9 sujets de 1 à 9 (sur un total de 9)
  • Auteur
    Messages
  • anthonnycom
    Participant
    Nombre d'articles : 6

    Bonjour,

    Je suis infecte par plusieurs virus ou malware. Le PC rame et la page d’accueil de chrome a changeen ask.com

    ci-dessous les rapports des differents diag comme vous avez conseille.

    AdwCleaner[s0].txt

    [spoiler:1t2185q9]# AdwCleaner v3.214 – Report created 07/07/2014 at 11:14:44
    # Updated 29/06/2014 by Xplode
    # Operating System : Windows 7 Home Basic Service Pack 1 (64 bits)
    # Username : perline – PERLINE-PC
    # Running from : C:UsersperlineDesktopadwcleaner_3.214.exe
    # Option : Clean

    ***** [ Services ] *****

    [#] Service Deleted : DatamngrCoordinator
    [#] Service Deleted : F06DEFF2-5B9C-490D-910F-35D3A9119622

    ***** [ Files / Folders ] *****

    Folder Deleted : C:ProgramDataapn
    [#] Folder Deleted : C:ProgramDataBitGuard
    [#] Folder Deleted : C:ProgramDataBrowser Manager
    [#] Folder Deleted : C:ProgramDataBrowserProtect
    [!] Folder Deleted : C:ProgramDataDataMngr
    Folder Deleted : C:ProgramDatawincert
    Folder Deleted : C:ProgramDataMicrosoftWindowsStart MenuProgramsOptimizer Pro
    [!] Folder Deleted : C:Program Files (x86)Movies Toolbar
    Folder Deleted : C:Program Files (x86)Optimizer Pro
    Folder Deleted : C:Program FilesDomaIQ Uninstaller
    Folder Deleted : C:UsersperlineAppDataLocaliLivid
    Folder Deleted : C:UsersperlineAppDataLocalLowDataMngr
    Folder Deleted : C:UsersperlineAppDataLocalLowilividmoviestoolbardla
    Folder Deleted : C:UsersperlineAppDataRoamingiWin
    Folder Deleted : C:UsersperlineAppDataRoamingMovies Toolbar
    Folder Deleted : C:UsersperlineAppDataRoamingOptimizer Pro
    Folder Deleted : C:UsersperlineAppDataRoamingMozillaFirefoxProfilesw75rz7gw.defaultilividmoviestoolbardla
    Folder Deleted : C:UsersperlineAppDataRoamingMozillaFirefoxProfilesw75rz7gw.defaultExtensions{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    File Deleted : C:UsersPublicDesktopeBay.lnk
    File Deleted : C:UsersperlineDesktopOptimizer Pro.lnk
    File Deleted : C:UsersperlineAppDataRoamingMozillaFirefoxProfilesw75rz7gw.defaultsearchpluginsAsk.xml
    File Deleted : C:Program Files (x86)Mozilla FirefoxbrowsersearchpluginsAsk.xml

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Value Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionRun [Optimizer Pro]
    Key Deleted : HKLMSOFTWAREClassesSearchQUIEHelper.DNSGuard
    Key Deleted : HKLMSOFTWAREClassesSearchQUIEHelper.DNSGuard.1
    Key Deleted : HKLMSOFTWAREMicrosoftTracingapnstub_RASAPI32
    Key Deleted : HKLMSOFTWAREMicrosoftTracingapnstub_RASMANCS
    Key Deleted : HKLMSOFTWAREMicrosoftTracingConduitInstaller_RASAPI32
    Key Deleted : HKLMSOFTWAREMicrosoftTracingConduitInstaller_RASMANCS
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbitguard.exe
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbprotect.exe
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserdefender.exe
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserprotect.exe
    Value Deleted : HKLMSYSTEMControlSet001ControlSession ManagerAppCertDlls [x64]
    Value Deleted : HKLMSYSTEMControlSet001ControlSession ManagerAppCertDlls [x86]
    Value Deleted : HKLMSYSTEMControlSet002ControlSession ManagerAppCertDlls [x64]
    Value Deleted : HKLMSYSTEMControlSet002ControlSession ManagerAppCertDlls [x86]
    Key Deleted : HKLMSOFTWAREClassesCLSID{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Deleted : HKLMSOFTWAREClassesCLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLMSOFTWAREClassesCLSID{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
    Key Deleted : HKLMSOFTWAREClassesCLSID{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Key Deleted : HKLMSOFTWAREClassesCLSID{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
    Key Deleted : HKLMSOFTWAREClassesCLSID{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
    Key Deleted : HKLMSOFTWAREClassesCLSID{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
    Key Deleted : HKLMSOFTWAREClassesCLSID{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
    Key Deleted : HKLMSOFTWAREClassesCLSID{60FBBE03-57FF-49D8-B38E-053D3F489825}
    Key Deleted : HKLMSOFTWAREClassesCLSID{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
    Key Deleted : HKLMSOFTWAREClassesCLSID{6C153418-8E4D-4FAF-AF27-5201E38463A7}
    Key Deleted : HKLMSOFTWAREClassesCLSID{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
    Key Deleted : HKLMSOFTWAREClassesCLSID{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
    Key Deleted : HKLMSOFTWAREClassesCLSID{F343045E-E20A-46E1-82D8-9962C43EFC9E}
    Key Deleted : HKLMSOFTWAREClassesCLSID{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
    Key Deleted : HKLMSOFTWAREClassesCLSID{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
    Key Deleted : HKLMSOFTWAREClassesInterface{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
    Key Deleted : HKLMSOFTWAREClassesTypeLib{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
    Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Deleted : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Key Deleted : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Value Deleted : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}]
    Key Deleted : [x64] HKLMSOFTWAREClassesCLSID{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Deleted : [x64] HKLMSOFTWAREClassesCLSID{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
    Key Deleted : [x64] HKLMSOFTWAREClassesInterface{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
    Key Deleted : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Deleted : HKCUSoftwareAPN DTX
    Key Deleted : HKCUSoftwareDataMngr
    Key Deleted : HKCUSoftwareilivid
    Key Deleted : HKCUSoftwareilividmoviestoolbardla
    Key Deleted : HKCUSoftwareOptimizer Pro
    Key Deleted : HKLMSoftwareDataMngr
    Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallDomaIQ Uninstaller
    Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallilividmoviestoolbardlaFF
    Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallilividmoviestoolbardlaIE
    Key Deleted : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallOptimizer Pro_is1
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbpsvc.exe
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowsersafeguard.exe
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdprotectsvc.exe
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsjumpflip
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsprotectedsearch.exe
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchinstaller.exe
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchprotection.exe
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchprotector.exe
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchsettings.exe
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchsettings64.exe
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssnapdo.exe
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsstinst32.exe
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsstinst64.exe
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsumbrella.exe
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsutiljumpflip.exe
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsvolaro
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsvonteera
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionswebsteroids.exe
    Key Deleted : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionswebsteroidsservice.exe

    ***** [ Browsers ] *****

    -\ Internet Explorer v11.0.9600.17126

    Setting Restored : HKCUSoftwareMicrosoftInternet ExplorerMain [Start Page]

    -\ Mozilla Firefox v26.0 (fr)

    [ File : C:UsersperlineAppDataRoamingMozillaFirefoxProfilesw75rz7gw.defaultprefs.js ]

    Line Deleted : user_pref(“browser.search.defaultthis.engineName”, “Web Search”);
    Line Deleted : user_pref(“browser.search.order.1”, “Ask.com”);
    Line Deleted : user_pref(“browser.startup.homepage”, “hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1003&v=a13251-115&t=4”);
    Line Deleted : user_pref(“extensions.wrc.SearchRules.ask.com.style”, “.WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(“I[…]
    Line Deleted : user_pref(“extensions.wrc.SearchRules.ask.com.url”, “^hxxp(s)?\:\/\/(.+\.)?ask\.com\/.*”);
    Line Deleted : user_pref(“extensions.wrc.SearchRules.rambler.ru.style”, “.WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(“IMAGE”) right no-repeat}”);
    Line Deleted : user_pref(“keyword.URL”, “hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=1003&systemid=406&v=a13251-115&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=0521460292514451&o=APN10645&q=”);
    Line Deleted : user_pref(“browser.search.selectedEngine”, “Ask.com”);
    Line Deleted : user_pref(“browser.search.defaultenginename”, “Ask.com”);

    -\ Google Chrome v

    [ File : C:UsersperlineAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    Deleted [Search Provider] : hxxp://dts.search.ask.com/sr?src=crb&gct=ds&appid=1003&systemid=406&v=a13251-115&apn_uid=0521460292514451&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q=” onclick=”window.open(this.href);return false;{searchTerms}
    Deleted [Startup_urls] : hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1003&v=a13251-115&t=4″ onclick=”window.open(this.href);return false;
    Deleted [Homepage] : hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1003&v=a13251-115&t=4″ onclick=”window.open(this.href);return false;
    Deleted [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
    Deleted [Extension] : hphibigbodkkohoglgfkddblldpfohjl
    Deleted [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
    Deleted [Extension] : kincjchfokkeneeofpeefomkikfkiedl
    Deleted [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
    Deleted [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

    *************************

    AdwCleaner[R0].txt – [12110 octets] – [07/07/2014 11:12:54]
    AdwCleaner[S0].txt – [11451 octets] – [07/07/2014 11:14:44]

    ########## EOF – C:AdwCleanerAdwCleaner[S0].txt – [11512 octets] ##########[/spoiler:1t2185q9]

    AdwCleaner[R0].txt

    [spoiler:1t2185q9]# AdwCleaner v3.214 – Report created 07/07/2014 at 11:12:54
    # Updated 29/06/2014 by Xplode
    # Operating System : Windows 7 Home Basic Service Pack 1 (64 bits)
    # Username : perline – PERLINE-PC
    # Running from : C:UsersperlineDesktopadwcleaner_3.214.exe
    # Option : Scan

    ***** [ Services ] *****

    Service Found : DatamngrCoordinator
    Service Found : F06DEFF2-5B9C-490D-910F-35D3A9119622

    ***** [ Files / Folders ] *****

    File Found : C:Program Files (x86)Mozilla FirefoxbrowsersearchpluginsAsk.xml
    File Found : C:UsersperlineAppDataRoamingMozillaFirefoxProfilesw75rz7gw.defaultsearchpluginsAsk.xml
    File Found : C:UsersperlineDesktopOptimizer Pro.lnk
    File Found : C:UsersPublicDesktopeBay.lnk
    Folder Found : C:Program Files (x86)Movies Toolbar
    Folder Found : C:Program Files (x86)Optimizer Pro
    Folder Found : C:Program FilesDomaIQ Uninstaller
    Folder Found : C:ProgramDataapn
    Folder Found : C:ProgramDataBitGuard
    Folder Found : C:ProgramDataBrowser Manager
    Folder Found : C:ProgramDataBrowserProtect
    Folder Found : C:ProgramDataDataMngr
    Folder Found : C:ProgramDataMicrosoftWindowsStart MenuProgramsOptimizer Pro
    Folder Found : C:ProgramDatawincert
    Folder Found : C:UsersperlineAppDataLocaliLivid
    Folder Found : C:UsersperlineAppDataLocalLowDataMngr
    Folder Found : C:UsersperlineAppDataLocalLowilividmoviestoolbardla
    Folder Found : C:UsersperlineAppDataRoamingiWin
    Folder Found : C:UsersperlineAppDataRoamingMovies Toolbar
    Folder Found : C:UsersperlineAppDataRoamingMozillaFirefoxProfilesw75rz7gw.defaultExtensions{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Folder Found : C:UsersperlineAppDataRoamingMozillaFirefoxProfilesw75rz7gw.defaultilividmoviestoolbardla
    Folder Found : C:UsersperlineAppDataRoamingOptimizer Pro

    ***** [ Shortcuts ] *****

    ***** [ Registry ] *****

    Key Found : HKCUSoftwareAPN DTX
    Key Found : HKCUSoftwareDataMngr
    Key Found : HKCUSoftwareilivid
    Key Found : HKCUSoftwareilividmoviestoolbardla
    Key Found : HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtSettings{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKCUSoftwareMicrosoftWindowsCurrentVersionExtStats{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Key Found : HKCUSoftwareOptimizer Pro
    Key Found : [x64] HKCUSoftwareAPN DTX
    Key Found : [x64] HKCUSoftwareDataMngr
    Key Found : [x64] HKCUSoftwareilivid
    Key Found : [x64] HKCUSoftwareilividmoviestoolbardla
    Key Found : [x64] HKCUSoftwareMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : [x64] HKCUSoftwareOptimizer Pro
    Key Found : HKLMSOFTWAREClassesCLSID{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
    Key Found : HKLMSOFTWAREClassesCLSID{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
    Key Found : HKLMSOFTWAREClassesCLSID{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
    Key Found : HKLMSOFTWAREClassesCLSID{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
    Key Found : HKLMSOFTWAREClassesCLSID{60FBBE03-57FF-49D8-B38E-053D3F489825}
    Key Found : HKLMSOFTWAREClassesCLSID{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
    Key Found : HKLMSOFTWAREClassesCLSID{6C153418-8E4D-4FAF-AF27-5201E38463A7}
    Key Found : HKLMSOFTWAREClassesCLSID{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
    Key Found : HKLMSOFTWAREClassesCLSID{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Found : HKLMSOFTWAREClassesCLSID{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLMSOFTWAREClassesCLSID{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
    Key Found : HKLMSOFTWAREClassesCLSID{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
    Key Found : HKLMSOFTWAREClassesCLSID{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Key Found : HKLMSOFTWAREClassesCLSID{F343045E-E20A-46E1-82D8-9962C43EFC9E}
    Key Found : HKLMSOFTWAREClassesCLSID{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
    Key Found : HKLMSOFTWAREClassesCLSID{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
    Key Found : HKLMSOFTWAREClassesInterface{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
    Key Found : HKLMSOFTWAREClassesSearchQUIEHelper.DNSGuard
    Key Found : HKLMSOFTWAREClassesSearchQUIEHelper.DNSGuard.1
    Key Found : HKLMSOFTWAREClassesTypeLib{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
    Key Found : HKLMSoftwareDataMngr
    Key Found : HKLMSOFTWAREMicrosoftInternet ExplorerLow RightsElevationPolicy{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Key Found : HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Key Found : HKLMSOFTWAREMicrosoftTracingapnstub_RASAPI32
    Key Found : HKLMSOFTWAREMicrosoftTracingapnstub_RASMANCS
    Key Found : HKLMSOFTWAREMicrosoftTracingConduitInstaller_RASAPI32
    Key Found : HKLMSOFTWAREMicrosoftTracingConduitInstaller_RASMANCS
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbitguard.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbitguard.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbprotect.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbprotect.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbpsvc.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserdefender.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserdefender.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserprotect.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowserprotect.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbrowsersafeguard.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsdprotectsvc.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsjumpflip
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsprotectedsearch.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchinstaller.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchprotection.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchprotector.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchsettings.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssearchsettings64.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionssnapdo.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsstinst32.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsstinst64.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsumbrella.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsutiljumpflip.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsvolaro
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsvonteera
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionswebsteroids.exe
    Key Found : HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionswebsteroidsservice.exe
    Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}
    Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallDomaIQ Uninstaller
    Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallilividmoviestoolbardlaFF
    Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallilividmoviestoolbardlaIE
    Key Found : HKLMSOFTWAREMicrosoftWindowsCurrentVersionUninstallOptimizer Pro_is1
    Key Found : [x64] HKLMSOFTWAREClassesCLSID{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
    Key Found : [x64] HKLMSOFTWAREClassesCLSID{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
    Key Found : [x64] HKLMSOFTWAREClassesInterface{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
    Key Found : [x64] HKLMSOFTWAREMicrosoftInternet ExplorerSearchScopes{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    Value Found : HKCUSoftwareMicrosoftWindowsCurrentVersionRun [Optimizer Pro]
    Value Found : HKLMSOFTWAREMicrosoftInternet ExplorerToolbar [{EC2BAE47-25AF-4CE9-9E78-10627A49C9EA}]
    Value Found : HKLMSYSTEMControlSet001ControlSession ManagerAppCertDlls [x64]
    Value Found : HKLMSYSTEMControlSet001ControlSession ManagerAppCertDlls [x86]
    Value Found : HKLMSYSTEMControlSet002ControlSession ManagerAppCertDlls [x64]
    Value Found : HKLMSYSTEMControlSet002ControlSession ManagerAppCertDlls [x86]
    Value Found : HKLMSYSTEMCurrentControlSetControlSession ManagerAppCertDlls [x64]
    Value Found : HKLMSYSTEMCurrentControlSetControlSession ManagerAppCertDlls [x86]

    ***** [ Browsers ] *****

    -\ Internet Explorer v11.0.9600.17126

    Setting Found : HKCUSoftwareMicrosoftInternet ExplorerMain [Start Page] – hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1003&v=a13251-115&t=4″ onclick=”window.open(this.href);return false;

    -\ Mozilla Firefox v26.0 (fr)

    [ File : C:UsersperlineAppDataRoamingMozillaFirefoxProfilesw75rz7gw.defaultprefs.js ]

    Line Found : user_pref(“browser.search.defaultthis.engineName”, “Web Search”);
    Line Found : user_pref(“browser.search.order.1”, “Ask.com”);
    Line Found : user_pref(“browser.startup.homepage”, “hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1003&v=a13251-115&t=4”);
    Line Found : user_pref(“extensions.wrc.SearchRules.ask.com.style”, “.WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(“I[…]
    Line Found : user_pref(“extensions.wrc.SearchRules.ask.com.url”, “^hxxp(s)?\:\/\/(.+\.)?ask\.com\/.*”);
    Line Found : user_pref(“extensions.wrc.SearchRules.rambler.ru.style”, “.WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(“IMAGE”) right no-repeat}”);
    Line Found : user_pref(“keyword.URL”, “hxxp://dts.search.ask.com/sr?src=ffb&gct=ds&appid=1003&systemid=406&v=a13251-115&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=0521460292514451&o=APN10645&q=”);
    Line Found : user_pref(“browser.search.selectedEngine”, “Ask.com”);
    Line Found : user_pref(“browser.search.defaultenginename”, “Ask.com”);

    -\ Google Chrome v

    [ File : C:UsersperlineAppDataLocalGoogleChromeUser DataDefaultpreferences ]

    Found [Startup_urls] : hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1003&v=a13251-115&t=4″ onclick=”window.open(this.href);return false;
    Found [Homepage] : hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1003&v=a13251-115&t=4″ onclick=”window.open(this.href);return false;
    Found [Extension] : dhdepfaagokllfmhfbcfmocaeigmoebo
    Found [Extension] : hphibigbodkkohoglgfkddblldpfohjl
    Found [Extension] : kdcnnmifdmlmjffdgeieikcokcogpbej
    Found [Extension] : kincjchfokkeneeofpeefomkikfkiedl
    Found [Extension] : kkkeikdkpjenmoiicggnnodbkebafgpc
    Found [Extension] : pgmfkblbflahhponhjmkcnpjinenhlnc

    *************************

    AdwCleaner[R0].txt – [11928 octets] – [07/07/2014 11:12:54]

    ########## EOF – C:AdwCleanerAdwCleaner[R0].txt – [11989 octets] ##########[/spoiler:1t2185q9]

    Malwarebytes Anti-Malware

    [spoiler:1t2185q9]Malwarebytes Anti-Malware
    http://www.malwarebytes.org

    Scan Date: 07/07/2014
    Scan Time: 11:25:16
    Logfile: logmal.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.07.07.01
    Rootkit Database: v2014.07.03.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: perline

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 302220
    Time Elapsed: 25 min, 56 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 2
    PUP.Optional.DataMangr.A, HKLMSOFTWAREWOW6432NODEDatamngr, Quarantined, [05a8980494e746f0fe5e8f2d976b6c94],
    PUP.Optional.DataMngr.A, HKUS-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0SOFTWAREDatamngr, Quarantined, [b1fc1f7dc7b4c175d3a60ce3996a8c74],

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 1
    PUP.Optional.Conduit.A, C:UsersperlineAppDataLocalTempCT3128284, Quarantined, [e1cc504c2655ad89c943e5b5ef13d729],

    Files: 26
    PUP.Optional.Bandoo, C:UsersperlineAppDataLocalTempOx7fNaXS.exe.part, Quarantined, [4c61c5d78dee181eb761759bb051bc44],
    PUP.Optional.Conduit.A, C:UsersperlineAppDataLocalTempconduitinstaller.exe, Quarantined, [119c0498cdae2115513bbf86c739dc24],
    PUP.Optional.Bandoo, C:UsersperlineAppDataLocalTempfJQrvJpw.exe.part, Quarantined, [e9c4cad2681362d453c535dba958cd33],
    Adware.DomaIQ, C:UsersperlineAppDataLocalTempDIQDriver-Detective-6-6-FR_108DomaIQ.exe, Quarantined, [406d64381566fd393370cceac53f4db3],
    Adware.DomaIQ, C:UsersperlineAppDataLocalTempDIQDriver-Detective-6-6-FR_108DomaIQ10.exe, Quarantined, [77362e6ed1aa4de961428234ec185ca4],
    PUP.Optional.OptimizePro.A, C:UsersperlineAppDataLocalTempDIQDriver-Detective-6-6-FR_108softwareOptimizerPro.exe, Quarantined, [b9f4118b0f6cf14588c31e00a35d916f],
    PUP.Toolbar.Repacked, C:UsersperlineDownloadsK-LiteCodecPackFull_telechargement_01net.exe, Quarantined, [9419fe9ebfbce84eeeca49417b85946c],
    PUP.Adware.MediaGet, C:UsersperlineDownloadstorrent.php, Quarantined, [bbf2b9e3e99242f432ba7a8da65ab947],
    PUP.Optional.InstallCore, C:UsersperlineDownloadstout-le-monde-veut-prendre-sa-place.exe, Quarantined, [238af4a8b5c681b55b4e7f0835cfb749],
    Trojan.Pirminay, C:UsersperlineDownloadsfriendly__installer.zip, Quarantined, [931a47551a610630edb5b3043ac6c63a],
    PUP.Optional.Bandoo, C:UsersperlineDownloadsiLividSetup-r1003-n-bf.exe, Quarantined, [47662379d4a7ce68c3550a0625dc827e],
    PUP.Optional.Bandoo, C:UsersperlineDownloadsiLividSetup-r161-n-bf.exe, Quarantined, [8e1f0597f08be4526cacb060758cf709],
    PUP.RiskwareTool.CK, C:UsersperlineDownloadsWinRAR 4.10 Beta 4.rar, Quarantined, [eac389133b400c2ab3665a6d08f99f61],
    Trojan.Dropper, C:UsersperlineDownloads{Serobot_v2.zip}.exe, Quarantined, [8c2168340f6c290df331850705fbcd33],
    PUP.Optional.Babylon.A, C:UsersperlineDownloadsBabylon9_setup.exe, Quarantined, [cedfadef5e1d84b292465ec0ef1156aa],
    Adware.InstallBrain, C:UsersperlineDownloadsBestCodecsPackSetup.exe, Quarantined, [ffae0d8ff5865bdb52e0030bb150f010],
    PUP.Optional.Solimba, C:UsersperlineDownloadsFLVMPlayer.exe, Quarantined, [9d10d7c575069b9b668484d228dc58a8],
    Adware.DomaIQ, C:UsersperlineDownloadsDriver-Detective-6-6-FR.exe, Quarantined, [8a23fba16417c076d4cfeacc40c44ab6],
    PUP.Optional.MindSpark.A, C:UsersperlineAppDataLocalGoogleChromeUser DataDefaultLocal Storagehttp_zwinky.dl.tb.ask.com_0.localstorage, Quarantined, [bdf0a2fa8cefbb7bc3b9caeba35fdc24],
    PUP.Optional.MindSpark.A, C:UsersperlineAppDataLocalGoogleChromeUser DataDefaultLocal Storagehttp_heroicplay.dl.tb.ask.com_0.localstorage, Quarantined, [7e2fe1bb6d0e64d29625675ba260936d],
    PUP.Optional.MindSpark.A, C:UsersperlineAppDataLocalGoogleChromeUser DataDefaultLocal Storagehttp_filmfanatic2.dl.tb.ask.com_0.localstorage, Quarantined, [bbf299037efd280e4d338047936f0bf5],
    PUP.Optional.MindSpark.A, C:UsersperlineAppDataLocalGoogleChromeUser DataDefaultLocal Storagehttp_gamingwonderland.dl.tb.ask.com_0.localstorage, Quarantined, [d6d78418f9823600277b48c3c53ff50b],
    PUP.Optional.Conduit.A, C:UsersperlineAppDataLocalTempCT3128284parameters.csf, Quarantined, [e1cc504c2655ad89c943e5b5ef13d729],
    PUP.Optional.Conduit.A, C:UsersperlineAppDataLocalTempCT3128284statisticsStub.exe, Quarantined, [e1cc504c2655ad89c943e5b5ef13d729],
    PUP.Optional.ASK.A, C:UsersperlineAppDataLocalGoogleChromeUser DataDefaultPreferences, Good: (), Bad: ( “homepage”: “http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1003&v=a13251-115&t=4”,), Replaced,[8627425a2c4f3afc97012b9932d2e11f]
    PUP.Optional.ASK.A, C:UsersperlineAppDataLocalGoogleChromeUser DataDefaultPreferences, Good: (), Bad: ( “startup_urls”: [ “http://www.search.ask.com/?o=APN10645A&gct=hp&d=406-1003&v=a13251-115&t=4” ],), Replaced,[7a3308942358f44215b5aa1a0ff5926e]

    Physical Sectors: 0
    (No malicious items detected)

    (end)[/spoiler:1t2185q9]

    anthonnycom
    Participant
    Nombre d'articles : 6

    Rapport ZHPDiag

    https://antimalware.top/www/?a=d&i=l31xCsNlLi” onclick=”window.open(this.href);return false;

    g3n-h@ckm@ng3n-h@ckm@n
    Moderator
    Nombre d'articles : 8251

    salut

    Laisser travailler l’outil même s’il parait bloqué

    Désactiver temporairement l’antivirus , ou les agents de protection qu’il contient.
    Télécharger Shortcut_Module ici :
    https://www.sosvirus.net/telecharger/shortcut_module/” onclick=”window.open(this.href);return false;
    L’ enregistrer sur le bureau, et le lancer

    cliquer sur “Nettoyer” puis laisser tourner le scan :



    Attention : il fermera les programmes en cours d’utilisation tels que IE, Firefox, Word etc…

    Si l’outil détecte un proxy et qu’aucun n’a été installé et qu’il n’y a pas pas de logiciel de controle parental , cliquer sur supprimer le proxy
    Il donnera un rapport en fin d’exécution , dans C:Shortcut_Module_xx_xx_xx_xx_xx_xx.txt (les “x” étant des chiffres)
    le pc va redemarrer
    Héberger le rapport sur http://cjoint.com” onclick=”window.open(this.href);return false; puis fournir le lien obtenu

    Note : En fin de désinfection (ET PAS AVANT) relancer l’outil et cliquer sur le petit “u” en bas à droite pour le desinstaller totalement

    anthonnycom
    Participant
    Nombre d'articles : 6

    ci-joint le rapport de Shortcut, le scan a ete long

    http://cjoint.com/?3GhmNphBKv0” onclick=”window.open(this.href);return false;

    Entre parenthese, je pense que ma cle usb est peut etre aussi infecte

    g3n-h@ckm@ng3n-h@ckm@n
    Moderator
    Nombre d'articles : 8251

    ok on verra ensuite pour verifier tes ports usb

    pour l instant il en reste dans tes navigateurs

    Désactive ton antivirus.

    selectionne ce texte , puis CTRL + C

    FK_Monitor

    relance shortcut_module puis clique sur le petit “S” .
    un fichier “module” va s’ouvrir avec les lignes copiées , si c’est le cas referme-le et relance un nettoyage il prendra ces parametres en compte sinon fais en sorte qu il n’y ait que ca dedans , puis ferme en acceptant la modification s’il y a lieu et relance le nettoyage

    poste enfin le nouveau rapport

    anthonnycom
    Participant
    Nombre d'articles : 6

    ci-joint le dernier rapport de Shortcut

    http://cjoint.com/?3Gho4KdYDHM” onclick=”window.open(this.href);return false;

    anthonnycom
    Participant
    Nombre d'articles : 6

    ci-dessus le dernier rapport, j’attends les prochaines instructions ainsi que la solution pour les usb…

    anthonnycom
    Participant
    Nombre d'articles : 6

    Bonjour,

    Je relance mon post car je n’ai pas eu de reponse pour la suite a suivre.

    Merci

    g3n-h@ckm@ng3n-h@ckm@n
    Moderator
    Nombre d'articles : 8251

    hello désolé soucis de santé et j’ai pas vu que tu avais répondu aussi :)

    • Télécharge UsbFix (de El Desaparecido) sur ton Bureau !
    • Branche toutes vos sources de données externes à votre PC (clé USB, disque dur externe, etc…) sans les ouvrir.
    • Fais clic droit dessus, exécuter en tant qu’administrateur sous Windows : 7/8 et Vista
    • Choisis l’option Nettoyage

    • Copie et Colle le contenu du rapport qui apparaît à la fin du scan dans ta réponse
9 sujets de 1 à 9 (sur un total de 9)
  • Vous devez être connecté pour répondre à ce sujet.