Security-X
Forum Security-X => Désinfections => Discussion démarrée par: pauline59 le mars 04, 2014, 11:05:23
-
Bonjour,
Je suis une novice sur internet.... Cela fait plusieurs semaines que des mots soulignés en vert (2 fois) apparaissent dans mes pages internet + fenêtres de pub un peu partout (souvent "média viewer") + page de pubs... Ça me fait péter les plombs ^^ :oups:
J'ai fait des scans avec Ad-aware et adwcleaner... Cela a amélioré un peu les choses mais c'est reparti de plus belle :AAM
Je viens de télécharger J.R.T et j'ai obtenu un rapport sur mon bloc note. Quelqu'un peut-il m'aider à résoudre ce problème?
Je suis sur Windows 7...
D'avance merci ;D
Pauline
-
Bonjour Pauline,
Bienvenue sur Security-X,
Tu as des adwares, des logiciels publicitaires installé "volontairement" car tu n'es pas assez vigilante et ne décoches pas les sponsors proposés à l'installation de certains logiciels "gratuits"
on va nettoyer cela,
à faire pour commencer :
Télécharge Farbar Recovery Scan Tool (de Farbar) sur ton Bureau.
Attention: Tu dois lancer la version compatible avec ton système : 32 ou 64bits.
Clique ici pour la version 32 bits (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/)
Clique ici pour la version 64 bits (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/)
Info : comment savoir quelle version j'utilise ? (http://windows.microsoft.com/fr-fr/windows7/find-out-32-or-64-bit)
Sous IE9 ou IE10, le filtre SmartScreen déclenche une alerte. Cliquer sur Actions puis sur Exécuter quand même
- Double-clique sur l'outil pour le lancer. Quand l'outil se lance, clique sur Yes pour accepter le disclamer.
- Clique sur le bouton Scan.
- L'outil va créer un rapport nommé FRST.txt, enregistré dans le même dossier que l'outil.
- A son premier lancement, l'outil va aussi créer un fichier nommé Addition.txt).
Poste les deux rapports générés.
- Pour les rapports, merci d'utiliser ce service de rapport en ligne (http://security-x.fr/up/) : dépose le fichier via "parcourir" et poste simplement le lien obtenu dans ta réponse.
Une aide à l'utilisation ici (http://forum.security-x.fr/cours-et-tutoriels-322/(tutoriel)-impression-d%27ecran-et-hebergement-de-rapport/msg60884/#msg60884)
-
FRST:
http://up.security-x.fr/file.php?h=R45825ac2862b95cc3295e9db9f625092
-
http://up.security-x.fr/file.php?h=R455e794420805a501fab9a7a1f6b7bbb
-
Merci d'avance pour votre aide... :)
-
Re,
Attention de bien lire les procédures jusqu'au bout et entièrement, et ne pas hésiter à demander en cas de doute.
Par exemple, j'avais demandé d'héberger les rapports et non les poster directement ;)
Je viens de le faire pour vous.
à suivre :
- Vous possédez deux antivirus actifs : avast! Internet Security et Ad-Aware Antivirus
En plus d'être totalement inutile, cela peut provoquer ralentissements et conflit
Supprimez l'un des deux, en priorité Ad-Aware Antivirus, car son éditeur est issue d'une nébuleuse aux agissements troublant.
1) Désinstalle les programmes suivants dans ta liste des programmes (si présents) :
Note : Si tu rencontres une erreur passe au suivant et poursuis la procédure
- Ad-Aware Antivirus (voir explication précédente)
- VLC Media Player Packages (package lié à un adware)
[Info]Suite Windows Live : Windows live messenger ayant été remplacé par Skype, il peut être intéressant dès à présent de supprimer les logiciels devenus inutile de la suite Windows Live.
Pour cela, dans la liste des programmes, cliquer sur "Windows Live"/"Installation Windows Live" puis "Désinstaller" et choisir les logiciels à supprimer (ex : Windows Live Messenger, Complément Messenger, Windows Live Writer, Windows Live Mesh, etc ...)
/!\ Crée un point de restauration manuel avant d'appliquer le correctif - Tutoriel en images (http://forum.security-x.fr/windows-7/%28tutoriel%29-creer-un-point-de-restauration-sous-windows-7/) /!\
- Ouvre le Bloc-notes (Démarrer => Tous les programmes => Accessoires => Bloc-notes)
- Copie/colle la totalité du contenu de la zone Code ci-dessous dans le Bloc-notes
start
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] ()
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
SearchScopes: HKLM - {252179A8-2354-A5F0-85D5-4F2A81E67C0E} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&ts=1376345533
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
SearchScopes: HKCU - URL http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103aw&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AzzzyyB0AtBtCtD0CtC0DtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA1T2W&cr=84240740&ir=
SearchScopes: HKCU - TopResultURLFallback http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103aw&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AzzzyyB0AtBtCtD0CtC0DtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA1T2W&cr=84240740&ir=
SearchScopes: HKCU - {252179A8-2354-A5F0-85D5-4F2A81E67C0E} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
FF Plugin-x32: @tools.Software.com/Software Update;version=3 - C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll (The Software Group)
FF Plugin-x32: @tools.Software.com/Software Update;version=9 - C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll (The Software Group)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF Extension: Quick Start - C:\Users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\hzk4lelo.default\Extensions\quick_start@gmail.com [2014-03-04]
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha381.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha381\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewerV1alpha1973.net] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1973\ff
FF Extension: Media Viewer - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1973\ff [2014-02-24]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha3444.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3444\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3444\ff [2014-02-27]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\hzk4lelo.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\hzk4lelo.default\extensions\quick_start@gmail.com [2014-03-04]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com/?type=sc&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Plugin: (Software Update) - C:\Program Files (x86)\Software\Update\1.2.201.0\npSoftwareOneClick8.dll No File
CHR Extension: (Better Surf Plus) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmifolfpllfdhilecpdpmemhelmanajl [2013-12-10]
CHR Extension: (Lavasoft NewTab) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [miphlmjbiceogjebghdceoefdhdanpfm] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha381\ch\WebexpEnhancedV1alpha381.crx [2013-12-10]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2013-12-10]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2014-01-17]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-03-04]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com/?type=sc&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()
S2 Software_update; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408 2014-03-04] (The Software Group)
S3 Software_update_m; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408 2014-03-04] (The Software Group)
2014-03-04 17:37 - 2014-03-04 17:44 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-03-04 17:37 - 2014-03-04 17:43 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-04 17:37 - 2014-03-04 17:43 - 00000000 ____D () C:\Program Files (x86)\Desk 365
2014-03-04 17:37 - 2014-03-04 17:42 - 00000920 _____ () C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job
2014-03-04 17:37 - 2014-03-04 17:42 - 00000916 _____ () C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job
2014-03-04 17:37 - 2014-03-04 17:37 - 00003916 _____ () C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineUA
2014-03-04 17:37 - 2014-03-04 17:37 - 00003664 _____ () C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineCore
2014-03-04 17:37 - 2014-03-04 17:37 - 00000000 ____D () C:\Users\Pauline\AppData\Roaming\SupTab
2014-03-04 17:37 - 2014-03-04 17:37 - 00000000 ____D () C:\Users\Pauline\AppData\Roaming\Desk 365
2014-03-04 17:37 - 2014-03-04 17:37 - 00000000 ____D () C:\Users\Pauline\AppData\Local\Software
2014-03-04 17:37 - 2014-03-04 17:37 - 00000000 ____D () C:\Program Files (x86)\Software
2014-03-04 17:36 - 2014-03-04 17:36 - 00000000 ____D () C:\ProgramData\WPM
2014-03-04 17:35 - 2014-03-04 17:35 - 00220456 _____ (Fusion Install ) C:\Users\Pauline\Downloads\Setup.exe
2014-03-04 13:09 - 2014-03-03 22:17 - 00000426 _____ () C:\AVScanner.ini
2014-03-04 12:34 - 2014-03-04 13:05 - 00000000 ____D () C:\Users\Pauline\AppData\Local\adawarebp
2014-03-03 21:19 - 2014-03-03 21:20 - 00000000 ____D () C:\Users\Pauline\AppData\Roaming\LavasoftStatistics
2014-03-03 20:57 - 2014-03-04 12:22 - 00002317 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-03-03 20:57 - 2014-03-03 20:57 - 00000000 ____D () C:\Users\Pauline\AppData\Roaming\Lavasoft
2014-03-03 20:56 - 2014-03-03 20:56 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-03-03 20:56 - 2014-03-03 20:56 - 00000000 ____D () C:\Program Files\Lavasoft
2014-03-03 20:55 - 2014-03-03 20:55 - 00000000 ____D () C:\Users\Pauline\AppData\Roaming\SecureSearch
2014-03-03 20:55 - 2014-03-03 20:55 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-03-03 20:55 - 2014-03-03 20:55 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-03-03 20:53 - 2014-03-03 20:53 - 01727624 _____ () C:\Users\Pauline\Downloads\Adaware_Installer.exe
2014-03-03 20:53 - 2014-03-03 20:53 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-27 21:58 - 2014-02-27 21:58 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-02-24 19:47 - 2014-02-24 19:47 - 00000000 ____D () C:\Program Files (x86)\MediaViewerV1
C:\Program Files (x86)\BetterSurf
C:\Program Files (x86)\WebexpEnhancedV1
C:\Users\Pauline\AppData\Local\Temp\4ff64bbd-a5c4-4c9a-b285-8760e658468d.exe
C:\Users\Pauline\AppData\Local\Temp\adks_awesomehp.exe
C:\Users\Pauline\AppData\Local\Temp\AutoRun.exe
C:\Users\Pauline\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Pauline\AppData\Local\Temp\BackupSetup.exe
C:\Users\Pauline\AppData\Local\Temp\BoxoreInstaller.exe
C:\Users\Pauline\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Pauline\AppData\Local\Temp\dealply.exe
C:\Users\Pauline\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Pauline\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Pauline\AppData\Local\Temp\EnhanceTronicSetup_20131220.exe
C:\Users\Pauline\AppData\Local\Temp\ICReinstall_MSAoE.exe
C:\Users\Pauline\AppData\Local\Temp\installhelper.dll
C:\Users\Pauline\AppData\Local\Temp\Messenger-full-installer.exe
C:\Users\Pauline\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Pauline\AppData\Local\Temp\pricepeep_1.exe
C:\Users\Pauline\AppData\Local\Temp\propsys.dll
C:\Users\Pauline\AppData\Local\Temp\push.exe
C:\Users\Pauline\AppData\Local\Temp\RegClean4.exe
C:\Users\Pauline\AppData\Local\Temp\rpidity.exe
C:\Users\Pauline\AppData\Local\Temp\toolbar_vit_sweetim.exe
C:\Users\Pauline\AppData\Local\Temp\VP6Install.exe
C:\Users\Pauline\AppData\Local\Temp\VP6VFW.dll
C:\Users\Pauline\AppData\Local\Temp\WinZipperdl.exe
C:\Users\Pauline\AppData\Local\Temp\yacdl.exe
Task: {3B974862-9C90-4062-A221-E8E8603DFD3D} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {4A2F1B60-D410-4B95-81B7-31AC87EFBC45} - \DealPly No Task File
Task: {9CC7EC23-A63F-4BAE-A9D1-5D66951811AB} - \LaunchApp No Task File
Task: {E50C9301-EABD-47DA-95FA-4C547F1FA6F5} - System32\Tasks\SoftwareUpdateTaskMachineUA => C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [2014-03-04] (The Software Group) <==== ATTENTION
Task: {ED3D6BC0-93C7-4465-AC3B-421FBD2B2DB4} - System32\Tasks\SoftwareUpdateTaskMachineCore => C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [2014-03-04] (The Software Group) <==== ATTENTION
Task: C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job => C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job => C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe <==== ATTENTION
end
- Enregistre le fichier sur ton Bureau (au même endroit que FRST) sous le nom fixlist.txt
- Ferme toutes les applications, y compris ton navigateur
- Double-clique sur FRST.exe
/!\ Sous Vista, Windows 7 et 8, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
- Sur le menu principal, clique une seule fois sur Fix et patiente le temps de la correction
(https://forum.security-x.fr/proxy.php?request=http%3A%2F%2Fup.security-x.fr%2Ffile.php%3Fh%3DR05cf1fa17f5d244a9c65be205bacfeab&hash=b3152d40400f1435eb46d75f6cf70ecc0edb4c0e)
- L'outil va créer un rapport de correction Fixlog.txt. Poste ce rapport dans ta réponse.
/!\ Ce script a été établi pour cet utilisateur, il ne doit, en aucun cas, être appliqué sur un autre système, au risque de provoquer de graves dysfonctionnement et endommager Windows /!\
3) Télécharge Shortcut Cleaner (http://www.bleepingcomputer.com/download/shortcut-cleaner/dl/172/) (de Grinler) sur ton Bureau
/!\ Ferme toutes les applications, y compris ton navigateur
- Double-clique sur sc-cleaner.exe pour lancer l'outil
(Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
- Une invite de commandes s'ouvre, laisse l'outil travailler
- A la fin de l'analyse et nettoyage, valide par OK le message d'information
- Le rapport sc-cleaner.txt s'ouvre. Poste ce rapport dans ta prochaine réponse.
Info : Le rapport est enregistré sur le Bureau
Tutoriel d'utilisation Shortcut Cleaner en images (http://forum.security-x.fr/tutoriels-317/tutoriel-shortcut-cleaner/)
- Pour les rapports, merci d'utiliser ce service de rapport en ligne (http://security-x.fr/up/) : dépose le fichier via "parcourir" et poste simplement le lien obtenu dans ta réponse.
Une aide à l'utilisation ici (http://forum.security-x.fr/cours-et-tutoriels-322/(tutoriel)-impression-d%27ecran-et-hebergement-de-rapport/msg60884/#msg60884)
-
Ca prends du temps avec moi.... Je suis désolée. C'est juste que je dois bien lire ce que tu as écrit et ensuite essayer d'appliquer exactement ^^
Je sais que tu l'as pas demandé de le mettre comme ça le rapport fixlog, mais je sais pas comment on l'enregistre...
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-03-2014
Ran by Pauline at 2014-03-05 08:37:47 Run:1
Running from C:\Users\Pauline\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
HKLM\...\Run: [AdAwareTray] - C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe [4114264 2014-01-23] ()
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [559696 2013-09-27] (Lavasoft)
AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll => c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll File Not Found
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.awesomehp.com/?type=hp&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.awesomehp.com/?type=hp&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
SearchScopes: HKLM - {252179A8-2354-A5F0-85D5-4F2A81E67C0E} URL = http://search.qvo6.com/web/?utm_source=b&utm_medium=amt&from=amt&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&ts=1376345533
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
SearchScopes: HKCU - URL http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103aw&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AzzzyyB0AtBtCtD0CtC0DtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA1T2W&cr=84240740&ir=
SearchScopes: HKCU - TopResultURLFallback http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd103aw&cd=2XzuyEtN2Y1L1Qzu0CtD0Fzz0D0AzzzyyB0AtBtCtD0CtC0DtN0D0Tzu0CyCyByCtN1L2XzutBtFtBtFzztFtCtByEyBtN1L1Czu1L1C1H1B1QtCtDtA1T2W&cr=84240740&ir=
SearchScopes: HKCU - {252179A8-2354-A5F0-85D5-4F2A81E67C0E} URL =
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.awesomehp.com/web/?type=ds&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86&q={searchTerms}
FF Plugin-x32: @tools.Software.com/Software Update;version=3 - C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll (The Software Group)
FF Plugin-x32: @tools.Software.com/Software Update;version=9 - C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll (The Software Group)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF Extension: Quick Start - C:\Users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\hzk4lelo.default\Extensions\quick_start@gmail.com [2014-03-04]
FF HKLM-x32\...\Firefox\Extensions: [ext@WebexpEnhancedV1alpha381.net] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha381\ff
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewerV1alpha1973.net] - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1973\ff
FF Extension: Media Viewer - C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1973\ff [2014-02-24]
FF HKLM-x32\...\Firefox\Extensions: [ext@MediaViewV1alpha3444.net] - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3444\ff
FF Extension: Media View - C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3444\ff [2014-02-27]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\hzk4lelo.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\hzk4lelo.default\extensions\quick_start@gmail.com [2014-03-04]
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com/?type=sc&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR Plugin: (Software Update) - C:\Program Files (x86)\Software\Update\1.2.201.0\npSoftwareOneClick8.dll No File
CHR Extension: (Better Surf Plus) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmifolfpllfdhilecpdpmemhelmanajl [2013-12-10]
CHR Extension: (Lavasoft NewTab) - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2014-03-03]
CHR HKLM-x32\...\Chrome\Extension: [miphlmjbiceogjebghdceoefdhdanpfm] - C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha381\ch\WebexpEnhancedV1alpha381.crx [2013-12-10]
CHR HKLM-x32\...\Chrome\Extension: [mmifolfpllfdhilecpdpmemhelmanajl] - C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx [2013-12-10]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2014-01-17]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-03-04]
CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com/?type=sc&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe [702744 2014-01-23] ()
S2 Software_update; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408 2014-03-04] (The Software Group)
S3 Software_update_m; C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [119408 2014-03-04] (The Software Group)
2014-03-04 17:37 - 2014-03-04 17:44 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-03-04 17:37 - 2014-03-04 17:43 - 00000000 ____D () C:\ProgramData\IePluginService
2014-03-04 17:37 - 2014-03-04 17:43 - 00000000 ____D () C:\Program Files (x86)\Desk 365
2014-03-04 17:37 - 2014-03-04 17:42 - 00000920 _____ () C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job
2014-03-04 17:37 - 2014-03-04 17:42 - 00000916 _____ () C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job
2014-03-04 17:37 - 2014-03-04 17:37 - 00003916 _____ () C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineUA
2014-03-04 17:37 - 2014-03-04 17:37 - 00003664 _____ () C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineCore
2014-03-04 17:37 - 2014-03-04 17:37 - 00000000 ____D () C:\Users\Pauline\AppData\Roaming\SupTab
2014-03-04 17:37 - 2014-03-04 17:37 - 00000000 ____D () C:\Users\Pauline\AppData\Roaming\Desk 365
2014-03-04 17:37 - 2014-03-04 17:37 - 00000000 ____D () C:\Users\Pauline\AppData\Local\Software
2014-03-04 17:37 - 2014-03-04 17:37 - 00000000 ____D () C:\Program Files (x86)\Software
2014-03-04 17:36 - 2014-03-04 17:36 - 00000000 ____D () C:\ProgramData\WPM
2014-03-04 17:35 - 2014-03-04 17:35 - 00220456 _____ (Fusion Install ) C:\Users\Pauline\Downloads\Setup.exe
2014-03-04 13:09 - 2014-03-03 22:17 - 00000426 _____ () C:\AVScanner.ini
2014-03-04 12:34 - 2014-03-04 13:05 - 00000000 ____D () C:\Users\Pauline\AppData\Local\adawarebp
2014-03-03 21:19 - 2014-03-03 21:20 - 00000000 ____D () C:\Users\Pauline\AppData\Roaming\LavasoftStatistics
2014-03-03 20:57 - 2014-03-04 12:22 - 00002317 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-03-03 20:57 - 2014-03-03 20:57 - 00000000 ____D () C:\Users\Pauline\AppData\Roaming\Lavasoft
2014-03-03 20:56 - 2014-03-03 20:56 - 00000000 ____D () C:\ProgramData\Ad-Aware Browsing Protection
2014-03-03 20:56 - 2014-03-03 20:56 - 00000000 ____D () C:\Program Files\Lavasoft
2014-03-03 20:55 - 2014-03-03 20:55 - 00000000 ____D () C:\Users\Pauline\AppData\Roaming\SecureSearch
2014-03-03 20:55 - 2014-03-03 20:55 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-03-03 20:55 - 2014-03-03 20:55 - 00000000 ____D () C:\Program Files (x86)\Lavasoft
2014-03-03 20:53 - 2014-03-03 20:53 - 01727624 _____ () C:\Users\Pauline\Downloads\Adaware_Installer.exe
2014-03-03 20:53 - 2014-03-03 20:53 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-02-27 21:58 - 2014-02-27 21:58 - 00000000 ____D () C:\Program Files (x86)\MediaViewV1
2014-02-24 19:47 - 2014-02-24 19:47 - 00000000 ____D () C:\Program Files (x86)\MediaViewerV1
C:\Program Files (x86)\BetterSurf
C:\Program Files (x86)\WebexpEnhancedV1
C:\Users\Pauline\AppData\Local\Temp\4ff64bbd-a5c4-4c9a-b285-8760e658468d.exe
C:\Users\Pauline\AppData\Local\Temp\adks_awesomehp.exe
C:\Users\Pauline\AppData\Local\Temp\AutoRun.exe
C:\Users\Pauline\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Pauline\AppData\Local\Temp\BackupSetup.exe
C:\Users\Pauline\AppData\Local\Temp\BoxoreInstaller.exe
C:\Users\Pauline\AppData\Local\Temp\BundleSweetIMSetup.exe
C:\Users\Pauline\AppData\Local\Temp\dealply.exe
C:\Users\Pauline\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Pauline\AppData\Local\Temp\drm_dyndata_7400006.dll
C:\Users\Pauline\AppData\Local\Temp\EnhanceTronicSetup_20131220.exe
C:\Users\Pauline\AppData\Local\Temp\ICReinstall_MSAoE.exe
C:\Users\Pauline\AppData\Local\Temp\installhelper.dll
C:\Users\Pauline\AppData\Local\Temp\Messenger-full-installer.exe
C:\Users\Pauline\AppData\Local\Temp\MyBabylonTB.exe
C:\Users\Pauline\AppData\Local\Temp\pricepeep_1.exe
C:\Users\Pauline\AppData\Local\Temp\propsys.dll
C:\Users\Pauline\AppData\Local\Temp\push.exe
C:\Users\Pauline\AppData\Local\Temp\RegClean4.exe
C:\Users\Pauline\AppData\Local\Temp\rpidity.exe
C:\Users\Pauline\AppData\Local\Temp\toolbar_vit_sweetim.exe
C:\Users\Pauline\AppData\Local\Temp\VP6Install.exe
C:\Users\Pauline\AppData\Local\Temp\VP6VFW.dll
C:\Users\Pauline\AppData\Local\Temp\WinZipperdl.exe
C:\Users\Pauline\AppData\Local\Temp\yacdl.exe
Task: {3B974862-9C90-4062-A221-E8E8603DFD3D} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {4A2F1B60-D410-4B95-81B7-31AC87EFBC45} - \DealPly No Task File
Task: {9CC7EC23-A63F-4BAE-A9D1-5D66951811AB} - \LaunchApp No Task File
Task: {E50C9301-EABD-47DA-95FA-4C547F1FA6F5} - System32\Tasks\SoftwareUpdateTaskMachineUA => C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [2014-03-04] (The Software Group) <==== ATTENTION
Task: {ED3D6BC0-93C7-4465-AC3B-421FBD2B2DB4} - System32\Tasks\SoftwareUpdateTaskMachineCore => C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe [2014-03-04] (The Software Group) <==== ATTENTION
Task: C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job => C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job => C:\Program Files (x86)\Software\Update\SoftwareUpdate.exe <==== ATTENTION
end
*****************
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareService.exe => No running process found
C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5354.0\AdAwareTray.exe => No running process found
[4168] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe => Process closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\AdAwareTray => Value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Ad-Aware Browsing Protection => Value deleted successfully.
"c:\\progra~3\\bitguard\\271769~1.27\\{c16c1~1\\loader.dll" => Value Data removed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{252179A8-2354-A5F0-85D5-4F2A81E67C0E} => Key deleted successfully.
HKCR\CLSID\{252179A8-2354-A5F0-85D5-4F2A81E67C0E} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\TopResultURLFallback => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{252179A8-2354-A5F0-85D5-4F2A81E67C0E} => Key deleted successfully.
HKCR\CLSID\{252179A8-2354-A5F0-85D5-4F2A81E67C0E} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key deleted successfully.
HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86} => Key not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.Software.com/Software Update;version=3 => Key not found.
C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll not found.
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.Software.com/Software Update;version=9 => Key not found.
C:\Program Files (x86)\Software\Update\1.3.25.0\npSoftwareUpdate3.dll not found.
C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml => Moved successfully.
C:\Users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\hzk4lelo.default\Extensions\quick_start@gmail.com => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@WebexpEnhancedV1alpha381.net => Value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@MediaViewerV1alpha1973.net => Value deleted successfully.
C:\Program Files (x86)\MediaViewerV1\MediaViewerV1alpha1973\ff => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\ext@MediaViewV1alpha3444.net => Value deleted successfully.
C:\Program Files (x86)\MediaViewV1\MediaViewV1alpha3444\ff => Moved successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\quick_start@gmail.com => Value deleted successfully.
C:\Users\Pauline\AppData\Roaming\Mozilla\Firefox\Profiles\hzk4lelo.default\extensions\quick_start@gmail.com not found.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
HKCU\SOFTWARE\Policies\Google => Key deleted successfully.
C:\Program Files (x86)\Software\Update\1.2.201.0\npSoftwareOneClick8.dll not found.
C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmifolfpllfdhilecpdpmemhelmanajl => Moved successfully.
C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\miphlmjbiceogjebghdceoefdhdanpfm => Key deleted successfully.
"C:\Program Files (x86)\WebexpEnhancedV1\WebexpEnhancedV1alpha381\ch\WebexpEnhancedV1alpha381.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mmifolfpllfdhilecpdpmemhelmanajl => Key deleted successfully.
"C:\Program Files (x86)\BetterSurf\BetterSurfPlus\ch\BetterSurfPlus.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole => Key deleted successfully.
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma => Key deleted successfully.
C:\Users\Pauline\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx => Moved successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command\\Default => Value was restored successfully.
LavasoftAdAwareService11 => Service not found.
Software_update => Service not found.
Software_update_m => Service not found.
C:\Program Files (x86)\SupTab => Moved successfully.
C:\ProgramData\IePluginService => Moved successfully.
C:\Program Files (x86)\Desk 365 => Moved successfully.
"C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job" => File/Directory not found.
"C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job" => File/Directory not found.
"C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineUA" => File/Directory not found.
"C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineCore" => File/Directory not found.
C:\Users\Pauline\AppData\Roaming\SupTab => Moved successfully.
C:\Users\Pauline\AppData\Roaming\Desk 365 => Moved successfully.
C:\Users\Pauline\AppData\Local\Software => Moved successfully.
C:\Program Files (x86)\Software => Moved successfully.
C:\ProgramData\WPM => Moved successfully.
C:\Users\Pauline\Downloads\Setup.exe => Moved successfully.
C:\AVScanner.ini => Moved successfully.
C:\Users\Pauline\AppData\Local\adawarebp => Moved successfully.
C:\Users\Pauline\AppData\Roaming\LavasoftStatistics => Moved successfully.
"C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk" => File/Directory not found.
"C:\Users\Pauline\AppData\Roaming\Lavasoft" => File/Directory not found.
C:\ProgramData\Ad-Aware Browsing Protection => Moved successfully.
"C:\Program Files\Lavasoft" => File/Directory not found.
C:\Users\Pauline\AppData\Roaming\SecureSearch => Moved successfully.
"C:\Program Files\Common Files\Lavasoft" => File/Directory not found.
C:\Program Files (x86)\Lavasoft => Moved successfully.
C:\Users\Pauline\Downloads\Adaware_Installer.exe => Moved successfully.
C:\ProgramData\Lavasoft => Moved successfully.
C:\Program Files (x86)\MediaViewV1 => Moved successfully.
C:\Program Files (x86)\MediaViewerV1 => Moved successfully.
"C:\Program Files (x86)\BetterSurf" => File/Directory not found.
"C:\Program Files (x86)\WebexpEnhancedV1" => File/Directory not found.
C:\Users\Pauline\AppData\Local\Temp\4ff64bbd-a5c4-4c9a-b285-8760e658468d.exe => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\adks_awesomehp.exe => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\AutoRun.exe => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\AutoRunGUI.dll => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\BackupSetup.exe => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\BoxoreInstaller.exe => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\BundleSweetIMSetup.exe => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\dealply.exe => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\drm_dialogs.dll => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\drm_dyndata_7400006.dll => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\EnhanceTronicSetup_20131220.exe => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\ICReinstall_MSAoE.exe => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\installhelper.dll => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\Messenger-full-installer.exe => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\MyBabylonTB.exe => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\pricepeep_1.exe => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\propsys.dll => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\push.exe => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\RegClean4.exe => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\rpidity.exe => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\toolbar_vit_sweetim.exe => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\VP6Install.exe => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\VP6VFW.dll => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\WinZipperdl.exe => Moved successfully.
C:\Users\Pauline\AppData\Local\Temp\yacdl.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3B974862-9C90-4062-A221-E8E8603DFD3D} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3B974862-9C90-4062-A221-E8E8603DFD3D} => Key deleted successfully.
C:\Windows\System32\Tasks\Desk 365 RunAsStdUser => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Desk 365 RunAsStdUser => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A2F1B60-D410-4B95-81B7-31AC87EFBC45} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A2F1B60-D410-4B95-81B7-31AC87EFBC45} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPly => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CC7EC23-A63F-4BAE-A9D1-5D66951811AB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CC7EC23-A63F-4BAE-A9D1-5D66951811AB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchApp => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E50C9301-EABD-47DA-95FA-4C547F1FA6F5} => Key not found.
C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineUA not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SoftwareUpdateTaskMachineUA => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED3D6BC0-93C7-4465-AC3B-421FBD2B2DB4} => Key not found.
C:\Windows\System32\Tasks\SoftwareUpdateTaskMachineCore not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SoftwareUpdateTaskMachineCore => Key not found.
C:\Windows\Tasks\SoftwareUpdateTaskMachineCore.job not found.
C:\Windows\Tasks\SoftwareUpdateTaskMachineUA.job not found.
The system needed a reboot.
==== End of Fixlog ====
Je télécharge Shortcut Cleaner maintenant :)
Encore merci... Heureusement que vous pouvez nous aider!! :sup:
-
Shortcut Cleaner 1.2.9 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
http://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 03/05/2014 08:47:38 AM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Users\Pauline\AppData\Roaming\Microsoft\Windows\Start Menu\
* Shortcut Cleaned: C:\Users\Pauline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
* Shortcut Cleaned: C:\Users\Pauline\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
* Shortcut Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com/?type=sc&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
* Shortcut Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Packard Bell - Security & Support\Contact.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
Searching C:\Users\Pauline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
* Shortcut Cleaned: C:\Users\Pauline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com/?type=sc&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
* Shortcut Cleaned: C:\Users\Pauline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
* Shortcut Cleaned: C:\Users\Pauline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk => C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
* Shortcut Cleaned: C:\Users\Pauline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (3).lnk => C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
* Shortcut Cleaned: C:\Users\Pauline\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe http://www.awesomehp.com/?type=sc&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
Searching C:\Users\Public\Desktop\
* Shortcut Cleaned: C:\Users\Public\Desktop\Google Chrome.lnk => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe http://www.awesomehp.com/?type=sc&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
* Shortcut Cleaned: C:\Users\Public\Desktop\Mozilla Firefox.lnk => C:\Program Files (x86)\Mozilla Firefox\firefox.exe http://www.awesomehp.com/?type=sc&ts=1393951000&from=adks&uid=WDCXWD5000BEVT-22A0RT0_WD-WXP1E21HYJ86HYJ86
Searching C:\Users\Pauline\Desktop
11 bad shortcuts found.
Program finished at: 03/05/2014 08:47:40 AM
Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)
-
Je n'ai plus de mots verts, ni de publicités ni de pages qui s'ouvrent en permanence!!
MERCI!!!!! :BAN
-
Re,
C'est bien, mais nous n'avons pas encore terminé ;)
Télécharge AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) (de Xplode) sur ton Bureau.
- Double-clique sur adwcleaner.exe pour lancer le programme.
(Utilisateur de Vista/Windows 7/8, clique-droit sur le fichier adwcleaner.exe -> Exécuter en tant qu'administrateur)
- Dans la fenêtre principal, choisis l'option Scanner.
- Attend la fin de la recherche puis clique sur l'option Rapport.
- Un fichier texte apparaitra (sinon, il est situé ici C:\AdwCleaner[Rx].txt). Poste-le dans ta prochaine réponse.
-
Bonjour,
J'ai le même problème.
Voici le rapport dans le lien :
http://up.security-x.fr/file.php?h=Re59059a9fe6a34fa4b721f4d0b750962
Merci d'avance pour votre aide.
-
Bonsoir hb68,
Merci de créer ton propre sujet pour obtenir une prise en charge.
Un seul sujet par utilisateur et pc.
:AAN