Keylogger/infestation, help.
Fermé
Mwiiaaou01
-
9 mars 2015 à 08:22
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 10 mars 2015 à 09:42
Malekal_morte- Messages postés 180304 Date d'inscription mercredi 17 mai 2006 Statut Modérateur, Contributeur sécurité Dernière intervention 15 décembre 2020 - 10 mars 2015 à 09:42
A voir également:
- Keylogger/infestation, help.
- Keylogger gratuit invisible - Télécharger - Contrôle parental
- Anti keylogger gratuit - Télécharger - Sécurité
- Zemana anti keylogger - Télécharger - Antivirus & Antimalwares
- Keylogger mail ✓ - Forum Virus
- Keylogger linux - Forum Linux / Unix
6 réponses
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 631
9 mars 2015 à 08:46
9 mars 2015 à 08:46
Salut,
Suis ce tutoriel FRST: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
(et bien prendre le temps de lire afin d'appliquer correctement - tout y est expliqué).
Télécharge et lance le scan FRST, cela va générer trois rapports FRST :
Envoie, comme expliqué, ces trois rapports sur le site http://pjjoint.malekal.com et en retour donne les trois liens pjjoint qui mènent à ses rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.
Suis ce tutoriel FRST: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/
(et bien prendre le temps de lire afin d'appliquer correctement - tout y est expliqué).
Télécharge et lance le scan FRST, cela va générer trois rapports FRST :
- FRST.txt
- Shortcut.txt
- Additionnal.txt
Envoie, comme expliqué, ces trois rapports sur le site http://pjjoint.malekal.com et en retour donne les trois liens pjjoint qui mènent à ses rapports ici dans une nouvelle réponse afin que l'on puisse les consulter.
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 631
Modifié par Malekal_morte- le 9/03/2015 à 09:27
Modifié par Malekal_morte- le 9/03/2015 à 09:27
L'est là le keylogger :
(Adobe) C:\Users\Karl\AppData\Roaming\Adobe\AdobeUpdate.exe
(Adobe Systems Inc) C:\Users\Karl\AppData\Roaming\Adobe\FlashUpdateSvc.exe
C:\Users\Karl\AppData\Roaming\Adobe\srvchost.exe
Tu peux envoyer ces fichiers sur http://upload.malekal.com stp.
~~
Commence par ceci :
Suis le tutorial AdwCleaner https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= ( d'Xplode )
Télécharge le sur ton bureau ou dossier de téléchargement.
Lance AdwCleaner, clique sur [Scanner].
L'analyse peux durer plusieurs minutes, patiente.
Une fois le scan terminé, ne décoche rien, clique sur [Nettoyer]
Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
puis :
Refais un scan FRST et donne les rapports via pjjoint.
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
(Adobe) C:\Users\Karl\AppData\Roaming\Adobe\AdobeUpdate.exe
(Adobe Systems Inc) C:\Users\Karl\AppData\Roaming\Adobe\FlashUpdateSvc.exe
C:\Users\Karl\AppData\Roaming\Adobe\srvchost.exe
Tu peux envoyer ces fichiers sur http://upload.malekal.com stp.
~~
Commence par ceci :
Suis le tutorial AdwCleaner https://www.malekal.com/adwcleaner-supprimer-virus-adwares-pup/?t=33839&start= ( d'Xplode )
Télécharge le sur ton bureau ou dossier de téléchargement.
Lance AdwCleaner, clique sur [Scanner].
L'analyse peux durer plusieurs minutes, patiente.
Une fois le scan terminé, ne décoche rien, clique sur [Nettoyer]
Une fois le nettoyage terminé, un rapport s'ouvrira. Copie/colle le contenu du rapport dans ta prochaine réponse par un copier/coller.
Si cela ne fonctionne pas, utilise le site http://pjjoint.malekal.com pour héberger le rapport, donne le lien du rapport dans un nouveau message.
Note : Le rapport est également sauvegardé sous C:\AdwCleaner[S1].txt
puis :
Refais un scan FRST et donne les rapports via pjjoint.
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Salut, merci de votre reponse, voila les liens des rapports:
FRST : http://pjjoint.malekal.com/files.php?id=FRST_20150309_d8g10i14s612
Additional : http://pjjoint.malekal.com/files.php?id=20150309_b9n9j15d11x5
Shortcut : http://pjjoint.malekal.com/files.php?id=20150309_g9o14v10q12o12
Merci de votre aide :)
FRST : http://pjjoint.malekal.com/files.php?id=FRST_20150309_d8g10i14s612
Additional : http://pjjoint.malekal.com/files.php?id=20150309_b9n9j15d11x5
Shortcut : http://pjjoint.malekal.com/files.php?id=20150309_g9o14v10q12o12
Merci de votre aide :)
Re Salut, voila le raport adwcleaner
# AdwCleaner v4.111 - Logfile created 09/03/2015 at 15:02:41
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 8.1 Single Language (x64)
# Username : Karl - HP
# Running from : C:\Users\Karl\Desktop\adwcleaner_4.111.exe
# Option : Cleaning
[#] Service Deleted : PanService
Service Deleted : IHProtect Service
[#] Service Deleted : Update CommonShare
Service Deleted : {6a0e715f-5cd3-4402-8a39-80497da09315}Gw64
Service Deleted : {dc19896d-a3e2-417d-be46-d18ebc99e240}Gw64
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Deleted : C:\Program Files (x86)\AnyProtectEx
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\PANDORA.TV
Folder Deleted : C:\Program Files (x86)\CommonShare
Folder Deleted : C:\Program Files (x86)\XTab
Folder Deleted : C:\Program Files (x86)\gmsd_in_88
Folder Deleted : C:\Users\Karl\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Karl\AppData\Local\Temp\CommonShare
Folder Deleted : C:\Users\Karl\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Karl\AppData\Local\Conduit
Folder Deleted : C:\Users\Karl\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Karl\AppData\Local\torch
Folder Deleted : C:\Users\Karl\AppData\Local\SmartWeb
Folder Deleted : C:\Users\Karl\AppData\Local\gmsd_in_88
Folder Deleted : C:\Users\Karl\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Karl\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\Karl\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\Karl\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Karl\AppData\Roaming\webssearches
Folder Deleted : C:\Users\Karl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Folder Deleted : C:\Users\Karl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\s7v277nd.default-1419213433551\Extensions\***@***
Folder Deleted : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
Folder Deleted : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmjbmkmgbfcjchbimamdpopjkmkbioi
Folder Deleted : C:\Users\Karl\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Folder Deleted : C:\Users\Karl\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
File Deleted : C:\END
File Deleted : C:\Windows\patsearch.bin
File Deleted : C:\Users\Karl\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Windows\System32\drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
File Deleted : C:\Windows\System32\drivers\{6a0e715f-5cd3-4402-8a39-80497da09315}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{dc19896d-a3e2-417d-be46-d18ebc99e240}Gw64.sys
File Deleted : C:\Users\Karl\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\s7v277nd.default-1419213433551\searchplugins\webssearches.xml
File Deleted : C:\Users\Karl\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage
Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : APSnotifierPP3
Task Deleted : SmartWeb Upgrade Trigger Task
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [***@***]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [APISupport]
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ConvertAd]
Key Deleted : HKCU\Software\Mozilla\Extends
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_in_88]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\GAMESDESKTOP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_in_88_is1
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
-\\ Internet Explorer v11.0.9600.17416
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
[s7v277nd.default-1419213433551\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "webssearches");
[s7v277nd.default-1419213433551\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://istart.webssearches.com/favicon.ico");
[s7v277nd.default-1419213433551\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "webssearches");
[s7v277nd.default-1419213433551\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://istart.webssearches.com/web/?type=ds&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX&q={searchTerms}");
[s7v277nd.default-1419213433551\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "webssearches");
-\\ Google Chrome v40.0.2214.115
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.daemon-search.com/search?q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.daemon-search.com/search?q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX&q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX&q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX&q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX&q={searchTerms}
[C:\Users\Karl\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-09-01&apn_dtid=%5ECMD127%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
-\\ Comodo Dragon v33.1.0.1
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.daemon-search.com/search?q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.daemon-search.com/search?q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX&q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX&q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX&q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX&q={searchTerms}
[C:\Users\Karl\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-09-01&apn_dtid=%5ECMD127%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
[C:\Users\Karl\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\Karl\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : aaaalipaokhkccgmgkdglfinfnfhflko
AdwCleaner[R0].txt - [14900 bytes] - [09/03/2015 14:33:53]
AdwCleaner[R1].txt - [16154 bytes] - [09/03/2015 14:56:37]
AdwCleaner[S0].txt - [417 bytes] - [09/03/2015 14:46:53]
AdwCleaner[S1].txt - [15645 bytes] - [09/03/2015 15:02:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [15705 bytes] ##########
Je vais faire un scan FRST et poster les rapports
# AdwCleaner v4.111 - Logfile created 09/03/2015 at 15:02:41
# Updated 18/02/2015 by Xplode
# Database : 2015-03-05.1 [Server]
# Operating system : Windows 8.1 Single Language (x64)
# Username : Karl - HP
# Running from : C:\Users\Karl\Desktop\adwcleaner_4.111.exe
# Option : Cleaning
- [ Services ] *****
[#] Service Deleted : PanService
Service Deleted : IHProtect Service
[#] Service Deleted : Update CommonShare
Service Deleted : {6a0e715f-5cd3-4402-8a39-80497da09315}Gw64
Service Deleted : {dc19896d-a3e2-417d-be46-d18ebc99e240}Gw64
- [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\AskPartnerNetwork
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\IHProtectUpDate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GAMESDESKTOP
Folder Deleted : C:\Program Files (x86)\AnyProtectEx
Folder Deleted : C:\Program Files (x86)\AskPartnerNetwork
Folder Deleted : C:\Program Files (x86)\DAEMON Tools Toolbar
Folder Deleted : C:\Program Files (x86)\PANDORA.TV
Folder Deleted : C:\Program Files (x86)\CommonShare
Folder Deleted : C:\Program Files (x86)\XTab
Folder Deleted : C:\Program Files (x86)\gmsd_in_88
Folder Deleted : C:\Users\Karl\AppData\Local\Temp\apn
Folder Deleted : C:\Users\Karl\AppData\Local\Temp\CommonShare
Folder Deleted : C:\Users\Karl\AppData\Local\AskPartnerNetwork
Folder Deleted : C:\Users\Karl\AppData\Local\Conduit
Folder Deleted : C:\Users\Karl\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Karl\AppData\Local\torch
Folder Deleted : C:\Users\Karl\AppData\Local\SmartWeb
Folder Deleted : C:\Users\Karl\AppData\Local\gmsd_in_88
Folder Deleted : C:\Users\Karl\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Karl\AppData\LocalLow\SmartWeb
Folder Deleted : C:\Users\Karl\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\Karl\AppData\Roaming\VOPackage
Folder Deleted : C:\Users\Karl\AppData\Roaming\webssearches
Folder Deleted : C:\Users\Karl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Folder Deleted : C:\Users\Karl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Deleted : C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\s7v277nd.default-1419213433551\Extensions\***@***
Folder Deleted : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
Folder Deleted : C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmjbmkmgbfcjchbimamdpopjkmkbioi
Folder Deleted : C:\Users\Karl\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cmaiofennmphjldldcpphcechfnnohja
Folder Deleted : C:\Users\Karl\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\aaaalipaokhkccgmgkdglfinfnfhflko
File Deleted : C:\END
File Deleted : C:\Windows\patsearch.bin
File Deleted : C:\Users\Karl\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Windows\System32\drivers\Msft_Kernel_webinstrNHKT_01009.Wdf
File Deleted : C:\Windows\System32\drivers\{6a0e715f-5cd3-4402-8a39-80497da09315}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{dc19896d-a3e2-417d-be46-d18ebc99e240}Gw64.sys
File Deleted : C:\Users\Karl\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Karl\AppData\Roaming\Mozilla\Firefox\Profiles\s7v277nd.default-1419213433551\searchplugins\webssearches.xml
File Deleted : C:\Users\Karl\AppData\Local\Comodo\Dragon\User Data\Default\Local Storage\chrome-extension_aaaalipaokhkccgmgkdglfinfnfhflko_0.localstorage
- [ Scheduled tasks ] *****
Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : APSnotifierPP3
Task Deleted : SmartWeb Upgrade Trigger Task
- [ Shortcuts ] *****
- [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [***@***]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [APISupport]
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ConvertAd]
Key Deleted : HKCU\Software\Mozilla\Extends
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [gmsd_in_88]
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44CBC005-6243-4502-8A02-3A096A282664}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D8278076-BC68-4484-9233-6E7F1628B56C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F297534D-7B06-459D-BC19-2DD8EF69297B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80703783-E415-4EE3-AB60-D36981C5A6F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9945959C-AAD8-4312-8B57-2DE11927E770}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEA63863-87BC-4DCA-A5B5-EB97E3B04806}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6978F29A-3493-40B2-8CDC-9C13A02F85A4}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D7949A66-D936-4028-9552-14F7DC50F38D}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\AskPartnerNetwork
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\GAMESDESKTOP
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
Key Deleted : HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKLM\SOFTWARE\GAMESDESKTOP
Key Deleted : HKLM\SOFTWARE\IHProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SmartWeb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gmsd_in_88_is1
Key Deleted : [x64] HKLM\SOFTWARE\AskPartnerNetwork
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF
- [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17416
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
[s7v277nd.default-1419213433551\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "webssearches");
[s7v277nd.default-1419213433551\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://istart.webssearches.com/favicon.ico");
[s7v277nd.default-1419213433551\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "webssearches");
[s7v277nd.default-1419213433551\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://istart.webssearches.com/web/?type=ds&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX&q={searchTerms}");
[s7v277nd.default-1419213433551\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "webssearches");
-\\ Google Chrome v40.0.2214.115
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.daemon-search.com/search?q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.daemon-search.com/search?q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX&q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX&q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX&q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX&q={searchTerms}
[C:\Users\Karl\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-09-01&apn_dtid=%5ECMD127%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
-\\ Comodo Dragon v33.1.0.1
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.daemon-search.com/search?q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.daemon-search.com/search?q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX&q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX&q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX&q={searchTerms}
[C:\Users\Karl\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX&q={searchTerms}
[C:\Users\Karl\AppData\Local\Comodo\Dragon\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.ask.com/web?o=APN10257&doi=2014-09-01&apn_dtid=%5ECMD127%5EYY%5EUS&apn_ptnrs=%5EAGO&q={searchTerms}
[C:\Users\Karl\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\Karl\AppData\Local\Comodo\Dragon\User Data\Default\preferences] - Deleted [Extension] : aaaalipaokhkccgmgkdglfinfnfhflko
AdwCleaner[R0].txt - [14900 bytes] - [09/03/2015 14:33:53]
AdwCleaner[R1].txt - [16154 bytes] - [09/03/2015 14:56:37]
AdwCleaner[S0].txt - [417 bytes] - [09/03/2015 14:46:53]
AdwCleaner[S1].txt - [15645 bytes] - [09/03/2015 15:02:41]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [15705 bytes] ##########
Je vais faire un scan FRST et poster les rapports
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 631
9 mars 2015 à 12:13
9 mars 2015 à 12:13
Tu t'en sors pour FRST ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonjour, qq soucis d'internet desole.
Rapport FRST : http://pjjoint.malekal.com/files.php?id=20150309_b7k15o14l11t15
Additional : http://pjjoint.malekal.com/files.php?id=20150309_e12b10h9q12e9
Shortcut : http://pjjoint.malekal.com/files.php?id=20150309_p15h12o12m9q13
Rapport FRST : http://pjjoint.malekal.com/files.php?id=20150309_b7k15o14l11t15
Additional : http://pjjoint.malekal.com/files.php?id=20150309_e12b10h9q12e9
Shortcut : http://pjjoint.malekal.com/files.php?id=20150309_p15h12o12m9q13
Malekal_morte-
Messages postés
180304
Date d'inscription
mercredi 17 mai 2006
Statut
Modérateur, Contributeur sécurité
Dernière intervention
15 décembre 2020
24 631
Modifié par Malekal_morte- le 10/03/2015 à 09:44
Modifié par Malekal_morte- le 10/03/2015 à 09:44
Voici la correction à effectuer avec FRST.
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix
Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :
HKU\S-1-5-21-2626747620-2165330137-1018785330-1001\...\Run: [AdobeUpdate] => C:\Users\Karl\AppData\Roaming\Adobe\AdobeUpdate.exe [3645440 2011-09-20] (Adobe)
HKU\S-1-5-21-2626747620-2165330137-1018785330-1001\...\Run: [Flash Update Service] => C:\Users\Karl\AppData\Roaming\adobe\FlashUpdateSvc.exe [20480 2015-02-12] (Adobe Systems Inc)
CHR StartupUrls: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX [Pays US - 69.28.57.22]
R2 SavevidService; C:\Program Files (x86)\Savevid\SavevidService.exe [796160 2014-08-14] ()
C:\Users\Karl\AppData\Roaming\Adobe\srvchost.exe
C:\Users\Karl\AppData\Roaming\Adobe\AdobeUpdate.exe
C:\Users\Karl\AppData\Roaming\adobe\FlashUpdateSvc.exe
Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.
Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.
Redémarre l'ordinateur
Scan Malwarebytes (temps : environ 40min de scan):
==================================================
Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour puis lance un examen.
A la fin du scan, clic sur "Mettre tout en quarantaine" en bas à gauche.
Redémarre l'ordinateur si besoin.
Après redémarrage, relance Malwarebytes.
Vas chercher le rapport dans l'onglet Historique.
A gauche Journal des examens.
Doube-clic sur l'examen dans la liste.
Puis en bas Copier dans le presse papier
Vas sur http://pjjoint.malekal.com et en bas, clic droit / coller pour coller le rapport du scan Malwarebytes.
Clic sur envoyer.
Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
Tu peux t'inspirer de cette note explicative avec des captures d'écran pour t'aider: https://www.malekal.com/tutoriel-farbar-recovery-scan-tool-frst/#fix
Ouvre le bloc-notes : Touche Windows + R, dans le champs executer, tape notepad et OK.
Copie/colle dedans ce qui suit :
HKU\S-1-5-21-2626747620-2165330137-1018785330-1001\...\Run: [AdobeUpdate] => C:\Users\Karl\AppData\Roaming\Adobe\AdobeUpdate.exe [3645440 2011-09-20] (Adobe)
HKU\S-1-5-21-2626747620-2165330137-1018785330-1001\...\Run: [Flash Update Service] => C:\Users\Karl\AppData\Roaming\adobe\FlashUpdateSvc.exe [20480 2015-02-12] (Adobe Systems Inc)
CHR StartupUrls: Default -> hxxp://istart.webssearches.com/?type=hp&ts=1421979499&from=brd&uid=HGSTXHTS545050A7E380_TM8513PY1VW5JL1VW5JLX [Pays US - 69.28.57.22]
R2 SavevidService; C:\Program Files (x86)\Savevid\SavevidService.exe [796160 2014-08-14] ()
C:\Users\Karl\AppData\Roaming\Adobe\srvchost.exe
C:\Users\Karl\AppData\Roaming\Adobe\AdobeUpdate.exe
C:\Users\Karl\AppData\Roaming\adobe\FlashUpdateSvc.exe
Une fois, le texte coller dans le bloc-note.
Menu Fichier puis Enregistrer sous.
A gauche, place toi sur le bureau.
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.
Relance FRST et clic sur le bouton Fix
Selon comment un redémarrage est nécessaire (pas obligatoire).
Un fichier texte apparaît, copie/colle le contenu ici dans un nouveau message.
Redémarre l'ordinateur
Scan Malwarebytes (temps : environ 40min de scan):
==================================================
Télécharge et installe Malwarebyte : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Mets le à jour puis lance un examen.
A la fin du scan, clic sur "Mettre tout en quarantaine" en bas à gauche.
Redémarre l'ordinateur si besoin.
Après redémarrage, relance Malwarebytes.
Vas chercher le rapport dans l'onglet Historique.
A gauche Journal des examens.
Doube-clic sur l'examen dans la liste.
Puis en bas Copier dans le presse papier
Vas sur http://pjjoint.malekal.com et en bas, clic droit / coller pour coller le rapport du scan Malwarebytes.
Clic sur envoyer.
Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.
Like the angel you are, you laugh creating a lightness in my chest,
Your eyes they penetrate me,
(Your answer's always 'maybe')
That's when I got up and left
