plus de bureau

Questions relatives à la sécurité de votre ordinateur sous Windows: résolution des problèmes liés aux virus, pare-feu, ...

Re: plus de bureau

Messagepar chantal11 » Sam 1 Nov 2014 12:30

Re,

Tu as posté un rapport d'analyse FRST.
Ce n'est pas ce que je t'ai demandé.
Je te demande le rapport obtenu après avoir appliqué le correctif FRST, quand tu as cliqué sur le bouton Fix dans la fenêtre de l'outil FRST.
Tu as bien appliqué le correctif ?

@+
Image Image
Image
En cas de problème constaté sur un sujet, alertez un modérateur. N'intervenez pas vous-même. Merci
Avatar de l’utilisateur
chantal11
 
Messages: 13504
Inscription: Dim 11 Jan 2009 15:14
Localisation: Aude

Re: plus de bureau

Messagepar vero4x4 » Sam 1 Nov 2014 12:38

quand j'ai cliqué cela ne m'a rien marqué juste éteint mon ordi
vero4x4
 
Messages: 26
Inscription: Mer 29 Oct 2014 17:37

Re: plus de bureau

Messagepar chantal11 » Sam 1 Nov 2014 18:42

Re,

Le PC a juste redémarré, c'est bien cela ?

Tu as regardé si tu trouves le rapport Fixlog ?
Au besoin, fais une recherche sur fixlog dans Démarrer -> Rechercher

Si oui, tu peux le poster s'il te plaît ?

@+
Image Image
Image
En cas de problème constaté sur un sujet, alertez un modérateur. N'intervenez pas vous-même. Merci
Avatar de l’utilisateur
chantal11
 
Messages: 13504
Inscription: Dim 11 Jan 2009 15:14
Localisation: Aude

Re: plus de bureau

Messagepar vero4x4 » Sam 1 Nov 2014 20:36

oui c'est cela je recherche
vero4x4
 
Messages: 26
Inscription: Mer 29 Oct 2014 17:37

Re: plus de bureau

Messagepar vero4x4 » Sam 1 Nov 2014 20:38

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 30-10-2014 01
Ran by Véronique at 2014-11-01 09:32:47 Run:2
Running from C:\Users\Véronique\Downloads
Loaded Profiles: Véronique & (Available profiles: Véronique & Véro & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => "C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" File Not Found
GroupPolicy: Group Policy on Chrome detected
ProxyServer: http=127.0.0.1:56847
URLSearchHook: HKLM-x32 - Default Value = {3B81079D-2AC9-425f-A494-A1C7D93AFA3C}
URLSearchHook: HKLM-x32 - (No Name) - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - No File
BHO-x32: IDMIEHlprObj Class -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> No File
BHO-x32: FG2CatchUrl -> {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} -> No File
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
Toolbar: HKLM - No Name - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File
Toolbar: HKLM-x32 - AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Toolbar: HKLM-x32 - No Name - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File
Toolbar: HKLM-x32 - No Name - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - No File
Toolbar: HKCU - No Name - {DE9C389F-3316-41A7-809B-AA305ED9D922} - No File
Toolbar: HKCU - No Name - {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - No File
Handler-x32: bubbledock - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
Tcpip\..\Interfaces\{57791F99-25AC-40AA-A238-02CC970CD339}: [NameServer] 178.33.41.181,46.4.70.20
Tcpip\..\Interfaces\{68FA0B06-2BB5-4AE8-A852-2162B295BA20}: [NameServer] 178.33.41.181,46.4.70.20
Tcpip\..\Interfaces\{86F6A176-C8B4-414C-B0BB-D24137A85C87}: [NameServer] 178.33.41.181,46.4.70.20
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Véronique\AppData\Roaming\Mozilla\Firefox\Profiles\gz59g32w.default\Extensions\ascsurfingprotection@iobit.com [2014-08-27]
FF HKCU\...\Firefox\Extensions: [goobar@gootoolbar.com] - C:\Users\Véronique\AppData\Roaming\GooToolBar\GooToolBar Installer\1.0.0.0
FF Extension: goobar - C:\Users\Véronique\AppData\Roaming\GooToolBar\GooToolBar Installer\1.0.0.0 [2011-10-10]
FF HKCU\...\Firefox\Extensions: [{39207FA9-632F-58D1-AE46-2F7C370FBF59}] - C:\Program Files (x86)\di8BlockAndSurf\175.xpi
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT331791 ... 04D1&SSPV=
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3317919&octid=EB_ORIGINAL_CTID&ISID=M79A44FAD-12B9-4E0B-9453-A9AAD73DB88B&SearchSource=55&CUI=&UM=6&UP=SPB9751DED-5AEE-443A-A854-9897173104D1&SSPV="
CHR DefaultSearchKeyword: Default -> trovi.search_
CHR DefaultSearchURL: Default -> http://www.trovi.com/Results.aspx?gd=&c ... C5C27BE&q={searchTerms}&SSPV=SP21514T3B_sp_ch
CHR HKLM-x32\...\Chrome\Extension: [kpipfkmkpknchlpbaghhhlfpjpidfaif] - C:\ProgramData\Download and Sa\kpipfkmkpknchlpbaghhhlfpjpidfaif.crx []
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
R2 tor; C:\Program Files (x86)\Tor\tor.exe [3233806 2013-09-04] () [File not signed]
C:\Program Files (x86)\di8BlockAndSurf
C:\PROGRA~2\SearchProtect
C:\Program Files (x86)\Babylon
C:\Program Files (x86)\IObit
C:\Program Files (x86)\PenWes
C:\Program Files (x86)\MyPC Backup
C:\Program Files (x86)\Tor
C:\Users\Véronique\AppData\Roaming\~gtypvnx.exe
C:\Users\Véronique\AppData\Roaming\~ifclqpj.exe
C:\Users\Véronique\AppData\Roaming\GooToolBar
Task: {3A6DF6E8-783B-4E44-A5E8-C94B1D13F676} - System32\Tasks\ASC7_SkipUac_Véronique => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-05-23] (IObit)
Task: {4CFF79D9-0CC6-4D08-9A4F-E59072513925} - System32\Tasks\PenWes => C:\Program Files (x86)\PenWes\penwes.exe
Task: {76976753-734E-4280-930E-108138819EF1} - System32\Tasks\TaskUserUpdate_wp => C:\Users\Véronique\AppData\Roaming\~gtypvnx.exe
Task: {8F6E60C8-A5BD-4A8F-B91F-23E2130E8781} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe
Task: {AA6D6CFA-61AF-4C7F-BCDB-AD00F54BE39D} - System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC => C:\Users\Véronique\AppData\Roaming\~ifclqpj.exe
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:6FE816BE
AlternateDataStreams: C:\ProgramData\Temp:B26E984E
Reg: reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d explorer.exe /f
Hosts:
EmptyTemp:
end
*****************

Processes closed successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data not found.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\ => Value not found.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C} => Value not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}" => Key not found.
"HKCR\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}" => Key not found.
"HKCR\Wow6432Node\CLSID\{1F364306-AA45-47B5-9F9D-39A8B94E7EF1}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key not found.
"HKCR\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} => Value not found.
"HKCR\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => Value not found.
"HKCR\Wow6432Node\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} => Value not found.
"HKCR\Wow6432Node\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C} => Value not found.
"HKCR\Wow6432Node\CLSID\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DE9C389F-3316-41A7-809B-AA305ED9D922} => Value not found.
"HKCR\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EFEED92A-A33D-4873-BA8F-32BAA631E54D} => Value not found.
"HKCR\CLSID\{EFEED92A-A33D-4873-BA8F-32BAA631E54D}" => Key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\bubbledock" => Key not found.
"HKCR\Wow6432Node\CLSID\{3050F3DA-98B5-11CF-BB82-00AA00BDCE0B}" => Key not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{57791F99-25AC-40AA-A238-02CC970CD339}\\NameServer => Value not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{68FA0B06-2BB5-4AE8-A852-2162B295BA20}\\NameServer => Value not found.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{86F6A176-C8B4-414C-B0BB-D24137A85C87}\\NameServer => Value not found.
C:\Users\Véronique\AppData\Roaming\Mozilla\Firefox\Profiles\gz59g32w.default\Extensions\ascsurfingprotection@iobit.com not found.
HKCU\Software\Mozilla\Firefox\Extensions\\goobar@gootoolbar.com => Value not found.
C:\Users\Véronique\AppData\Roaming\GooToolBar\GooToolBar Installer\1.0.0.0 not found.
HKCU\Software\Mozilla\Firefox\Extensions\\{39207FA9-632F-58D1-AE46-2F7C370FBF59} => Value not found.
C:\Program Files (x86)\IObit Apps Toolbar\FF not found.
Chrome HomePage not detected.
Chrome StartupUrls not detected.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kpipfkmkpknchlpbaghhhlfpjpidfaif" => Key not found.
"C:\ProgramData\Download and Sa\kpipfkmkpknchlpbaghhhlfpjpidfaif.crx" => File/Directory not found.
AdvancedSystemCareService7 => Service not found.
tor => Service not found.
"C:\Program Files (x86)\di8BlockAndSurf" => File/Directory not found.
"C:\PROGRA~2\SearchProtect" => File/Directory not found.
"C:\Program Files (x86)\Babylon" => File/Directory not found.
"C:\Program Files (x86)\IObit" => File/Directory not found.
"C:\Program Files (x86)\PenWes" => File/Directory not found.
"C:\Program Files (x86)\MyPC Backup" => File/Directory not found.
"C:\Program Files (x86)\Tor" => File/Directory not found.
"C:\Users\Véronique\AppData\Roaming\~gtypvnx.exe" => File/Directory not found.
"C:\Users\Véronique\AppData\Roaming\~ifclqpj.exe" => File/Directory not found.
"C:\Users\Véronique\AppData\Roaming\GooToolBar" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A6DF6E8-783B-4E44-A5E8-C94B1D13F676}" => Key not found.
C:\Windows\System32\Tasks\ASC7_SkipUac_Véronique not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASC7_SkipUac_Véronique" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4CFF79D9-0CC6-4D08-9A4F-E59072513925}" => Key not found.
C:\Windows\System32\Tasks\PenWes not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PenWes" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{76976753-734E-4280-930E-108138819EF1}" => Key not found.
C:\Windows\System32\Tasks\TaskUserUpdate_wp not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TaskUserUpdate_wp" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8F6E60C8-A5BD-4A8F-B91F-23E2130E8781}" => Key not found.
C:\Windows\System32\Tasks\LaunchSignup not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AA6D6CFA-61AF-4C7F-BCDB-AD00F54BE39D}" => Key not found.
C:\Windows\System32\Tasks\WIN-GGfIfEGCfEGbGffIfCfEGC not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WIN-GGfIfEGCfEGbGffIfCfEGC" => Key not found.
"C:\ProgramData\Temp" => ":373E1720" ADS not found.
"C:\ProgramData\Temp" => ":6FE816BE" ADS not found.
"C:\ProgramData\Temp" => ":B26E984E" ADS not found.

========= reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon" /v Shell /t REG_SZ /d explorer.exe /f =========

L'op‚ration a r‚ussi.



========= End of Reg: =========

"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not reset Hosts.
EmptyTemp: => Removed 14.3 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
vero4x4
 
Messages: 26
Inscription: Mer 29 Oct 2014 17:37

Re: plus de bureau

Messagepar chantal11 » Sam 1 Nov 2014 21:11

Re,

OK, ce nouveau rapport Fixlog prouve que tu avais bien appliqué le correctif la première fois.

Nous continuons le nettoyage.

--------------------------------------------------------------------------------------------------------------

ZHPCleaner-Scanner :

  • Télécharge ZHPCleaner de Nicolas Coolman en cliquant sur le gros bouton bleu "Télécharger" et enregistre-le sur le Bureau
  • Ferme toutes les applications, y compris le navigateur
  • Double-clique sur l'icône ZHPCleaner.exe
    /!\ Sous Vista, Windows 7 et 8, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Accepte l'accord de licence
  • Clique sur le bouton Scanner
  • Poste le rapport obtenu ZHPCleaner.txt qui s'affiche.

---------------------------------------------------------------------------------------------

Est attendu le rapport :
ZHPCleaner-Scanner

@+
Image Image
Image
En cas de problème constaté sur un sujet, alertez un modérateur. N'intervenez pas vous-même. Merci
Avatar de l’utilisateur
chantal11
 
Messages: 13504
Inscription: Dim 11 Jan 2009 15:14
Localisation: Aude

Re: plus de bureau

Messagepar vero4x4 » Dim 2 Nov 2014 08:52

bonjour
voici le rapport ZHP cleaner

~ ZHPCleaner v2014.11.1.203 by Nicolas Coolman (01/11/2014)
~ Run by Véronique (Administrator) (02/11/2014 07:38:34)
~ WebSite : http://nicolascoolman.fr
~ Forum : http://forum.nicolascoolman.fr
~ State version : Version à jour
~ Type : Scanner
~ Report : C:\Users\Véronique\ClubDeJeux\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Véronique\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\ Service. (0)
~ Aucun élément malicieux trouvé.


---\\ Navigateur internet. (3)
TROUVÉ Proxy: ProxyHttp1.1 ( 1 )
TROUVÉ Proxy: ProxyOverride ( *.offerbox.com;<local> )
TROUVÉ IE Params: Tabs ( res://ieframe.dll/tabswelcome.htm )


---\\ Fichier hôte. (1)
~ Le fichier hôte est légitime. (15516)


---\\ Tâche planifiée. (0)
~ Aucun élément malicieux trouvé.


---\\ Explorateur ( Dossiers, Fichiers ). (12)
TROUVÉ: C:\Windows\Installer\{4C6F4EE5-F42F-4288-B970-2B5FAD1D85BD}\boxore.ico [Boxore Client] (Adware.Boxore)
TROUVÉ: C:\ProgramData\InstallMate (PUP.Tarma)
TROUVÉ: C:\ProgramData\InstallMate\EasyLife Updater (PUP.Tarma)
TROUVÉ: C:\ProgramData\InstallMate\{02E9A9BD-EF45-F7AB-1540-A767D90A8B4B} (PUP.Tarma)
TROUVÉ: C:\ProgramData\InstallMate\{1AFFCF78-782B-4DCA-AF21-3009C11CED8E} (PUP.Tarma)
TROUVÉ: C:\ProgramData\InstallMate\{2856FC09-5F17-4443-A6A8-1735F3B5DEFF} (PUP.Tarma)
TROUVÉ: C:\ProgramData\InstallMate\{4F4B1B48-EB76-8ADE-6835-A35494A839BE} (PUP.Tarma)
TROUVÉ: C:\ProgramData\InstallMate\{ACE9FB2A-31A5-4285-9510-43F1636EAB21} (PUP.Tarma)
TROUVÉ: C:\Users\Véronique\AppData\Roaming\winservices (Trojan.Inject.RRE)
TROUVÉ: C:\Users\Véronique\AppData\Roaming\winservices\current_conf.ini (Trojan.Inject.RRE)
TROUVÉ: C:\Windows\Prefetch\MYPC BACKUP.EXE-98FB306F.pf (PUP.MyPCBackup)
TROUVÉ: C:\Users\Véronique\AppData\Roaming\Bubble Dock.installation.log (PUP.BubbleDock)


---\\ Base de Registres ( Clés, Valeurs, Données ). (44)
TROUVÉ: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client (PUP.Babylon)
TROUVÉ: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BabylonToolbar (PUP.Babylon)
TROUVÉ: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaMServer (PUP.WebPlat)
TROUVÉ: HKCR\Installer\Products\5EE4F6C4F24F88249B07B2F5DAD158DB [Boxore Client] (Adware.Boxore)
TROUVÉ: HKCR\Installer\Products\9888910D6677B424BA181FF6E8DDEF4F [Facemoods] (Adware.Facemoods)
TROUVÉ: HKCR\Installer\Features\5EE4F6C4F24F88249B07B2F5DAD158DB [Boxore Client] (Adware.Boxore)
TROUVÉ: HKCR\Installer\Features\9888910D6677B424BA181FF6E8DDEF4F [Facemoods] (Adware.Facemoods)
TROUVÉ: HKCR\Installer\UpgradeCodes\5EE4F6C4F24F88249B07B2F5DAD158DB [Boxore Client] (Adware.Boxore)
TROUVÉ: HKCR\Installer\UpgradeCodes\9888910D6677B424BA181FF6E8DDEF4F [Facemoods] (Adware.Facemoods)
TROUVÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} [ShopperReports.dll] (Adware.ShopperReports)
TROUVÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} [ShoppingReport.dll] (Adware.ShoppingReport)
TROUVÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} [BabylonToolbar.dll] (PUP.Babylon)
TROUVÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [BabylonToolbar.dll] (PUP.Babylon)
TROUVÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} [BabylonToolbarTlbr.dll] (PUP.Babylon)
TROUVÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} [ShoppingReport.dll] (Adware.ShoppingReport)
TROUVÉ: HKCU\Software\HackerPro (Toolbar.Agent)
TROUVÉ: [X64] HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASAPI32 (Adware.DomaIQ)
TROUVÉ: [X64] HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASMANCS (Adware.DomaIQ)
TROUVÉ: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client (PUP.Babylon)
TROUVÉ: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BabylonToolbar (PUP.Babylon)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Facemoods-setup(2)_RASAPI32 (Adware.Facemoods)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Facemoods-setup(2)_RASMANCS (Adware.Facemoods)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Facemoods-setup_RASAPI32 (Adware.Facemoods)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Facemoods-setup_RASMANCS (Adware.Facemoods)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMeshMediaBar_RASAPI32 (PUP.iMesh)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMeshMediaBar_RASMANCS (PUP.iMesh)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMesh_V11_fr_Setup_RASAPI32 (PUP.iMesh)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMesh_V11_fr_Setup_RASMANCS (PUP.iMesh)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_0-05vgkvWP__RASAPI32 (Adware.IMBooster)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_0-05vgkvWP__RASMANCS (Adware.IMBooster)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock(2)_RASAPI32 (PUP.BubbleDock)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock(2)_RASMANCS (PUP.BubbleDock)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock_RASAPI32 (PUP.BubbleDock)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock_RASMANCS (PUP.BubbleDock)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\KiweeToolbarSetup_RASAPI32 (PUP.Kiwee)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\KiweeToolbarSetup_RASMANCS (PUP.Kiwee)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Softonic_FranceToolbarHelper_RASAPI32 (PUP.Softonic)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Softonic_FranceToolbarHelper_RASMANCS (PUP.Softonic)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Whitesmoke-setup_RASAPI32 (PUP.WhiteSmoke)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Whitesmoke-setup_RASMANCS (PUP.WhiteSmoke)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\whitesmoke_setup_RASAPI32 (PUP.WhiteSmoke)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\whitesmoke_setup_RASMANCS (PUP.WhiteSmoke)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-1428_RASAPI32 (Adware.Yontoo)
TROUVÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-1428_RASMANCS (Adware.Yontoo)



---\\ Bilan de la réparation
~ Aucune réparation effectuée.


End of clean at 07:47:08
vero4x4
 
Messages: 26
Inscription: Mer 29 Oct 2014 17:37

Re: plus de bureau

Messagepar chantal11 » Dim 2 Nov 2014 10:47

Bonjour,

OK pour le rapport.

---------------------------------------------------------------------------------------------

ZHPCleaner-Réparer :

  • Ferme toutes les applications, y compris le navigateur
  • Double-clique sur l'icône ZHPCleaner.exe
    /!\ Sous Vista, Windows 7 et 8, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Accepte l'accord de licence
  • Clique sur le bouton Réparer
  • Poste le rapport obtenu ZHPCleaner.txt qui s'affiche.

---------------------------------------------------------------------------------------------

Est attendu le nouveau rapport ZHPCleaner.

@+
Image Image
Image
En cas de problème constaté sur un sujet, alertez un modérateur. N'intervenez pas vous-même. Merci
Avatar de l’utilisateur
chantal11
 
Messages: 13504
Inscription: Dim 11 Jan 2009 15:14
Localisation: Aude

Re: plus de bureau

Messagepar vero4x4 » Dim 2 Nov 2014 11:56

~ ZHPCleaner v2014.11.1.203 by Nicolas Coolman (01/11/2014)
~ Run by Véronique (Administrator) (02/11/2014 10:47:58)
~ WebSite : http://nicolascoolman.fr
~ Forum : http://forum.nicolascoolman.fr
~ State version : Version à jour
~ Type : Réparer
~ Report : C:\Users\Véronique\ClubDeJeux\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Véronique\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Windows 7, 64-bit Service Pack 1 (Build 7601)


---\\ Service. (0)
~ Aucun élément malicieux trouvé.


---\\ Navigateur internet. (3)
REMPLACÉ Proxy: ProxyHttp1.1 ( 1 )
REMPLACÉ Proxy: ProxyOverride ( *.offerbox.com;<local> )
REMPLACÉ IE Params: Tabs ( res://ieframe.dll/tabswelcome.htm )


---\\ Fichier hôte. (1)
~ Le fichier hôte est légitime. (15516)


---\\ Tâche planifiée. (0)
~ Aucun élément malicieux trouvé.


---\\ Explorateur ( Dossiers, Fichiers ). (12)
DEPLACÉ: C:\Windows\Installer\{4C6F4EE5-F42F-4288-B970-2B5FAD1D85BD}\boxore.ico [Boxore Client] (Adware.Boxore)
DEPLACÉ: C:\ProgramData\InstallMate (PUP.Tarma)
DEPLACÉ: C:\ProgramData\InstallMate\EasyLife Updater (PUP.Tarma)
DEPLACÉ: C:\ProgramData\InstallMate\{02E9A9BD-EF45-F7AB-1540-A767D90A8B4B} (PUP.Tarma)
DEPLACÉ: C:\ProgramData\InstallMate\{1AFFCF78-782B-4DCA-AF21-3009C11CED8E} (PUP.Tarma)
DEPLACÉ: C:\ProgramData\InstallMate\{2856FC09-5F17-4443-A6A8-1735F3B5DEFF} (PUP.Tarma)
DEPLACÉ: C:\ProgramData\InstallMate\{4F4B1B48-EB76-8ADE-6835-A35494A839BE} (PUP.Tarma)
DEPLACÉ: C:\ProgramData\InstallMate\{ACE9FB2A-31A5-4285-9510-43F1636EAB21} (PUP.Tarma)
DEPLACÉ: C:\Users\Véronique\AppData\Roaming\winservices (Trojan.Inject.RRE)
DEPLACÉ: C:\Users\Véronique\AppData\Roaming\winservices\current_conf.ini (Trojan.Inject.RRE)
DEPLACÉ: C:\Windows\Prefetch\MYPC BACKUP.EXE-98FB306F.pf (PUP.MyPCBackup)
DEPLACÉ: C:\Users\Véronique\AppData\Roaming\Bubble Dock.installation.log (PUP.BubbleDock)


---\\ Base de Registres ( Clés, Valeurs, Données ). (40)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Babylon Client (PUP.Babylon)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BabylonToolbar (PUP.Babylon)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NokiaMServer (PUP.WebPlat)
SUPPRIMÉ: HKCR\Installer\Products\5EE4F6C4F24F88249B07B2F5DAD158DB [Boxore Client] (Adware.Boxore)
SUPPRIMÉ: HKCR\Installer\Products\9888910D6677B424BA181FF6E8DDEF4F [Facemoods] (Adware.Facemoods)
SUPPRIMÉ: HKCR\Installer\Features\5EE4F6C4F24F88249B07B2F5DAD158DB [Boxore Client] (Adware.Boxore)
SUPPRIMÉ: HKCR\Installer\Features\9888910D6677B424BA181FF6E8DDEF4F [Facemoods] (Adware.Facemoods)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465} [ShopperReports.dll] (Adware.ShopperReports)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754} [ShoppingReport.dll] (Adware.ShoppingReport)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} [BabylonToolbar.dll] (PUP.Babylon)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} [BabylonToolbar.dll] (PUP.Babylon)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} [BabylonToolbarTlbr.dll] (PUP.Babylon)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939} [ShoppingReport.dll] (Adware.ShoppingReport)
SUPPRIMÉ: HKCU\Software\HackerPro (Toolbar.Agent)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASAPI32 (Adware.DomaIQ)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Microsoft\Tracing\DomaIQ10_RASMANCS (Adware.DomaIQ)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Facemoods-setup(2)_RASAPI32 (Adware.Facemoods)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Facemoods-setup(2)_RASMANCS (Adware.Facemoods)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Facemoods-setup_RASAPI32 (Adware.Facemoods)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Facemoods-setup_RASMANCS (Adware.Facemoods)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMeshMediaBar_RASAPI32 (PUP.iMesh)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMeshMediaBar_RASMANCS (PUP.iMesh)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMesh_V11_fr_Setup_RASAPI32 (PUP.iMesh)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iMesh_V11_fr_Setup_RASMANCS (PUP.iMesh)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_0-05vgkvWP__RASAPI32 (Adware.IMBooster)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\IminentSetup_0-05vgkvWP__RASMANCS (Adware.IMBooster)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock(2)_RASAPI32 (PUP.BubbleDock)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock(2)_RASMANCS (PUP.BubbleDock)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock_RASAPI32 (PUP.BubbleDock)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock_RASMANCS (PUP.BubbleDock)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\KiweeToolbarSetup_RASAPI32 (PUP.Kiwee)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\KiweeToolbarSetup_RASMANCS (PUP.Kiwee)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Softonic_FranceToolbarHelper_RASAPI32 (PUP.Softonic)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Softonic_FranceToolbarHelper_RASMANCS (PUP.Softonic)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Whitesmoke-setup_RASAPI32 (PUP.WhiteSmoke)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Whitesmoke-setup_RASMANCS (PUP.WhiteSmoke)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\whitesmoke_setup_RASAPI32 (PUP.WhiteSmoke)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\whitesmoke_setup_RASMANCS (PUP.WhiteSmoke)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-1428_RASAPI32 (Adware.Yontoo)
SUPPRIMÉ: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\YontooSetup-1428_RASMANCS (Adware.Yontoo)



---\\ Bilan de la réparation
~ Réparation réalisée avec succès.


End of clean at 10:54:36
vero4x4
 
Messages: 26
Inscription: Mer 29 Oct 2014 17:37

Re: plus de bureau

Messagepar chantal11 » Lun 3 Nov 2014 10:01

Bonjour,

OK pour le rapport.

Comment se comporte le système maintenant ?

@+
Image Image
Image
En cas de problème constaté sur un sujet, alertez un modérateur. N'intervenez pas vous-même. Merci
Avatar de l’utilisateur
chantal11
 
Messages: 13504
Inscription: Dim 11 Jan 2009 15:14
Localisation: Aude

PrécédenteSuivante

Retourner vers Sécurité, firewall / Antivirus

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 1 invité

Livre photo