Faire un don
ANNONCES

Bienvenue sur notre forum d'entraide informatique :youpie:
Notre équipe est là pour vous aider à régler vos problèmes informatiques.
Postez un message sur le forum pour expliquer votre problème,
vous obtiendrez une assistance efficace, gratuite et rapide (si les délais sont parfois un peu plus longs, c'est que nous avons beaucoup de demandes :ooops: ).

Si devenir "helper" vous tente, les inscriptions à notre école de formation sont ouvertes par intermittence. Suivez les instructions données sur cette page
NB : nous sommes en ce moment victimes d'une vague d'inscriptions malveillantes, et nous devons supprimer à tour de bras. Si vous êtes bien intentionnés, et victimes de ces suppressions, envoyez nous un mel de confirmation sur la boite des admins. Merci de votre compréhension

administrateurs(arobase)helper-formation.fr

N'hésitez pas à rendre une petite visite à nos partenaires, ça leur fera plaisir, et à nous aussi :D

Résolu le 30/08/14 PC infecté multiples malware

La première étape avant de poster dans ce forum est >>ICI<<
( Aucune aide ne sera apportée sur une version illégale de Windows ) :!:

PC infecté multiples malware.

Messagepar LePerSpicAce » Jeu 28 Aoû 2014 17:00

Bonjour,

Je suis actuellement en formation sur le site Helper formation. Un ami ma confié son PC à nettoyer qui est fortement vérolé.

Je n'ai pas encore le niveau suffisant pour mener à bon terme une décontamination, alors je fais appel à votre aide.

Voici un rapport ZHPDiag : http://cjoint.com/?DHCp7mlqZ7Q

Merci pour tout.
LePerSpicAce
Membre
Membre
 
Messages: 27
Enregistré le: Jeu 28 Aoû 2014 16:51
Google Chrome 33.0.175 Google Chrome 33.0.175
Windows 7 64 bits Windows 7 64 bits
Résolution d’écran: 1280 x 720 1280 x 720

Re : PC infecté multiples malware.

Messagepar fredlant » Jeu 28 Aoû 2014 18:24

Bonjour,

LePerSpicAce a écrit:Un ami ma confié son PC à nettoyer qui est fortement vérolé.

C'est un doux euphémisme !... Il est plein comme un oeuf !...

Tu utilises Spybot ... il est obsolète , et ne peut t'apporter que des problèmes. Désinstalle le. (si le teaTimer est actif, desactive le avant ta désinstallation)

Désactiver le Tea-Timer de Spybot S&D

Le Tea Timer est un module de protection de Spybot qui surveille les processus qui sont lancés et les modifications de certains points importants du Registre. Il apparaît dans la liste des processus sous le nom teatimer.exe. Lors d'une désinfection il faut désactiver cette protection, sinon le TeaTimer risque de gêner le travail des outils de désinfection.

  • Démarrez Spybot, cliquez sur "Mode", cochez "Mode avancé".
  • A gauche, cliquez sur "Outils", puis sur "Résident".
  • Décochez la case devant Résident "TeaTimer" puis quittez Spybot

    Image



Désinstaller Spybot S&D
  • Telecharge Image Spykiller de 91300
  • Lance SpyKiller.exe
    Sous Vista et Windows 7 : il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Accepte la restauration du fichier host

    Image
  • Cliques sur Spybot - S&D
  • Cliques sur Suppression.
  • Poste le rapport ici
  • Puis cliques sur Quitter

Nous allons utiliser Junkware Removal Tool, qui va supprimer certains programmes potentiellement indésirables (PUP) de ton ordinateur.


  • Télécharge Junkware Removal Tool et enregistre-le sur ton bureau.
  • Image Ferme tous les navigateurs en cours.
  • Clique sur l'icône suivante pour lancer l'outil qui ne nécessite pas d'installation.

    Image
  • Sous Vista/7/8, clic droit et Exécuter en temps qu'administrateur.
  • NB: Le bureau disparaitra un instant, c'est normal.
  • Clique sur Oui dans le message suivant pour créer une sauvegarde du registre.

    Image
  • Dans un autre message, autoriser la modification du registre par Oui.

    Image
  • L'outil se lance... Appuye sur une touche pour continuer...

    Image
  • Laisse le programme travailler ne touche plus à rien.Soit patient pendant les 15mn que dure le scan.
  • La progression des phases s'affiche dans la fenêtre .

    Image
  • A la fin du scan un rapport est généré sur le bureau.
  • Attendre l'affichage du rapport.

    Image

    Ce dernier sera enregistré sur le bureau, l'ouvrir si il a été refermé.

    Image

    Image
  • Poste le rapport JRT.txt par un copier-coller de ce dernier dans la prochaine réponse .

Image Remarque importante

Ne pas relancer Junkware Removal Tool une seconde fois car le rapport qu'il est important de communiquer sera écrasé par le nouveau et nous perdrions tout contrôle de ce qui a été éradiqué.
Le moteur de recherche d'Internet Explorer sera remis par défaut sur Bing.

Image Tu peux te rendre sur cette page si besoin pour avoir plus de détails.




A te lire...

A+
fredlant
Helper
Helper
 
Messages: 15
Enregistré le: Sam 23 Aoû 2014 18:06
Firefox 31.0 Firefox 31.0
Windows 7 64 bits Windows 7 64 bits
Résolution d’écran: 1280 x 720 1280 x 720

Re : PC infecté multiples malware.

Messagepar LePerSpicAce » Jeu 28 Aoû 2014 19:24

Bonjour fredlant,

Merci de me donner du temps.

Ok pour Spybot, par contre je n'ai pas eu de proposition de restauration du fichier host, pour JRT, je n'ai pas le moteur de recherche de Bing mais celui de V9

Voici le rapport Spykiller :

k pour ++++++++++++++++++++++ RAPPORT SpyKiller 1.3 ++++++++++++++++++++++


Mis à jour le 13.12.2013 à 16h.35
Contact : k.lementec@yahoo.fr


C:\Users\Stéphane\Downloads\SpyKiller.exe -> Lancé à 17:52:51 le 28.08.2014


OS : Windows Seven X64 - Français
SP : Service Pack 1

Stéphane - PESTOUN-PC


++++++++++++++++++++++++ PROCESSUS FERMÉ ++++++++++++++++++++++++

SDWinSec.exe --> tué
explorer.exe --> tué


++++++++++++++++++++++++++ SUPPRESSION ++++++++++++++++++++++++++

++++ Clé de Registre
Clé Supprimée : HKCU64\Software\Safer Networking Limited
Clé Supprimée : HKLM64\SOFTWARE\Classes\Wow6432Node\CLSID\{53707962-6F74-2D53-2644-206D7942484F}
Clé Supprimée : HKCR64\.disabled
Clé Supprimée : HKCR64\.sbe
Clé Supprimée : HKCR64\.sbi
Clé Supprimée : HKCR64\.sbs
Clé Supprimée : HKCR64\.tnfo
Clé Supprimée : HKCR64\.uti
Clé Supprimée : HKCR64\.uts
Clé Supprimée : HKCR64\SpybotSD.DisabledFile
Clé Supprimée : HKCR64\SpybotSD.SBEFile
Clé Supprimée : HKCR64\SpybotSD.SBIFile
Clé Supprimée : HKCR64\SpybotSD.SBSFile
Clé Supprimée : HKCR64\SpybotSD.TInfoFile
Clé Supprimée : HKCR64\SpybotSD.UTIFile
Clé Supprimée : HKCR64\SpybotSD.UTSFile
Clé Supprimée : HKLM64\SYSTEM\ControlSet001\Services\Eventlog\Application\SNL HiveManager
Clé Supprimée : HKLM64\SYSTEM\ControlSet001\Services\Eventlog\Application\Spybot - Search & Destroy 2


++++ Fichier(s)/Dossier(s)


++++ Fichier Hosts
Fichier Hosts réstauré avec succès!!!

Et voici le rapport pour JRT :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by St‚phane on 28/08/2014 at 18:08:30,94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] 70e6ca8c
Successfully deleted: [Service] 70e6ca8c
Failed to stop: [Service] update browsesmart
Successfully stopped: [Service] update cling clang
Successfully deleted: [Service] update cling clang
Failed to stop: [Service] util browsesmart
Successfully stopped: [Service] util cling clang
Successfully deleted: [Service] util cling clang



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\scripthelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\tbcommonutils.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\tbhelper.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mysearchdial
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\performersoft
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\powerpack
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1631550F-191D-4826-B069-D9439253D926}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2726131679-2337646977-2205106966-1000\Software\ib updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2726131679-2337646977-2205106966-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2726131679-2337646977-2205106966-1000\Software\wajam
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2726131679-2337646977-2205106966-1000\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ib updater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\performersoft
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\web assistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\comobject.deskbarenabler
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\comobject.deskbarenabler.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\scripthelper.scripthelperapi.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\speedupmypc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbcommonutils.commonutils.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbdownloadmanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbdownloadmanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbpropertymanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbpropertymanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbrequest
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbrequest.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbtask
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.tbtask.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.toolbarhelper
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\tbhelper.toolbarhelper.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.contextmenunotifier.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.custominternetsecurityimpl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.searchprovidermanager
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\toolbar3.searchprovidermanager.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\urlsearchhook.toolbarurlsearchhook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\mybabylontb_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\savings sidekick_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\savings sidekick_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\snapdo_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{7683b745-6060-41fd-aa75-0bbb383fead4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0044150.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0044150.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0044150.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0044150.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0048926.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0048926.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0048926.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0048926.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049012.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049012.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049012.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0049012.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0050776.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0050776.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0050776.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0050776.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB01555.IEToolbar
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB01555.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB01555.TBSB01555
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TBSB01555.TBSB01555.3
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar3.TBSB01555
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Toolbar3.TBSB01555.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110411411150}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110411891126}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110511071176}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022502260}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422412250}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422892226}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220522072276}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055505560}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455415550}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455895526}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550555075576}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066506660}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466416650}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466896626}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660566076676}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440044504460}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444414450}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444894426}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440544074476}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110411411150}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110411891126}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110511071176}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220022502260}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422412250}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220422892226}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220522072276}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550055505560}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550455415550}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550455895526}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550555075576}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660066506660}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466416650}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660466896626}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660566076676}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440044504460}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444414450}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444894426}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440544074476}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0044150.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0044150.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0044150.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0044150.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0048926.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0048926.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0048926.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0048926.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049012.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049012.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049012.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0049012.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0050776.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0050776.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0050776.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0050776.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB01555.IEToolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB01555.IEToolbar.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB01555.TBSB01555
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TBSB01555.TBSB01555.3
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar3.TBSB01555
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar3.TBSB01555.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT2724431
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550055505560}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455415550}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550455895526}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550555075576}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660066506660}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466416650}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660466896626}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660566076676}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440044504460}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444414450}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444894426}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440544074476}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411411150}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511071176}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550055505560}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550455415550}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550455895526}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550555075576}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660066506660}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466416650}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660466896626}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660566076676}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440044504460}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444414450}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444894426}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440544074476}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411411150}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511071176}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-7.5-codedownloader.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-7.5-enabler.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-7.5-firefoxinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-7.5-updater.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-7.5-validator.job



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\big fish"
Successfully deleted: [Folder] "C:\ProgramData\ibupdaterservice"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\Users\St‚phane\AppData\Roaming\performersoft"
Successfully deleted: [Folder] "C:\Users\St‚phane\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Users\St‚phane\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\St‚phane\appdata\locallow\sweetim"
Successfully deleted: [Folder] "C:\Users\St‚phane\appdata\locallow\toolbar4"
Failed to delete: [Folder] "C:\Program Files (x86)\browsesmart"
Successfully deleted: [Folder] "C:\Program Files (x86)\cling clang"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\mobogenie"
Successfully deleted: [Folder] "C:\Program Files (x86)\optimizer pro"
Successfully deleted: [Folder] "C:\Program Files (x86)\perion"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2"
Successfully deleted: [Folder] "C:\bigfishcache"
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{01B2B6D9-424F-477A-9EC4-DACF96971BD9}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{061B28E8-2570-44FE-AE9E-3C9D5D509CFE}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{06AB4A7C-340E-44F0-A6EF-19EF9D605F2C}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{0C6909B2-7C06-4D9F-9908-AB5E03C2EB96}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{0EE3A13A-5387-4621-8434-902DB674A32E}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{13AA9E91-396C-4108-ABB8-13A77936235F}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{1AA6A50E-4705-4174-BC87-A03625907946}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{1B1CBE7A-E2F6-4BEE-AF7D-42A95408DE94}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{1C70957E-B8BF-46DE-B063-AF8D666DEC46}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{2550F555-53D8-48FC-A77A-F47C334D33DB}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{2C0BD996-1FED-408B-85E2-7C742B270F58}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{2F66120A-8091-43E2-B856-BB3C00075261}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{323009C5-83D6-4B0B-BD81-3461804B8BBA}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{3895F620-8B7C-4EB0-ADBE-2FBEA53F6C40}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{3A27F2A2-8623-4FA5-9CD7-08DEB126CB16}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{3C80FF2A-2896-4F59-AAE9-3235B010A520}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{3D90B3B8-3E19-4D66-A032-CE263FA0730A}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{3F86BB25-C446-4FF0-900D-A2FEC06F0C0D}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{44EC7DE7-39E8-41CD-AE5E-8E91B991303C}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{4753AE2E-BF91-4493-9FCC-7DF46D6A6B54}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{48A01A04-C148-485E-9F7F-F6B6192AA162}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{490C5734-03C3-49FD-9757-13E30EDE8D02}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{49371F8B-2364-4353-9009-A006B6BB9070}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{4D8F147B-6B36-4C3F-B7FF-10C4DC6AA2D6}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{4E47795B-F662-41EA-A0EC-CB6B1B8236CA}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{4E863E70-69B4-45E3-B1B0-3FCC0FE3BEE1}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{5603427A-1AE9-4C71-B221-3B4CAD5804A5}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{58A462CC-EC57-4565-859E-C8F2F353A768}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{5DA4E62E-E747-412D-A271-966C78F461FC}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{5F6D69CE-C966-4D0D-8652-50D79F880859}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{66510311-9ABF-421B-998E-852615524632}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{6926A637-BF42-4FB6-84A8-AB5CB72535CD}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{6C6C5567-EF92-4145-B3C9-B04972A2124F}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{6EEDFF83-7064-4125-8C09-39986ACF901A}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{72F86892-2C3F-4882-969C-DF8C2632E8C8}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{74E3F0B2-9AC7-4BD8-9692-D35F5D818204}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{7930F20D-969B-4B9C-A8BD-97E9B86F3E71}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{8269BCDA-ABE9-442D-B4C6-03294D693E76}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{8B03E24A-8D49-45B9-85EC-9E26048F8494}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{8D5BDF3A-3E37-44C6-9DF1-3EDF8CC93770}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{8F772A7A-D340-43EA-879B-D09AB2A43F0A}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{9266D8EA-0D62-4609-9EFB-5EF5A1274069}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{A4BB6833-80A2-4BC8-8D10-DFA339C525F0}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{A8FA5933-335C-41C8-A7D0-72B0351170DF}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{B14F6E10-3C63-4BEE-AF59-5F28BCEE98C8}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{B865EDCA-711F-494D-AF0B-B379A788D8A0}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{BA07F5F6-8608-4F63-9364-73D8F3653A8F}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{BA85E720-C94E-4F17-B56C-4B76160A4B6E}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{BDC39457-4486-4B45-834D-5003916E26C6}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{C03CB784-A2D1-44B2-969B-F58F55067CD0}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{C0AC2FFD-C52B-44E7-900B-E536DB0C664C}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{C4474623-9695-4E2B-8ADE-80654C4193AE}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{C49B04CA-30CD-479C-AB2B-196C0CFD03EF}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{C912AEDE-CBBB-486D-ADF6-9544C0666E99}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{C99B73BA-0818-4B43-899D-DA0E7E3100C8}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{D02DB2F6-3162-4F30-9B7D-2107857A47D2}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{D1DEBC29-8B4F-4337-B56A-BACBBD7791A0}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{D62F617A-A920-476C-AF89-B8087A02F71F}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{D6CB8217-1FD5-4377-804A-0238AD0F6274}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{D8237878-0EAF-4D8E-8898-6626F49001C0}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{D92794CE-3EB0-40B6-A3A1-D29A0A6DC4D2}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{DE8DC1FF-865B-4EE8-982F-19580E425320}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{E19B017C-1E31-400A-BCB7-E8A6C463B513}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{E293823C-F4BB-488C-BE23-9B8A4DF843BB}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{F0496B0A-D0E1-4F7F-AB81-3FD2F1414255}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{F1A2DBAC-B7BD-45E3-BAE5-B5BE3507F0B2}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{F1BD636C-7655-4221-9A31-D430CCAF1E8F}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{F4790E0B-215C-43B3-A3F1-0E79667A878A}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{F5B32F93-03C4-4EC7-ABA1-0C7FC5C093E6}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{FAE5DD51-1968-4383-AA96-8E5AAE029784}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{FB6EAE46-6F61-421F-9083-8C2267C3067B}
Successfully deleted: [Empty Folder] C:\Users\St‚phane\appdata\local\{FD8D1344-E3FB-4595-B3C8-A87E80562E29}



~~~ FireFox

Successfully deleted: [File] C:\Users\St‚phane\AppData\Roaming\mozilla\firefox\profiles\qphghzox.default\user.js
Successfully deleted: [File] C:\Users\St‚phane\AppData\Roaming\mozilla\firefox\profiles\qphghzox.default\searchplugins\web search.xml
Successfully deleted: [Folder] C:\Users\St‚phane\AppData\Roaming\mozilla\firefox\profiles\qphghzox.default\extensions\{94cd2cc3-083f-49ba-a218-4cda4b4829fd}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{8a9386b4-e958-4c4c-adf4-8f26db3e4829}
Successfully deleted the following from C:\Users\St‚phane\AppData\Roaming\mozilla\firefox\profiles\qphghzox.default\prefs.js

user_pref("browser.search.defaultenginename", "Conduit Search");
user_pref("extensions.ExTSy4N.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-
user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%2
user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A
user_pref("extensions.a15d84a30fc9d4fca80a7e5797da621a2b2cb2d04e2624863aee79d0e4333b550com49012.49012.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A
user_pref("extensions.a16eede4812e94c79bd54c82622138533630d8a3473af4e0396649082492eb220com48926.48926.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A
user_pref("extensions.a18c66c1d05d84e588b16c4df04ed638ee204c3e480764eb9b6280fe8abef45e2com50776.50776.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A
user_pref("extensions.crossrider.bic", "1440f7d8ef68928a6449a36ab9f4a401");
user_pref("extensions.y8MhaCPd4eA.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\
Emptied folder: C:\Users\St‚phane\AppData\Roaming\mozilla\firefox\profiles\qphghzox.default\minidumps [31 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\St‚phane\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/08/2014 at 18:15:11,10
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
LePerSpicAce
Membre
Membre
 
Messages: 27
Enregistré le: Jeu 28 Aoû 2014 16:51
Google Chrome 33.0.175 Google Chrome 33.0.175
Windows 7 64 bits Windows 7 64 bits
Résolution d’écran: 1280 x 720 1280 x 720

Re : PC infecté multiples malware.

Messagepar fredlant » Jeu 28 Aoû 2014 20:18

Re,

OK pour ça !

Essaye de désinstaller cette vérole en passant par le panneau de config > Désinstaller un programme > PCPerformer.

Malwarebytes Anti-Malware est un outil de suppression de malwares très efficace.
Il détecte de nombreux malwares et intègre dans sa nouvelle version une option de traitement des Rootkits.

Image


  • Télécharge Malwarebyte's Antimalware sur ton bureau.
  • Clic droit sur le fichier d'installation et "Exécuter en tant qu'administrateur" (sauf XP, double-clic direct)

    Image

  • Laisse l'installation se faire....

  • Choisir Français comme langue.


Image

Image ATTENTION : A l’issue de l’installation, il faut décocher l’option « Activer l’essai gratuit de Malwarebytes Anti-Malware PRO » si tu souhaites bénéficier de la version gratuite.

Image

Image Image On arrive sur une fenêtre de paramétrage assez intuitive :

Tableau de bord : résume les informations (dernier scan, date de la base de données de définitions des virus etc.)
Examen : pour lancer un examen de l’ordinateur et supprimer des malwares.
Paramètres : pour modifier les paramètres de Malwarebyte’s Anti-Malware.
Historique : pour consulter les historiques de scans et des détections des protection.

  • Au premier démarrage de Malwarebytes Anti-Malware, une fenêtre en bas à droite informe que les définitions virales ne sont pas à jour.
  • Clique dessus, sinon tu pourras lancer les mises à jour depuis le bouton Mettre à jour.

Image

Image Image Lorsque la version de la base de données est à jour, Malwarebytes met une coche verte.


Image

  • Clique sur "Examen" et choisis "Examen personnalisé"

Image

  • Coche la case "Recherche de rootkits" et assure-toi, à la rubrique "PUP" et "PUM" qu'il soit bien indiqué "Traiter les détections comme des malveillants".
  • Sélectionne le lecteur qui contient le système d'exploitation (C: en principe).
  • Clique enfin sur "Lancer l'examen".


Image

  • Un message va t'indiquer que les bases de données ne sont pas à jour : clique sur "Mettre à jour maintenant"


Image


Image Il faut impérativement faire la mise à jour avant de lancer toute analyse

  • Le scan va se lancer immédiatement : Patiente... Cela peut être long... Souvent... plus d'une heure !

Image
Malwarebytes disparaît pendant l'analyse : c'est normal. Tu peux le ré-ouvrir en cliquant sur son icône qui se trouve dans la zone de notification à droite de la barre des tâches.
Image


  • Si des détections sont faites, clique sur "Tout mettre en quarantaine" (en bas à gauche).
  • Clique sur "Appliquer les actions" (en bas à droite).


Image

  • Patiente quelques secondes : un redémarrage sera demandé : clique sur "YES"

Image

  • Après redémarrage, relance Malwarebytes.
  • Clique sur "Historique" puis sur "Journaux de l'application"

Image

  • Sélectionne le dernier rapport en date au format mbam.log.
  • Clique sur "Afficher".

Image

  • Clique ensuite sur "Copier dans le presse papier".
  • Colle le rapport dans ta prochaine réponse (clic droit "coller")

Image


ImagePour retrouver facilement le rapport :

  • Télécharge mbam2log de Little Boy62.
  • Double-clique sur le fichier téléchargé. Le programme ne nécessite pas d'installation.
  • Une boîte de dialogue s'ouvre indiquant que le rapport est sur le bureau.
  • Clique sur "Oui" pour l'ouvrir.
  • Copie/colle son contenu dans ta prochaine réponse.


ImageNB : Le filtre SmartScreen bloque l'outil en raison du format de codage : clique sur "Informations complémentaires" et "Exécuter quand même"


A toi...
fredlant
Helper
Helper
 
Messages: 15
Enregistré le: Sam 23 Aoû 2014 18:06
Firefox 31.0 Firefox 31.0
Windows 7 64 bits Windows 7 64 bits
Résolution d’écran: 1280 x 720 1280 x 720

Re : PC infecté multiples malware.

Messagepar LePerSpicAce » Jeu 28 Aoû 2014 20:30

Re,

Je ne trouve pas PCperfomer.

Je lance MBA il va surement en avoir pour un moment.

A bientôt pour le rapport.
LePerSpicAce
Membre
Membre
 
Messages: 27
Enregistré le: Jeu 28 Aoû 2014 16:51
Google Chrome 33.0.175 Google Chrome 33.0.175
Windows 7 64 bits Windows 7 64 bits
Résolution d’écran: 1280 x 720 1280 x 720

Re : PC infecté multiples malware.

Messagepar LePerSpicAce » Ven 29 Aoû 2014 00:20

Re,

Le rapport est trop long je le poste avec ci-joint : http://cjoint.com/?DHCxvVHBYeH

Merci encore.
LePerSpicAce
Membre
Membre
 
Messages: 27
Enregistré le: Jeu 28 Aoû 2014 16:51
Google Chrome 33.0.175 Google Chrome 33.0.175
Windows 7 64 bits Windows 7 64 bits
Résolution d’écran: 1920 x 1080 1920 x 1080

Re : PC infecté multiples malware.

Messagepar fredlant » Ven 29 Aoû 2014 10:36

Bonjour,

LePerSpicAce a écrit:Le rapport est trop long je le poste avec ci-joint :

Ça t'étonne ?... Avec tout ce qui a été mis en quarantaine...

Image Nous allons refaire une prise de sang à ton PC .

• Télécharge ImageZHPDiag (de Nicolas Coolman) sur ton bureau.

Image
Image En cas de navigation sans bloqueur de publicité, ne cliquer sur rien sur la page de téléchargement :
le téléchargement de ZHPDiag démarre automatiquement.

Ne pas cliquer sur ce type de gros bouton ou de lien :

Image
Image

Si le téléchargement ne démarre pas, utiliser uniquement ce lien.
Image

Sous Vista/Win7 et Win8, lancer l'installation par clic droit et "Exécuter en tant qu'administrateur"
• Laisse toi guider lors de l'installation.
• Suite à ces actions, trois raccourcis bureau sont présents. (MBRCheck,ZHPFix, ZHPDiag)

Image

• Si le programme ne se lance pas automatiquement, clique sur cette icône présente sur ton bureau (pour Vista/7 : clic droit et "exécuter en tant qu'administrateur") Image
• La fenêtre du programme va s'ouvrir.
• Clique sur le gros bouton "Complet".

Image

• Patiente durant l'analyse...

Image

NB : Il est possible qu'à un certain moment, tu aies l'impression que l'outil est "bloqué" : patiente...
► Le blocage étant le plus souvent "temporaire"...patiente...

Image

• Une fois l'analyse terminée, un rapport s'ouvrira dans le bloc-notes. Ferme le.
• Le rapport ZHPDiag.txt sera aussi sur le bureau et en cas de nécessité, sauvegardé dans C:\ZHP\ZHPDiag.txt.

Image Vu la taille assez importante du rapport et afin d'éviter de le saucissonner et de gêner la lisibilité sur le forum, il est nécessaire de l'héberger sur un site spécifique et de communiquer le lien correspondant dans ta prochaine réponse.

Image
Image Si tu ne sais pas comment héberger le rapport, clique sur le bouton "Afficher" ci-après. La procédure y est détaillée

    Dans un premier temps, il faut se rendre sur le site :

    http://www.cjoint.com/

    Image

    Pour héberger le fichier, il faut :

  • Cliquer sur «Parcourir» > Une nouvelle fenêtre s'ouvre.
  • Trouver le fichier que tu souhaites héberger. (ZHPDiag.txt)
  • Cliquer sur «Ouvrir».

    Image

    Pour l'étape suivante :

    Image

  • Cliquer sur le bouton « Créer le lien Cjoint ».

    Image

    Une nouvelle fenêtre s'ouvre. Tu trouveras le lien correspondant à ton fichier, il suffit de le copier puis de le coller dans ta réponse afin de le transmettre à ton correspondant.


Image
Image Information relative à Internet Explorer 10 :

Si ZHPDiag est téléchargé à partir d'Internet Explorer 10 et que le filtre Smart Screen est activé, un message de ce type apparaître en bas de page :

Image

Naturellement, ZHPDiag est totalement fiable et a été téléchargé plusieurs centaines de milliers de fois. Il s'agit simplement du filtre SmartScreen qui n'inclut pas encore la totalité des logiciels (cela se produira également sans doute avec les autres outils qui seront téléchargés durant la désinfection).

Il faut donc cliquer sur le bouton "actions" et choisir "exécuter quand même"

Image


A te relire...
fredlant
Helper
Helper
 
Messages: 15
Enregistré le: Sam 23 Aoû 2014 18:06
Firefox 31.0 Firefox 31.0
Windows 7 64 bits Windows 7 64 bits
Résolution d’écran: 1280 x 720 1280 x 720

Re : PC infecté multiples malware.

Messagepar LePerSpicAce » Ven 29 Aoû 2014 11:08

Bonjour fredlant,

Voici le rapport ZHPDiag :http://cjoint.com/?DHDkhwywdVR

Et encore merci.
LePerSpicAce
Membre
Membre
 
Messages: 27
Enregistré le: Jeu 28 Aoû 2014 16:51
Google Chrome 33.0.175 Google Chrome 33.0.175
Windows 7 64 bits Windows 7 64 bits
Résolution d’écran: 1280 x 720 1280 x 720

Re : PC infecté multiples malware.

Messagepar fredlant » Ven 29 Aoû 2014 11:25

Re,

Voici un script qui va cibler certains éléments à supprimer ou à optimiser.

Image
Image Avant de l'appliquer, on va créer un point de restauration par précaution, et pour permettre un retour en arrière en cas d'erreur.
Créer un point de restauration

• Télécharger OneClick2RestorePoint de Laddy sur ton Bureau.

Miroirs si non accessible :

OneClick2RP.exe (Mirroir 1)
OneClick2RP.exe (Mirroir 2)

• Clic-droit dessus et choisir "Exécuter en tant qu'administrateur"
• Entrer la description suivante : Avant Désinfecte.
• Cliquer sur le bouton Créer, puis sur le bouton OK.

Image

• Cliquer sur le bouton Quitter pour fermer l'application.

Un tuto également pour W7 sur cette page.
Un tuto également pour W8 sur cette page

Image

• Copie tout le texte en gras situé entre les 2 lignes ci-dessous ( Sélectionne tout le texte gras / Clic droit dessus et choisis "Copier" ou fait Ctrl+C comme le montre la vidéo ci-dessous).

Image

Image
Image Avis aux lecteurs...
Ce script est exclusivement destiné à l'utilisateur actuel. Vous ne devez en aucun cas l'utiliser de votre propre chef sur un autre PC, vous risqueriez d'endommager le système.

Image


_____________________________________________
Script ZHPFix
G2 - GCE: Preference [User Data\Default] [kajfghlhfkcocafkcjlajldicbikpgnp] Feven 2.2 v.12196.8751.4505, (Activé)
G2 - GCE: Preference [User Data\Default] [klhlfdbffplhpkpalkmacjejfbdeefaj] SmartSaver+ 8 v.1.26.69, (Activé)
G2 - GCE: Preference [User Data\Default] [lekgiimbfodefdaoofhlckefjbgpeilo] MediaPlayerEnhance v.1.26.69, (Activé)
G2 - EXT: C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajfghlhfkcocafkcjlajldicbikpgnp [Feven 2.2]
M2 - MFEP: prefs.js [Stéphane - qphghzox.default\ioeeaylf@bamroztoa.net] [] SaverPrro v4.31 (..)
M2 - MFEP: prefs.js [Stéphane - qphghzox.default\oay1.p@hrrajbuurso.edu] [] LucKyiCoupon v1.0 (..)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.trovigo.com
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com
O4 - GS\Desktop [Public]: Activeris AntiMalware.lnk . (.Activeris - Activeris AntiMalware.) -- C:\Program Files (x86)\Activeris AntiMalware\ActiverisAntiMalware.exe
O4 - GS\Desktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com
O4 - GS\Desktop [Public]: Optimizer Elite Max.lnk . (...) -- C:\Program Files (x86)\Optimizer Elite Max\Optimizer Elite Max.exe (.not file.)
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com
O4 - GS\QuickLaunch [Stéphane]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com
O4 - GS\QuickLaunch [Stéphane]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com
O4 - GS\TaskBar [Stéphane]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com
O4 - GS\Program [Stéphane]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com
O4 - GS\Program [Stéphane]: Search.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://feed.snapdo.com
O4 - GS\SystemTools [Stéphane]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com
O4 - GS\Startup [Stéphane]: 2YourFace_Updater.lnk . (...) -- C:\Users\Stéphane\AppData\Roaming\2YourFace\Updater.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [UpdateVO] (...) -- C:\Users\Stéphane\AppData\Roaming\VOPackage\VOPackage.exe (.not file.) [0]
O42 - Logiciel: Activeris AntiMalware - (.Activeris.) [HKLM][64Bits] -- 94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1
O42 - Logiciel: DMUninstaller - (...) [HKLM][64Bits] -- DMUninstaller
O42 - Logiciel: IB Updater 2.0.0.550 - (.IncrediBar.) [HKLM][64Bits] -- {336D0C35-8A85-403a-B9D2-65C292C39087}_is1
O42 - Logiciel: SaverPrro - (.SaVerPro.) [HKLM][64Bits] -- {94851E46-5E5B-DD67-2593-709E8D27DC4C}
O42 - Logiciel: Snap.Do Engine - (.ReSoft Ltd..) [HKCU][64Bits] -- {8bb4a596-fd39-4e76-8785-f3a34b348cad}
O42 - Logiciel: WPM17.8.0.3325 - (.Cherished Technololgy LIMITED.) [HKLM][64Bits] -- WPM
[HKCU\Software\Activeris]
[HKCU\Software\AppDataLow\Software\Re_markit]
[HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[HKCU\Software\Optimizer Elite Max]
[HKLM\Software\InstalledBrowserExtensions]
[HKLM\Software\Tarma Installer]
[HKLM\Software\Web Assistant]
[HKLM\Software\Wow6432Node\Activeris]
[HKLM\Software\Wow6432Node\Tutorials]
[HKLM\Software\Wow6432Node\Wpm]
C:\Program Files (x86)\Activeris AntiMalware
C:\Program Files (x86)\BringStar
C:\Program Files (x86)\BrowseSmart
C:\ProgramData\Activeris
C:\ProgramData\SaverPrro
C:\ProgramData\WPM
C:\Users\Stéphane\AppData\Roaming\Activeris
C:\Users\Stéphane\AppData\Roaming\Optimizer Elite Max
C:\Users\Stéphane\AppData\Roaming\VOPackage
C:\Users\Stéphane\AppData\Local\Mobogenie
C:\Users\Stéphane\AppData\Local\Tuguu_SL
O45 - LFCP:[MD5.29AE4565473E784B95C4EACE9C81BF22] - 28/08/2014 - 17:10:51 ---A- - C:\Windows\Prefetch\UPDATEBROWSESMART.EXE-741E0032.pf
O45 - LFCP:[MD5.0DBBB7022127B559174229F28E868BF9] - 28/08/2014 - 17:10:50 ---A- - C:\Windows\Prefetch\UPDATEFINDRIGHT.EXE-BFADF59E.pf
O45 - LFCP:[MD5.929C629DD5E8FD753432A50D0B629069] - 28/08/2014 - 17:37:39 ---A- - C:\Windows\Prefetch\UTILBROWSESMART.EXE-25B8950A.pf
O45 - LFCP:[MD5.F13AEC91F7806E9E1EC7CC0333CA574A] - 28/08/2014 - 17:37:39 ---A- - C:\Windows\Prefetch\UTILFINDRIGHT.EXE-0BCB0296.pf
O90 - PUC: "547B38670606DF14AA57B0BB83F3AE4D" . (.SweetIM for Messenger 3.7.) -- C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}\ARPPRODUCTICON.exe
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASAPI32
HKLM\SOFTWARE\Microsoft\Tracing\NewPlayerUpdater_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExtensionUpdaterService_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ExtensionUpdaterService_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FindRight_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\NewPlayer_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseSmart_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateBrowseSmart_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFindRight_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBrowseSmart_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilBrowseSmart_RASMANCS
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFindRight_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilFindRight_RASMANCS
[HKCR\CLSID\{22222222-2222-2222-2222-220422892226}] (CrossriderApp0048926.Sandbox)
[HKLM\Software\Google\Chrome\Extensions\kajfghlhfkcocafkcjlajldicbikpgnp]
[HKLM\Software\Google\Chrome\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj]
[HKLM\Software\Google\Chrome\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo]
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdateVO]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\94EAE98D-444B-4817-858C-13DB943DF4F1_Activeris_A~741EE3A2_is1]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{94851E46-5E5B-DD67-2593-709E8D27DC4C}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8bb4a596-fd39-4e76-8785-f3a34b348cad}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\WPM]
[HKLM\Software\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1185823F-F22F-4027-80E5-4F68ACD5DE5E}]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}]
[HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}]
[HKLM\Software\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}]
[HKLM\Software\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}]
[HKLM\Software\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}]
[HKLM\Software\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}]
[HKLM\Software\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}]
[HKLM\Software\Wow6432Node\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}]
[HKLM\Software\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}]
[HKLM\Software\Wow6432Node\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}]
[HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}]
[HKLM\Software\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}]
[HKLM\Software\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}]
[HKLM\Software\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}]
[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{ae07101b-46d4-4a98-af68-0333ea26e113}]
[HKLM\Software\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}]
[HKLM\Software\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}]
[HKLM\Software\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}]
[HKLM\Software\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}]
[HKLM\Software\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}]
[HKLM\Software\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}]
[HKLM\Software\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}]
[HKLM\Software\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}]
[HKLM\Software\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}]
[HKLM\Software\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}]
[HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D]
[HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D]
[HKLM\Software\Wow6432Node\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D]
[HKLM\Software\Wow6432Node\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D]
[HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3]
[HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3]
[HKLM\Software\Wow6432Node\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3]
[HKLM\Software\Wow6432Node\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\789034A89BAC50E4782F0A7BDBF75632]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\A97CEC23332751B47BA4B95BAA50C9D0]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F754C503375A13344B22388E18DFE87E]
[HKLM\Software\Wow6432Node\{1146AC44-2F03-4431-B4FD-889BC837521F}]
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220422892226}]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094]
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:mobilegeni daemon
C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\kajfghlhfkcocafkcjlajldicbikpgnp
C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\klhlfdbffplhpkpalkmacjejfbdeefaj
C:\Users\Stéphane\AppData\Local\Google\Chrome\User Data\Default\Extensions\lekgiimbfodefdaoofhlckefjbgpeilo
C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\extensions\ioeeaylf@bamroztoa.net
C:\Users\Stéphane\AppData\Roaming\Mozilla\Firefox\Profiles\qphghzox.default\extensions\oay1.p@hrrajbuurso.edu
O2 - BHO: (no name) [64Bits] - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} Clé orpheline
O2 - BHO: AVG Do Not Track [64Bits] - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} Clé orpheline
O20 - AppInit_DLLs: . (...) - C:\Program Files (x86)\OPTIMI~1\OPTPRO~2.dll (.not file.)
[MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-2726131679-2337646977-2205106966-1000Core] (...) -- C:\Users\Stéphane\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-2726131679-2337646977-2205106966-1000UA] (...) -- C:\Users\Stéphane\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.) [0]
O43 - CFD: 28/08/2014 - 19:20:05 - [] ----D C:\Program Files (x86)\Spybot - Search & Destroy => Safer Networking Ltd - Spybot S&D
O43 - CFD: 28/08/2014 - 19:20:05 - [] ----D C:\ProgramData\Spybot - Search & Destroy => Safer Networking Ltd - Spybot S&D
O61 - LFC: 28/08/2014 - 10:00:09 ---A- . (.Google Inc..) -- C:\Users\Stéphane\AppData\Local\Temp\592_115\ChromeRecovery.exe [571272]
O61 - LFC: 28/08/2014 - 10:00:09 ---A- . (.Google Inc..) -- C:\Users\Stéphane\AppData\Local\Temp\592_115\GoogleUpdateSetup.exe [774424]
OPT:O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
OPT:O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
[HKLM\Software\BrowserChoice]
SysRestore
EmptyTemp
EmptyFlash
EmptyCLSID
EmptyPrefetch
FirewallRaz
ProxyFix
_____________________________________________



• Lance ZHPFix à partir du raccourci sur ton Bureau ou sur ModernUI si Windows 8.
Image Si tu es sous Vista, Win7 ou Win8, fais le par un clic-droit >>> Exécuter en tant qu'administrateur

Image ou Image

• Clique sur le bouton IMPORTER

Image

• Les lignes précédemment copiées vont se coller d'elles-mêmes dans la fenêtre de ZHPFix (si ce n'est pas le cas, clic droit dans la fenêtre et Coller)

Image Dans certains cas, (W8), le script se colle automatiquement dans la zone de script et ne nécessite pas de cliquer sur le bouton "IMPORTER".

• Si les lignes sélectionnées ne se sont pas collées, clique sur l'icone représentant le presse-papier ("coller le presse-papier").

Image

::!:: Les lignes en gras ci-dessus sont celles qui doivent apparaître dans la fenêtre de ZHPFix. Si ce n'est pas le cas, ne surtout pas cliquer sur le bouton GO. Il faut veiller à bien copier les lignes.

• Clique sur le bouton GO pour lancer le nettoyage

Image

• Clique sur Ok.

► S'il t'est demandé "Confirmez-vous le nettoyage de ces données", accepte .

► S'il t'est demandé de redémarrer l'ordinateur, refuse sinon le script va être interrompu.

• Héberge le rapport et communique le lien dans ta prochaine réponse.


Image


NB : L'outil que tu vas utiliser risque de fermer le processus "explorer.exe". Il est possible qu'après son exécution, ton bureau reste sans icône et sans barre des tâches.
Pas de panique !! il suffit de relancer "explorer.exe"

  • Pour cela, tu presseras simultanément ctrl+alt+suppr pour ouvrir le gestionnaire de tâches.
  • Une fois dans le gestionnaire, tu cliqueras sur "fichier" et sur "nouvelle tâche".
  • Dans le champ de saisie, tu taperas explorer.exe et tu cliqueras sur OK.
  • Tout redeviendra normal.

A toi...
fredlant
Helper
Helper
 
Messages: 15
Enregistré le: Sam 23 Aoû 2014 18:06
Firefox 31.0 Firefox 31.0
Windows 7 64 bits Windows 7 64 bits
Résolution d’écran: 1280 x 720 1280 x 720

Re : PC infecté multiples malware.

Messagepar LePerSpicAce » Ven 29 Aoû 2014 11:57

Re,

Voici le rapport : http://cjoint.com/?DHDk6aLIm6R

A toute.
LePerSpicAce
Membre
Membre
 
Messages: 27
Enregistré le: Jeu 28 Aoû 2014 16:51
Google Chrome 33.0.175 Google Chrome 33.0.175
Windows 7 64 bits Windows 7 64 bits
Résolution d’écran: 1280 x 720 1280 x 720

Suivante

Retourner vers Virus / Sécurité

 


  • Articles en relation
    Réponses
    Vues
    Dernier message

Qui est en ligne

Utilisateurs parcourant ce forum : Bing [Bot], Majestic-12 [Bot] et 3 invités