-8132-D8E41E60E51F} - System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-6 => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-6.exe [2015-01-20] (Corporate Inc) <==== ATTENTION
Task: {7A0F5117-B99C-4634-98F2-66800D36413C} - System32\Tasks\{D975A46B-046D-4C98-BCA6-85F61A0B006C} => pcalua.exe -a C:\Users\estelle\Desktop\Nanny_Mania-setup.exe -d C:\Users\estelle\Desktop
Task: {7E083BDE-97C6-4007-90DA-D8F73D6E6B50} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {7ED06C80-E683-4C1C-A359-6629FB6A2AA6} - System32\Tasks\JrRJLjeiboOjLr5 => C:\Users\estelle\AppData\Roaming\73dkB6J\O22qbQL.exe [2014-11-30] ( )
Task: {8BED4087-0671-4441-B9EA-B748D7204C0A} - System32\Tasks\{7BDDA8DA-51AF-45A6-8628-5B12659C32B9} => pcalua.exe -a C:\Users\estelle\Desktop\mostick.exe -d C:\Users\estelle\Desktop
Task: {940B9962-455A-4B83-8883-529AA1D67C71} - System32\Tasks\wWrklurHfOfHSiE => C:\Users\estelle\AppData\Roaming\29BMgpi\Rfi1nrJ.exe [2014-12-30] ( )
Task: {A0C3286B-1204-48B6-902D-F130CA3EC46B} - System32\Tasks\{6ED5F24D-5542-41D4-B6D3-FFE804BD8189} => pcalua.exe -a "C:\Program Files (x86)\RealArcade\Installer\bin\gameinstaller.exe" -c "C:\Program Files (x86)\RealArcade\Installer\installerMain.clf" "C:\Program Files (x86)\RealArcade\Installer\uninstall\b8bd7699b2ea16ba442c133a5c1b6a24.rguninst" "AddRemove"
Task: {A1335AF5-809E-487E-9409-44927C225A5F} - System32\Tasks\{37B97F0C-D933-4579-BDB4-EA90F125EDEA} => pcalua.exe -a C:\Users\estelle\Downloads\diner_dash_5_boom_93842292-setup.exe -d C:\Windows\system32
Task: {A4126D0D-BD81-47A1-B25C-4FED4A2DB873} - System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-2 => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-2.exe [2015-01-20] (Corporate Inc) <==== ATTENTION
Task: {B2E3C2A3-30A9-4F85-A0C7-9C1545EAE511} - System32\Tasks\{55C1335E-D6F2-48B6-BEF2-6BF8EEC443CD} => pcalua.exe -a "C:\Users\estelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NIEG9I0G\IMBoosterSetup.v9fhsioko1b2zfmsn5u72f47[1].exe" -d C:\Users\estelle\Desktop
Task: {B5D420C4-27F2-4674-9F44-1BFDE94A9F5A} - System32\Tasks\PenWes => C:\Program Files (x86)\PenWes\dnshelper.exe <==== ATTENTION
Task: {B68D5D47-C5F5-45C9-AA72-0B1F49363C68} - System32\Tasks\{2BB1A19B-5699-4E90-95F3-915563FA6364} => pcalua.exe -a C:\Users\estelle\Downloads\eMule0.50a-Installer(4).exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {BC84F7AE-6C47-40B8-8B9D-8F4B0B528BF0} - System32\Tasks\{044FE1C3-8959-4C6C-989E-8E7FDFB1B04C} => pcalua.exe -a "C:\Users\estelle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0GRZ24L4\robins-quest_s5_l4_gF5927T1L4_d1118781112[1].exe" -d C:\Users\estelle\Desktop
Task: {BE8E5F3D-A9FD-4040-AFC8-A098F14BA88C} - System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5 => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5.exe [2015-01-20] (Corporate Inc) <==== ATTENTION
Task: {C4C68E53-4848-416A-9683-80BF078F243E} - System32\Tasks\{B792F1C7-55DE-4EC4-B52C-3E7157CE96B2} => pcalua.exe -a "C:\Program Files (x86)\Jeux.fr\Farm Frenzy 3 Ice Age\Uninstall.exe" -c "C:\Program Files (x86)\Jeux.fr\Farm Frenzy 3 Ice Age\install.log"
Task: {C51842CB-FA83-4CBE-BE4A-03EA7E887810} - System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-1 => C:\Program Files (x86)\winservice86\winservice86-codedownloader.exe [2015-01-20] (Corporate Inc) <==== ATTENTION
Task: {C692DF2F-1A24-4C04-91DF-F3692F40B297} - System32\Tasks\rpNstFd7RTQjxL0 => C:\Users\estelle\AppData\Roaming\FQskLmk\YLN8KEg.exe [2014-12-30] ( )
Task: {CAAA0F03-D5D4-474D-92A0-23EE9FC6D81C} - System32\Tasks\{2B8C0C39-B624-4A72-98A5-BCFE2B8112E4} => pcalua.exe -a "C:\Program Files (x86)\HBLite\bin\11.0.363.0\HBLiteUninstaller.exe" -c Web
Task: {DDA9A66E-D435-4D6B-BCC0-C158C1CDFA3E} - System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-12 => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-12.exe [2015-01-20] (Corporate Inc) <==== ATTENTION
Task: C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-1.job => C:\Program Files (x86)\winservice86\winservice86-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-12.job => C:\Users\estelle\AppData\Local\Temp\nsc4847.tmp\Gjgkq.exe <==== ATTENTION
Task: C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-2.job => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-2.exe <==== ATTENTION
Task: C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5.job => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5_user.job => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-6.job => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-7.job => C:\Program Files (x86)\winservice86\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe <==== ATTENTION
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SmartWeb => value deleted successfully.
C:\Users\estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk => Moved successfully.
C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe => Moved successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611471155}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110611471155}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611471155}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{11111111-1111-1111-1111-110611471155}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.
C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll not found.
C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\onhcengeacabehdkdhbdcigfolmmakof => Moved successfully.
C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam => Moved successfully.
C:\Users\estelle\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pbpohikckhbcljgombipcdoinkaedlfa => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gfkbfjcbkhnmiignagpkiijohkcdkffb" => Key deleted successfully.
BackupStack => Service deleted successfully.
ifRplrOV => Service deleted successfully.
IHProtect Service => Service stopped successfully.
IHProtect Service => Service deleted successfully.
WindowsMangerProtect => Service stopped successfully.
WindowsMangerProtect => Service deleted successfully.
webinstrNHKT => Service stopped successfully.
webinstrNHKT => Service deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
C:\Users\estelle\Desktop\Sync Folder.lnk => Moved successfully.

"C:\Program Files (x86)\MyPC Backup" directory move:

C:\Program Files (x86)\MyPC Backup\aff.conf => Moved successfully.
C:\Program Files (x86)\MyPC Backup\AlphaFS.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\AlphaVSS.51.x86.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x64.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\AlphaVSS.52.x86.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x64.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\AlphaVSS.60.x86.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\AlphaVSS.Common.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\BackupStack.exe => Moved successfully.
C:\Program Files (x86)\MyPC Backup\BackupStackUI.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\BplusDotNet.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\Configuration Updater.exe => Moved successfully.
C:\Program Files (x86)\MyPC Backup\de_DE.mo => Moved successfully.
C:\Program Files (x86)\MyPC Backup\es_ES.mo => Moved successfully.
C:\Program Files (x86)\MyPC Backup\fr_FR.mo => Moved successfully.
C:\Program Files (x86)\MyPC Backup\GetText.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\InstMgr.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\Ionic.Zip.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\it_IT.mo => Moved successfully.
C:\Program Files (x86)\MyPC Backup\LogicNP.EZShellExtensions.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\Microsoft.Win32.TaskScheduler.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\MPCBClient.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\MPCBContextMenu.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\mypcbackup.ico => Moved successfully.
C:\Program Files (x86)\MyPC Backup\NativeHashWrapper.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\Newtonsoft.Json.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\ObjectListView.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\PipeDiff.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\pt_PT.mo => Moved successfully.
C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x64.exe => Moved successfully.
C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet20_x86.exe => Moved successfully.
C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet40_x64.exe => Moved successfully.
C:\Program Files (x86)\MyPC Backup\RegisterExtensionDotNet40_x86.exe => Moved successfully.
C:\Program Files (x86)\MyPC Backup\Service Start.exe => Moved successfully.
C:\Program Files (x86)\MyPC Backup\Shared Stack.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe => Moved successfully.
C:\Program Files (x86)\MyPC Backup\SignupWizard.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\syncicon.ico => Moved successfully.
C:\Program Files (x86)\MyPC Backup\System.Data.SQLite.DLL => Moved successfully.
C:\Program Files (x86)\MyPC Backup\uninst.exe => Moved successfully.
C:\Program Files (x86)\MyPC Backup\UnRegisterExtensions.exe => Moved successfully.
C:\Program Files (x86)\MyPC Backup\Updater.exe => Moved successfully.
C:\Program Files (x86)\MyPC Backup\Updater_.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\websocket-sharp.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\x86\SQLite.Interop.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\x64\SQLite.Interop.dll => Moved successfully.
C:\Program Files (x86)\MyPC Backup\log\APPLICATION.log => Moved successfully.
C:\Program Files (x86)\MyPC Backup\log\POPUPS.log => Moved successfully.
C:\Program Files (x86)\MyPC Backup\log\WAIT_HANDLES.log => Moved successfully.
C:\Program Files (x86)\MyPC Backup\Database\mpcb_settings.db => Moved successfully.
Could not move "C:\Program Files (x86)\MyPC Backup" directory. => Scheduled to move on reboot.

C:\Users\estelle\Desktop\MyPC Backup.lnk => Moved successfully.
C:\Users\estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup => Moved successfully.
C:\ProgramData\IHProtectUpDate => Moved successfully.
C:\Program Files (x86)\XTab => Moved successfully.
C:\Users\estelle\AppData\Roaming\omiga-plus => Moved successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
C:\Users\estelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage => Moved successfully.
C:\Users\estelle\AppData\Roaming\VOPackage => Moved successfully.
C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-1 => Moved successfully.
C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5 => Moved successfully.
C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-2 => Moved successfully.
C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-1.job => Moved successfully.
C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5_user.job => Moved successfully.
C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5.job => Moved successfully.
C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-2.job => Moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => Moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-6 => Moved successfully.
C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-7 => Moved successfully.
C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-12 => Moved successfully.
C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-6.job => Moved successfully.
C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-7.job => Moved successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA => Moved successfully.
C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-12.job => Moved successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore => Moved successfully.
C:\Users\estelle\AppData\Local\globalUpdate => Moved successfully.
C:\Program Files (x86)\globalUpdate => Moved successfully.
C:\Program Files (x86)\0a1b8acd-a52a-488d-bdee-77150bc737e2 => Moved successfully.
C:\Program Files (x86)\winservice86 => Moved successfully.
C:\Users\estelle\AppData\Local\ZombieNews => Moved successfully.
C:\Users\estelle\Downloads\AdwCleaner-4.108.exe => Moved successfully.
C:\Windows\system32\Drivers\webinstrNHKT.sys => Moved successfully.
C:\Windows\system32\Drivers\Msft_Kernel_webinstrNHKT_01009.Wdf => Moved successfully.
C:\Program Files (x86)\a4aba71c-b51e-401b-99e2-28dd1bc2ab59 => Moved successfully.
C:\Users\estelle\AppData\Local\nsaAB0B.tmp => Moved successfully.
C:\Program Files (x86)\4ff07ec6-a13b-41f4-bf55-c36d092a4973 => Moved successfully.
C:\Program Files (x86)\ab6f9d04-b432-4d5a-8dac-b05c11ffb3b7 => Moved successfully.
C:\Program Files (x86)\12712d1e-3786-4fca-a538-e7151eda05b1 => Moved successfully.
C:\Program Files (x86)\14c0aeab-bf5d-4ff4-a142-8c9add133660 => Moved successfully.
C:\Users\estelle\Downloads\Setup.exe => Moved successfully.
C:\Program Files (x86)\c07c4c5f-ee62-447e-af56-fd9f5dbe8bb4 => Moved successfully.
C:\Windows\System32\Tasks\rpNstFd7RTQjxL0 => Moved successfully.
C:\Windows\System32\Tasks\wWrklurHfOfHSiE => Moved successfully.

"C:\Users\estelle\AppData\Roaming\FQskLmk" directory move:

C:\Users\estelle\AppData\Roaming\FQskLmk\data.dat => Moved successfully.
C:\Users\estelle\AppData\Roaming\FQskLmk\Kommun.dll => Moved successfully.
C:\Users\estelle\AppData\Roaming\FQskLmk\LibDownloadManagement.dll => Moved successfully.
C:\Users\estelle\AppData\Roaming\FQskLmk\YLN8KEg.exe => Moved successfully.
Could not move "C:\Users\estelle\AppData\Roaming\FQskLmk" directory. => Scheduled to move on reboot.

C:\Users\estelle\AppData\Roaming\29BMgpi => Moved successfully.
C:\Program Files (x86)\7a1e5266-7ed7-4bdd-bc5c-5b734bc4767e => Moved successfully.
C:\Program Files (x86)\3df1d12f-4fb1-4eb8-88e4-6963d6c4c56d => Moved successfully.
C:\Program Files (x86)\ae8a6b25-80e5-4f18-b160-9f9f9b1e5a5b => Moved successfully.
C:\Program Files (x86)\43b01b28-3cfc-4e3c-b09c-4a9e243a8a26 => Moved successfully.
C:\Program Files (x86)\25deb363-8ba4-41e6-b3e2-3d2c00643113 => Moved successfully.
C:\Users\estelle\AppData\Roaming\73dkB6J => Moved successfully.
C:\ProgramData\e25fe3ce6bd5258c83c11e2d8bb54010_c => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1BEE25CC-6E6E-4604-B939-5A295C4235C0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1BEE25CC-6E6E-4604-B939-5A295C4235C0}" => Key deleted successfully.
C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-7 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-7" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1F4977F8-2CD3-48C5-947D-7003973A5CA6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F4977F8-2CD3-48C5-947D-7003973A5CA6}" => Key deleted successfully.
C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\globalUpdateUpdateTaskMachineCore" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4488AA1F-65E4-480B-9089-FFE412DCD20D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4488AA1F-65E4-480B-9089-FFE412DCD20D}" => Key deleted successfully.
C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5_user => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5_user" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{519279DF-A974-4343-8D81-542010FF5ED3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{519279DF-A974-4343-8D81-542010FF5ED3}" => Key deleted successfully.
C:\Windows\System32\Tasks\{72D50672-2E41-49FF-A680-E55AFADAF66D} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{72D50672-2E41-49FF-A680-E55AFADAF66D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55610DEC-B841-4E88-95CD-AA323971BE17}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55610DEC-B841-4E88-95CD-AA323971BE17}" => Key deleted successfully.
C:\Windows\System32\Tasks\{B371CCBB-23D6-43FD-840C-06B087BC2E79} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B371CCBB-23D6-43FD-840C-06B087BC2E79}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5E68EF3C-BAE7-4D35-918D-B7C324907EF6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E68EF3C-BAE7-4D35-918D-B7C324907EF6}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{608FDA6D-3D2C-496A-8AFD-4AE689A78D54}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{608FDA6D-3D2C-496A-8AFD-4AE689A78D54}" => Key deleted successfully.
C:\Windows\System32\Tasks\{F9BEB21C-E22C-418D-AD02-03AF90FD713B} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F9BEB21C-E22C-418D-AD02-03AF90FD713B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66C14EE5-F7E3-4944-A169-E68F714A11DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66C14EE5-F7E3-4944-A169-E68F714A11DE}" => Key deleted successfully.
C:\Windows\System32\Tasks\{49FF8177-3072-45F2-B7E8-458A5712430F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{49FF8177-3072-45F2-B7E8-458A5712430F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6701847A-841E-428E-916C-28A58B61B6D7}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6701847A-841E-428E-916C-28A58B61B6D7}" => Key deleted successfully.
C:\Windows\System32\Tasks\{37B742F8-6036-42C0-995E-FC6CDF5595B3} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{37B742F8-6036-42C0-995E-FC6CDF5595B3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6C8F4A2C-7B0F-4CBA-8132-D8E41E60E51F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C8F4A2C-7B0F-4CBA-8132-D8E41E60E51F}" => Key deleted successfully.
C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-6 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-6" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7A0F5117-B99C-4634-98F2-66800D36413C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A0F5117-B99C-4634-98F2-66800D36413C}" => Key deleted successfully.
C:\Windows\System32\Tasks\{D975A46B-046D-4C98-BCA6-85F61A0B006C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{D975A46B-046D-4C98-BCA6-85F61A0B006C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E083BDE-97C6-4007-90DA-D8F73D6E6B50}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E083BDE-97C6-4007-90DA-D8F73D6E6B50}" => Key deleted successfully.
C:\Windows\System32\Tasks\Apple Diagnostics => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Apple Diagnostics" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7ED06C80-E683-4C1C-A359-6629FB6A2AA6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ED06C80-E683-4C1C-A359-6629FB6A2AA6}" => Key deleted successfully.
C:\Windows\System32\Tasks\JrRJLjeiboOjLr5 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\JrRJLjeiboOjLr5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8BED4087-0671-4441-B9EA-B748D7204C0A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8BED4087-0671-4441-B9EA-B748D7204C0A}" => Key deleted successfully.
C:\Windows\System32\Tasks\{7BDDA8DA-51AF-45A6-8628-5B12659C32B9} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7BDDA8DA-51AF-45A6-8628-5B12659C32B9}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{940B9962-455A-4B83-8883-529AA1D67C71}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{940B9962-455A-4B83-8883-529AA1D67C71}" => Key deleted successfully.
C:\Windows\System32\Tasks\wWrklurHfOfHSiE not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\wWrklurHfOfHSiE" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A0C3286B-1204-48B6-902D-F130CA3EC46B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0C3286B-1204-48B6-902D-F130CA3EC46B}" => Key deleted successfully.
C:\Windows\System32\Tasks\{6ED5F24D-5542-41D4-B6D3-FFE804BD8189} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{6ED5F24D-5542-41D4-B6D3-FFE804BD8189}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1335AF5-809E-487E-9409-44927C225A5F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1335AF5-809E-487E-9409-44927C225A5F}" => Key deleted successfully.
C:\Windows\System32\Tasks\{37B97F0C-D933-4579-BDB4-EA90F125EDEA} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{37B97F0C-D933-4579-BDB4-EA90F125EDEA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A4126D0D-BD81-47A1-B25C-4FED4A2DB873}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4126D0D-BD81-47A1-B25C-4FED4A2DB873}" => Key deleted successfully.
C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-2 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-2" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B2E3C2A3-30A9-4F85-A0C7-9C1545EAE511}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B2E3C2A3-30A9-4F85-A0C7-9C1545EAE511}" => Key deleted successfully.
C:\Windows\System32\Tasks\{55C1335E-D6F2-48B6-BEF2-6BF8EEC443CD} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{55C1335E-D6F2-48B6-BEF2-6BF8EEC443CD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B5D420C4-27F2-4674-9F44-1BFDE94A9F5A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5D420C4-27F2-4674-9F44-1BFDE94A9F5A}" => Key deleted successfully.
C:\Windows\System32\Tasks\PenWes => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PenWes" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B68D5D47-C5F5-45C9-AA72-0B1F49363C68}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B68D5D47-C5F5-45C9-AA72-0B1F49363C68}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2BB1A19B-5699-4E90-95F3-915563FA6364} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2BB1A19B-5699-4E90-95F3-915563FA6364}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC84F7AE-6C47-40B8-8B9D-8F4B0B528BF0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC84F7AE-6C47-40B8-8B9D-8F4B0B528BF0}" => Key deleted successfully.
C:\Windows\System32\Tasks\{044FE1C3-8959-4C6C-989E-8E7FDFB1B04C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{044FE1C3-8959-4C6C-989E-8E7FDFB1B04C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BE8E5F3D-A9FD-4040-AFC8-A098F14BA88C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BE8E5F3D-A9FD-4040-AFC8-A098F14BA88C}" => Key deleted successfully.
C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C4C68E53-4848-416A-9683-80BF078F243E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C4C68E53-4848-416A-9683-80BF078F243E}" => Key deleted successfully.
C:\Windows\System32\Tasks\{B792F1C7-55DE-4EC4-B52C-3E7157CE96B2} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{B792F1C7-55DE-4EC4-B52C-3E7157CE96B2}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C51842CB-FA83-4CBE-BE4A-03EA7E887810}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C51842CB-FA83-4CBE-BE4A-03EA7E887810}" => Key deleted successfully.
C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-1 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C692DF2F-1A24-4C04-91DF-F3692F40B297}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C692DF2F-1A24-4C04-91DF-F3692F40B297}" => Key deleted successfully.
C:\Windows\System32\Tasks\rpNstFd7RTQjxL0 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\rpNstFd7RTQjxL0" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CAAA0F03-D5D4-474D-92A0-23EE9FC6D81C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAAA0F03-D5D4-474D-92A0-23EE9FC6D81C}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2B8C0C39-B624-4A72-98A5-BCFE2B8112E4} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2B8C0C39-B624-4A72-98A5-BCFE2B8112E4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DDA9A66E-D435-4D6B-BCC0-C158C1CDFA3E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDA9A66E-D435-4D6B-BCC0-C158C1CDFA3E}" => Key deleted successfully.
C:\Windows\System32\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-12 not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-12" => Key deleted successfully.
C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-1.job not found.
C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-12.job not found.
C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-2.job not found.
C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5.job not found.
C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-5_user.job not found.
C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-6.job not found.
C:\Windows\Tasks\90533f8f-a2bb-4ccc-a2e8-b46a041262f0-7.job not found.
C:\Windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job not found.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2015-01-21 16:39:51)<=

C:\Program Files (x86)\MyPC Backup => Is moved successfully.
C:\Users\estelle\AppData\Roaming\FQskLmk => Is moved successfully.

==== End of Fixlog 16:39:52 ====
0
Réponse 3 / 8
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
21 janv. 2015 à 16:54
Réinitialise bien les navigateurs WEB et vois ce que cela donne pour les publicités.
0
estelle91240 Messages postés 16 Date d'inscription vendredi 12 août 2011 Statut Membre Dernière intervention 26 janvier 2015 1
21 janv. 2015 à 17:13
J'ai réinitialisé mes navigateurs web mais lorsque j'ouvre google chrome et mm internet explorer, isearchomiga s'ouvre toujours ...
0
estelle91240 Messages postés 16 Date d'inscription vendredi 12 août 2011 Statut Membre Dernière intervention 26 janvier 2015 1
21 janv. 2015 à 17:20
De plus les logiciels se sont re-téléchargés. Il n'y a pas moyen de les supprimer définitivement ?
0
Réponse 4 / 8
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
21 janv. 2015 à 17:59
il devait rester une tâche planifiée qui réinstalle tout.
Il va falloir recommencer et supprimer la tâche planifiée qui remet tout, sinon on va tourner en rond.

Refais un nettoyage AdwCleaner puis :

Scan Malwarebytes (temps : environ 40min de scan):
==================================================
Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour puis lance un examen.

A la fin du scan, clic sur "Mettre tout en quarantaine" en bas à gauche.
Redémarre l'ordinateur si besoin.
Après redémarrage, relance Malwarebytes.
Vas chercher le rapport dans l'onglet Historique.
A gauche Journal des examens.
Doube-clic sur l'examen dans la liste.
Puis en bas Copier dans le presse papier
Vas sur http://pjjoint.malekal.com et en bas, clic droit / coller pour coller le rapport du scan Malwarebytes.
Clic sur envoyer.
Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.

et enfin une analyse FRST en donnant les rapports pjjoint.
0
estelle91240 Messages postés 16 Date d'inscription vendredi 12 août 2011 Statut Membre Dernière intervention 26 janvier 2015 1
21 janv. 2015 à 20:19
Rapport de Malwarebytes: https://pjjoint.malekal.com/files.php?read=20150121_z9n8e13j13f12
0
estelle91240 Messages postés 16 Date d'inscription vendredi 12 août 2011 Statut Membre Dernière intervention 26 janvier 2015 1
21 janv. 2015 à 20:44
Les 3 autres raports de FRST

-https://pjjoint.malekal.com/files.php?id=20150121_x11q10l5i5j5
https://pjjoint.malekal.com/files.php?id=20150121_8r14r15j11g13
-https://pjjoint.malekal.com/files.php?id=20150121_j9d12x7l15u13
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
21 janv. 2015 à 22:00
Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix

Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54065;https=127.0.0.1:54065 [Attention - Possible Proxy Malicieux]
2015-01-21 16:31 - 2015-01-21 19:47 - 00000000 ____D () C:\Program Files (x86)\ed77c406-3759-4b51-9e86-1cf57499d91c

2011-09-24 09:25 - 2011-09-24 09:25 - 0004873 _____ () C:\ProgramData\qjaxlkio.dss


Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.

Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.

Redémarre l'ordinateur


0
estelle91240 Messages postés 16 Date d'inscription vendredi 12 août 2011 Statut Membre Dernière intervention 26 janvier 2015 1
24 janv. 2015 à 20:49
Voici le message affiché:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by estelle at 2015-01-24 20:47:55 Run:2
Running from C:\Users\estelle\Desktop
Loaded Profiles: estelle (Available profiles: estelle)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:54065;https=127.0.0.1:54065 [Attention - Possible Proxy Malicieux]
2015-01-21 16:31 - 2015-01-21 19:47 - 00000000 ____D () C:\Program Files (x86)\ed77c406-3759-4b51-9e86-1cf57499d91c

2011-09-24 09:25 - 2011-09-24 09:25 - 0004873 _____ () C:\ProgramData\qjaxlkio.dss
*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
C:\Program Files (x86)\ed77c406-3759-4b51-9e86-1cf57499d91c => Moved successfully.
C:\ProgramData\qjaxlkio.dss => Moved successfully.

==== End of Fixlog 20:47:56 ====
0
Réponse 6 / 8
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
24 janv. 2015 à 20:56
Ca devrait aller mieux, tu confirmes ?
0
Réponse 7 / 8
estelle91240 Messages postés 16 Date d'inscription vendredi 12 août 2011 Statut Membre Dernière intervention 26 janvier 2015 1
26 janv. 2015 à 19:41
Oui rien à signaler. Tout va beaucoup mieux . Merci beaucoup
0
Réponse 8 / 8
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 24 628
26 janv. 2015 à 20:36
=)

Voila, c'est terminé, tu peux supprimer les programmes utilisés.

Quelques conseils :


Installe Malwarebyte's Anti-Malware : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Fais des scans réguliers avec, il est efficace.
(sauf si tu es sur un netbook)

Pour prévenir les sites malicieux, tu peux installer Blockulicious : https://forum.malekal.com/viewtopic.php?t=46656&start=


Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/


Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html


0

Discussions similaires

Configuration RM-014S+
Louis -
Pat -

3 réponses