publicité intempestives

[cafrine]

Bonjour,

Mes enfants ont téléchargé un programme hier sur un site de streaming qu'ils n'auraient pas du.
J'ai desinstallé différents programmes via le panneau de configuration, mais internet est particulièrement lent et j'ai des barres de pub de dynamic-pricer et des pages qui s'ouvre (qui me mène vers des sites de téléchargements de films) dès que je clique sur un lien quelconque.

En regardant un peu dans le forum j'ai fait un scan adwcleaner et otl dont les rapports sont sur ce lien.
http://pjjoint.malekal.com/files.php?id ... 13t10d8f14
http://pjjoint.malekal.com/files.php?id ... 8m12j15n10
http://pjjoint.malekal.com/files.php?id ... 13q8l11c10

Je vous remercie par avance de votre aide

[Malekal_morte]

Salut,

Y a pas que des adwares, tu as aussi des Trojans




Relance OTL.
o sous Personnalisation (Custom Scan), copie_colle le contenu ci dessous (bien prendre :OTL en début).
Clic Correction (Fix), un rapport apparraitra, copie/colle le contenu ici:

:OTL
SRV - [2014/11/02 15:57:48 | 000,268,600 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\dsrvprn.exe -- (dsrvprn)
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BF883488-0379-470e-8BF2-C5D1F3828428}: C:\PROGRAM FILES\SHOP FOR REWARDS\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BF883488-0379-470e-8BF2-C5D1F3828428}: C:\Program Files\Shop For Rewards\Firefox
O4 - HKLM..\Run: [CrashMon] C:\Program Files (x86)\0ca45c95134d\5596b4e010aa.exe UniversalUpdater http://log.data-url.com/crash/ File not found <b>[Pays US - 75.98.78.110]</b>
O4 - HKLM..\Run: [mbot_fr_236] File not found
O4 - HKLM..\Run: [Salus CrashMon] C:\Program Files (x86)\f552dd4c52e3\a7d12b5975b4.exe ()
O4 - HKU\S-1-5-21-1746491103-973508975-3473146620-14389..\Run: [KLPkInst_25b6630f-9a59-4bc6-8d72-56bc48cb3bd9] C:\Users\sdiallo\Desktop\NetAgent_9.2.69_KES_8.1.0.831 FR\setup.exe -KLPI 25b6630f-9a59-4bc6-8d72-56bc48cb3bd9 -tl 4 File not found
O4 - HKU\S-1-5-21-1746491103-973508975-3473146620-14389..\Run: [KLPkInst_4086e474-ea43-4b23-ba6a-9d9077c7ffbf] C:\Users\sdiallo\Desktop\NetAgent_9.2.69_KES_8.1.0.831 FR\setup.exe -KLPI 4086e474-ea43-4b23-ba6a-9d9077c7ffbf -tl 4 File not found
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OU.jpg ()
O4 - HKLM..\Run: [Discovery User Input] C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\User Input\userin32.exe ()
[2014/11/07 08:40:57 | 001,464,240 | ---- | C] (Cinema ProV07.11) -- C:\Users\sdiallo\AppData\Roaming\AJ.exe
[2014/11/07 08:40:39 | 001,940,912 | ---- | C] (Cinema ProV07.11) -- C:\Users\sdiallo\AppData\Roaming\LXPFBUK.exe
[2014/11/07 08:39:35 | 001,464,240 | ---- | C] (HQuality3V07.11) -- C:\Users\sdiallo\AppData\Roaming\GO.exe
[2014/11/07 08:39:16 | 001,940,912 | ---- | C] (HQuality3V07.11) -- C:\Users\sdiallo\AppData\Roaming\HARX.exe
[2014/11/07 08:39:07 | 000,000,000 | ---D | C] -- C:\Users\sdiallo\AppData\Local\globalUpdate
[2014/11/07 08:28:36 | 000,000,000 | ---D | C] -- C:\Users\sdiallo\AppData\Local\LPT
[2014/11/07 02:52:06 | 000,000,000 | ---D | C] -- C:\Users\sdiallo\AppData\Local\Smartbar
[2014/11/07 02:51:49 | 000,000,000 | ---D | C] -- C:\Users\sdiallo\AppData\Local\Temp28213
[2014/11/07 02:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\f552dd4c52e3
[2014/11/07 17:26:49 | 000,001,342 | ---- | M] () -- C:\windows\tasks\HARX.job
[2014/11/07 17:26:47 | 000,001,338 | ---- | M] () -- C:\windows\tasks\AJ.job
[2014/11/07 17:26:46 | 000,001,338 | ---- | M] () -- C:\windows\tasks\GO.job
[2014/11/07 17:26:45 | 000,001,692 | ---- | M] () -- C:\windows\tasks\LXPFBUK.job
[2014/11/07 12:08:02 | 000,000,936 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1746491103-973508975-3473146620-14389UA.job
[2014/11/07 08:40:57 | 001,464,240 | ---- | M] (Cinema ProV07.11) -- C:\Users\sdiallo\AppData\Roaming\AJ.exe
[2014/11/07 08:40:39 | 001,940,912 | ---- | M] (Cinema ProV07.11) -- C:\Users\sdiallo\AppData\Roaming\LXPFBUK.exe
[2014/11/07 08:39:35 | 001,464,240 | ---- | M] (HQuality3V07.11) -- C:\Users\sdiallo\AppData\Roaming\GO.exe
[2014/11/07 08:39:16 | 001,940,912 | ---- | M] (HQuality3V07.11) -- C:\Users\sdiallo\AppData\Roaming\HARX.exe
[2014/11/07 02:41:30 | 000,000,045 | ---- | M] () -- C:\user.js
[2014/11/06 15:08:00 | 000,000,914 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-1746491103-973508975-3473146620-14389Core.job
[2014/11/05 18:36:36 | 000,047,408 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\windows\SysNative\drivers\b786bdb3c67d.sys
[2014/11/02 15:57:48 | 000,268,600 | ---- | M] () -- C:\windows\SysWow64\dsrvprn.exe
[2013/10/04 08:25:52 | 000,001,672 | ---- | C] () -- C:\Users\sdiallo\AppData\Local\CPAUTO.tmp.bdefhc
[2013/09/26 08:30:12 | 000,001,672 | ---- | C] () -- C:\Users\sdiallo\AppData\Local\CPAUTO.tmp.r445ec
[2013/07/26 08:42:02 | 000,001,615 | ---- | C] () -- C:\Users\sdiallo\AppData\Local\CPAUTO.tmp.ken9q8


* poste le rapport ici


Redémarre l'ordinateur


Scan Malwarebytes (temps : environ 40min de scan):
==================================================
Télécharge et installe Malwarebyte : https://www.malekal.com/malwarebyte-ant ... les-virus/
Mets le à jour puis lance un examen.

A la fin du scan, clic sur "Mettre tout en quarantaine" en bas à gauche.
Redémarre l'ordinateur si besoin.
Après redémarrage, relance Malwarebytes.
Vas chercher le rapport dans l'onglet Historique.
A gauche Journal des examens.
Doube-clic sur l'examen dans la liste.
Puis en bas Copier dans le presse papier
Vas sur http://pjjoint.malekal.com et en bas, clic droit / coller pour coller le rapport du scan Malwarebytes.
Clic sur envoyer.
Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.

[cafrine]

voila c'est fait !

Rapport otl :
========== OTL ==========
Service dsrvprn stopped successfully!
Service dsrvprn deleted successfully!
C:\Windows\SysWOW64\dsrvprn.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BF883488-0379-470e-8BF2-C5D1F3828428} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BF883488-0379-470e-8BF2-C5D1F3828428}\ not found.
File C:\Program Files\Shop For Rewards\Firefox not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\CrashMon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mbot_fr_236 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Salus CrashMon deleted successfully.
C:\Program Files (x86)\f552dd4c52e3\a7d12b5975b4.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1746491103-973508975-3473146620-14389\Software\Microsoft\Windows\CurrentVersion\Run\\KLPkInst_25b6630f-9a59-4bc6-8d72-56bc48cb3bd9 deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1746491103-973508975-3473146620-14389\Software\Microsoft\Windows\CurrentVersion\Run\\KLPkInst_4086e474-ea43-4b23-ba6a-9d9077c7ffbf deleted successfully.
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OU.jpg moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Discovery User Input deleted successfully.
C:\Program Files (x86)\FrontRange Solutions\Discovery Client Agent\User Input\userin32.exe moved successfully.
C:\Users\sdiallo\AppData\Roaming\AJ.exe moved successfully.
C:\Users\sdiallo\AppData\Roaming\LXPFBUK.exe moved successfully.
C:\Users\sdiallo\AppData\Roaming\GO.exe moved successfully.
C:\Users\sdiallo\AppData\Roaming\HARX.exe moved successfully.
C:\Users\sdiallo\AppData\Local\globalUpdate\CrashReports folder moved successfully.
C:\Users\sdiallo\AppData\Local\globalUpdate folder moved successfully.
C:\Users\sdiallo\AppData\Local\LPT\Resources folder moved successfully.
C:\Users\sdiallo\AppData\Local\LPT\Configs folder moved successfully.
C:\Users\sdiallo\AppData\Local\LPT folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\DistributionFiles\Profiles folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\DistributionFiles\Configs folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\DistributionFiles folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Common\ServicesPlugins folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Common\iconsWide folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Common\icons folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Common\Configs folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Common folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\tr folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\ru folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\Resources folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\pt folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\nl folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\it folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\[email protected]\components folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\[email protected]\chrome\PublisherImages folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\[email protected]\chrome\images folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\[email protected]\chrome folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\[email protected] folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\he folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\fr folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\es folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\de folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\Configs folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\ar folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\PublisherImages folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\JS folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\images folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\CSS folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar\Application folder moved successfully.
C:\Users\sdiallo\AppData\Local\Smartbar folder moved successfully.
C:\Users\sdiallo\AppData\Local\Temp28213 folder moved successfully.
Folder move failed. C:\Program Files (x86)\f552dd4c52e3 scheduled to be moved on reboot.
C:\Windows\Tasks\HARX.job moved successfully.
C:\Windows\Tasks\AJ.job moved successfully.
C:\Windows\Tasks\GO.job moved successfully.
C:\Windows\Tasks\LXPFBUK.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1746491103-973508975-3473146620-14389UA.job moved successfully.
File C:\Users\sdiallo\AppData\Roaming\AJ.exe not found.
File C:\Users\sdiallo\AppData\Roaming\LXPFBUK.exe not found.
File C:\Users\sdiallo\AppData\Roaming\GO.exe not found.
File C:\Users\sdiallo\AppData\Roaming\HARX.exe not found.
C:\user.js moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1746491103-973508975-3473146620-14389Core.job moved successfully.
C:\Windows\SysNative\drivers\b786bdb3c67d.sys moved successfully.
File C:\windows\SysWow64\dsrvprn.exe not found.
C:\Users\sdiallo\AppData\Local\CPAUTO.tmp.bdefhc moved successfully.
C:\Users\sdiallo\AppData\Local\CPAUTO.tmp.r445ec moved successfully.
C:\Users\sdiallo\AppData\Local\CPAUTO.tmp.ken9q8 moved successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 11072014_195247

Files\Folders moved on Reboot...
C:\Program Files (x86)\f552dd4c52e3 folder moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Et celui de malwarebytes
http://pjjoint.malekal.com/files.php?id ... 0y15c14o12

Merci

[Malekal_morte]

Plus de publicités intempestives?

[cafrine]

Bonjour,

Il y en a toujours.
De plus hier j'ai oublié de préciser que je n'ai pas réussi à me debarrasser d'un programme "shopping helper smartbar".

[Malekal_morte]

oui il reste des DNS parasites.


[*] Télécharger sur le bureau http://forum.malekal.com/roguekiller-t29444.html (suivre le lien officiel)
[*] !!! ATTENTION !! Sur la page de RogueKiller - "Prendre Lien de téléchargement" - avec les cercles violets. En cliquant sur ces cercles le programme se télécharge.
[*] Quitter tous les programmes
[*] Lancer RogueKiller.exe.
[*] Attendre que le Prescan ait fini ...
[*] Lance un scan afin de débloquer le bouton Suppression à droite.

Coche les lignes PUM.DNS 31.168.224.100 5.135.12.56

[*] Clic sur Suppression.
[*] Copie/colle le contenu du rapport ici.

!!! Je répète bien faire Suppression à droite et poster le rapport. !!!



~~


Fais le nettoyage Malwarebytes.

[cafrine]

Bonjour,

Voici le rapport

RogueKiller V10.0.4.0 (x64) [Oct 29 2014] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : https://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en : Mode normal
Utilisateur : SDIALLO [Administrateur]
Mode : Suppression -- Date : 11/08/2014 16:02:23

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 25 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1746491103-973508975-3473146620-14389\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http://ecsproxy:3128 -> Non sélectionné
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1746491103-973508975-3473146620-14389\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http://ecsproxy:3128 -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1A8123B8-4A3E-43B2-8BDC-66A2A4E5AB2E} | NameServer : 31.168.224.100,5.135.12.56 [(Unknown Country?) (XX)] -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{59E40305-479C-4E43-ADAC-2A534303467B} | NameServer : 31.168.224.100,5.135.12.56 [(Unknown Country?) (XX)] -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{59E40305-479C-4E43-ADAC-2A534303467B} | DhcpNameServer : 10.92.32.20 10.11.200.3 [(Private Address) (XX)] -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B07E8F68-6C93-458A-A392-097816CBAB1E} | NameServer : 31.168.224.100,5.135.12.56 [(Unknown Country?) (XX)] -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B07E8F68-6C93-458A-A392-097816CBAB1E} | DhcpNameServer : 10.11.12.1 [(Private Address) (XX)] -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1A8123B8-4A3E-43B2-8BDC-66A2A4E5AB2E} | NameServer : 31.168.224.100,5.135.12.56 [(Unknown Country?) (XX)] -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{59E40305-479C-4E43-ADAC-2A534303467B} | NameServer : 31.168.224.100,5.135.12.56 [(Unknown Country?) (XX)] -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{59E40305-479C-4E43-ADAC-2A534303467B} | DhcpNameServer : 10.92.32.20 10.11.200.3 [(Private Address) (XX)] -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B07E8F68-6C93-458A-A392-097816CBAB1E} | NameServer : 31.168.224.100,5.135.12.56 [(Unknown Country?) (XX)] -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B07E8F68-6C93-458A-A392-097816CBAB1E} | DhcpNameServer : 10.11.12.1 [(Private Address) (XX)] -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1A8123B8-4A3E-43B2-8BDC-66A2A4E5AB2E} | NameServer : 31.168.224.100,5.135.12.56 [(Unknown Country?) (XX)] -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{59E40305-479C-4E43-ADAC-2A534303467B} | NameServer : 31.168.224.100,5.135.12.56 [(Unknown Country?) (XX)] -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{59E40305-479C-4E43-ADAC-2A534303467B} | DhcpNameServer : 10.92.32.20 10.11.200.3 [(Private Address) (XX)] -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B07E8F68-6C93-458A-A392-097816CBAB1E} | NameServer : 31.168.224.100,5.135.12.56 [(Unknown Country?) (XX)] -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B07E8F68-6C93-458A-A392-097816CBAB1E} | DhcpNameServer : 10.11.12.1 [(Private Address) (XX)] -> Non sélectionné
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Non sélectionné
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Non sélectionné
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1746491103-973508975-3473146620-14389\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Non sélectionné
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1746491103-973508975-3473146620-14389\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Non sélectionné
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Non sélectionné
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Non sélectionné
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Non sélectionné
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Non sélectionné

¤¤¤ Tâches : 4 ¤¤¤
[Suspicious.Path] \\AJ -- C:\Users\sdiallo\AppData\Roaming\AJ.exe (/infocmdline=sDxCUdHmu0nlJoNMwXHknEu8ipDo+zj8t3ntEeC3Z3Zksr33g2iejzvTP+DMANBHeDhkJ6b8+EyuBC8RQZHkkPRJ7LhZmbJkBEODpP0sMvxK4Id79J1YI1oC7tsnGewUKWp7fmcvJLDyCQsihRt1m17xioOb34cUIdUExG72/IZV65IL/Ny9xkxm+isPv3l7b8S/f1jGFqdbRE1qs7emJ0k/CCUXrMdJVCa69uo3KqbF2T56mg7OdCPmpyHgyE6HZ3opc7rNIP0OK2VQntygSWHimcJknBgh0aEsyevvfS+/lG064e8oVlZy63MfNTJ000LIqCDbfIG5fhLLHPWH2lTgfmYM7Abw3gBEjudsUaHhGCyLMt5rUtNA1SyIy/uS9ECYB9Z6R26Qz3LVe/Ke+tlkM959TBP2gxRGiQeRepRPBM5SrFxhi/wKfJNKuwsBeWaMvXc/XkN5+c3v0uCvXoWQRtPRs6eL0P3xnT3sbKkKYYUJtKhIeUDnBFm9gjMG) -> Supprimé(e)
[Suspicious.Path] \\GO -- C:\Users\sdiallo\AppData\Roaming\GO.exe (/infocmdline=GSq3qQY3c9xoMOEVXh3krApTIAtrTAVCh7AKbQp933uxsjDV38baFvZ0FTJIdgkAlUEFRFfJRYrQW8NCrRV/Smktg/EkPdPAWXoHdFj9UjUMFfnmZWpIU0z25qDGb8y0x98DOP/lqJQ0D6peowv0U3Htjeh4qX3LGiAm4zqeS7NV65IL/Ny9xkxm+isPv3l7b8S/f1jGFqdbRE1qs7emJ0k/CCUXrMdJVCa69uo3KqbF2T56mg7OdCPmpyHgyE6HZ3opc7rNIP0OK2VQntygSWHimcJknBgh0aEsyevvfS+/lG064e8oVlZy63MfNTJ000LIqCDbfIG5fhLLHPWH2iflkk8GFOevtKolBcXYAzcP0kUJ5Hz1qJq4/Loj1BY6oiw3BNH8W6lBwpAoQ9lBFLG8SOV7WUVW8i3P+qiBLH8z+rgJGQkDsfzAtodcMVEmvB/gZuMFameyiYnHkJtfkljDgfnC658B4rB2s2iF47ubEQtP9EYgS76XFn4tKA1h) -> Supprimé(e)
[Suspicious.Path] \\HARX -- C:\Users\sdiallo\AppData\Roaming\HARX.exe (/infocmdline=wQipYxkUfrVF1GmWdXokrN4fURs2WhNAjQHyg34fME/Ng2U+Z2ZmtAkV4qSZWAK4hjXzvTGecQU2qg8tRQWYE6qb059WFJkzTBgntmExqLI5Xn6saHiaLEj9lNu3g8KutIaNIQO1/fQrJPI1JXlYEVzsCaWjvy/9Ig72+LaLXHYC53v6/elHjlUfaU8eXb5zkJ9QERjOOjc9pB+5zHXR8IAWd6Rnhoo89YupYh5K5Kf2x0Orch0s6ASnpUuvk15/dEXd2DLy4KJjjrfJS6rlMCpEy4khyW/iIpXCd1faeA8fCrHus7DlTH0BkDOFfTA4q9KUTzHUm8Me4+s03H6QFXssohJhEnOtQe3yQNulRDTpYA1fz53XxQrZWSStzvasr9FPlbwNTON/RIn80xej6iUAqIe0lw2xlC7A0xv23aAo5MN1mB8kppiboEUllbZDmTraovuQUINezzsMb7tvHrterDk8J6/FPOjRnsorGfRrq8qfuiQk2vRpM0j3V0r7) -> Supprimé(e)
[Suspicious.Path] \\LXPFBUK -- C:\Users\sdiallo\AppData\Roaming\LXPFBUK.exe (/infocmdline=gCcNzpBSWKQXms3Z4FIHcW3vOr3VDravxQBtg0qRKHCcj2ON6y8tFfYRvhbXktoTrnKrgrUYqK5Cgt+pRtSl+3JKADpFDzmDYOJWj5s/fYNx/EQ4J3bW0I67OHNGeMTjb31+P6A7NXpZ9FaO6vDrdqK5FojSYa6LTTLAVwJTmtANKSO/tyeDEwVNukJsseG8JIQ8uFGQrCdMw1g7IoyHiypi7I4CA4+KMARqPvrRkJbLfSyB/ZPv3hv6aN+3/DGntNbeZGlRTkrRKknswzKbVGQH51TUhS8KJUvSOfcHLf576V5zlw78P1cG0Ml0L+fsWbKUrXCbqQ1Y8isYA1yiWR5mZNsMhokg+uc/fS5lIRX+j+vi9hKhw5LqA1RV7N63b69SU6EYjSzBuc2DPpC33DPz0WdhnQH5dOYua4qbbrr8GNgUjYIEGkvO3uEaTeQh7TO+T98mUboJRmVVQTuECkKzm11sFSQc5p7fB7nDoS0ttfm76nZ/QWlkD848wp8yqA5POcZgiGcz88A0D/owDv2EW28VYmjIYUpcNAfwwBd8A7nOqSIXtDw3Vqe0JeZHQr6Yp/Ves+OqMM8587Ryv2iCkwpevi6rrr9x9A4crcJfU6S+2xTNAyYBSdpWy9qW1vh9vSUNyhCrdLSjq0PfHww9PoW/hIZdMw4hjfXxM70=) -> Supprimé(e)

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: HGST HTS725050A7E630 +++++
--- User ---
[MBR] d43a542e0c1ab7afdfab709a5e13f841
[BSP] 31701e2184e27e0c60f13a96f33935c9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 103000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 210946048 | Size: 5000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 221186048 | Size: 368938 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_11082014_155352.log

Et j'ai nettoyé malwarebytes.

[Malekal_morte]

Tu n'as pas coché les lignes PUM.DNS comme demandé semble-t-il.

[cafrine]

Effectivement je ne les avais pas toutes cochés.
Ca doit être bon maintenant.

RogueKiller V10.0.4.0 (x64) [Oct 29 2014] par Adlice Software
email : http://www.adlice.com/contact/
Remontées : http://forum.adlice.com
Site web : https://www.surlatoile.org/RogueKiller/
Blog : http://www.adlice.com

Système d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Démarré en : Mode normal
Utilisateur : SDIALLO [Administrateur]
Mode : Suppression -- Date : 11/08/2014 19:14:49

¤¤¤ Processus : 0 ¤¤¤

¤¤¤ Registre : 24 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-1746491103-973508975-3473146620-14389\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http://ecsproxy:3128 -> Non sélectionné
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-1746491103-973508975-3473146620-14389\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http://ecsproxy:3128 -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{1A8123B8-4A3E-43B2-8BDC-66A2A4E5AB2E} | NameServer : 31.168.224.100,5.135.12.56 [(Unknown Country?) (XX)] -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{59E40305-479C-4E43-ADAC-2A534303467B} | NameServer : 31.168.224.100,5.135.12.56 [(Unknown Country?) (XX)] -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{59E40305-479C-4E43-ADAC-2A534303467B} | DhcpNameServer : 10.92.32.20 10.11.200.3 [(Private Address) (XX)] -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B07E8F68-6C93-458A-A392-097816CBAB1E} | NameServer : 31.168.224.100,5.135.12.56 [(Unknown Country?) (XX)] -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B07E8F68-6C93-458A-A392-097816CBAB1E} | DhcpNameServer : 10.11.12.1 [(Private Address) (XX)] -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{1A8123B8-4A3E-43B2-8BDC-66A2A4E5AB2E} | NameServer : 31.168.224.100,5.135.12.56 [(Unknown Country?) (XX)] -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{59E40305-479C-4E43-ADAC-2A534303467B} | NameServer : 31.168.224.100,5.135.12.56 [(Unknown Country?) (XX)] -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{59E40305-479C-4E43-ADAC-2A534303467B} | DhcpNameServer : 10.92.32.20 10.11.200.3 [(Private Address) (XX)] -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B07E8F68-6C93-458A-A392-097816CBAB1E} | NameServer : 31.168.224.100,5.135.12.56 [(Unknown Country?) (XX)] -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B07E8F68-6C93-458A-A392-097816CBAB1E} | DhcpNameServer : 10.11.12.1 [(Private Address) (XX)] -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{1A8123B8-4A3E-43B2-8BDC-66A2A4E5AB2E} | NameServer : 31.168.224.100,5.135.12.56 [(Unknown Country?) (XX)] -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{59E40305-479C-4E43-ADAC-2A534303467B} | NameServer : 31.168.224.100,5.135.12.56 [(Unknown Country?) (XX)] -> Remplacé(e) ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{59E40305-479C-4E43-ADAC-2A534303467B} | DhcpNameServer : 10.92.32.20 10.11.200.3 [(Private Address) (XX)] -> Non sélectionné
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{B07E8F68-6C93-458A-A392-097816CBAB1E} | DhcpNameServer : 10.11.12.1 [(Private Address) (XX)] -> Non sélectionné
[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Non sélectionné
[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Non sélectionné
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1746491103-973508975-3473146620-14389\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Non sélectionné
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1746491103-973508975-3473146620-14389\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Non sélectionné
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Non sélectionné
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Non sélectionné
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Non sélectionné
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Non sélectionné

¤¤¤ Tâches : 0 ¤¤¤

¤¤¤ Fichiers : 0 ¤¤¤

¤¤¤ Fichier Hosts : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Chargé) ¤¤¤

¤¤¤ Navigateurs web : 0 ¤¤¤

¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: HGST HTS725050A7E630 +++++
--- User ---
[MBR] d43a542e0c1ab7afdfab709a5e13f841
[BSP] 31701e2184e27e0c60f13a96f33935c9 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 103000 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 210946048 | Size: 5000 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 221186048 | Size: 368938 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_11082014_160223.log - RKreport_SCN_11082014_155352.log - RKreport_SCN_11082014_190655.log

[Malekal_morte]

C'est mieux, tu notes un changement ?

[cafrine]

Bonjour,

Plus de publicités c'est génial. Merci !!!

[Malekal_morte]

Quelques conseils :

Installe Malwarebyte's Anti-Malware : https://www.malekal.com/malwarebyte-ant ... les-virus/
Fais des scans réguliers avec, il est efficace.


Pour prévenir les sites malicieux, tu peux installer Blockulicious : http://forum.malekal.com/blockulicious- ... 46656.html


Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/