[Résolu] Windows 7 a été infecté, "Search" et "Sidecube"

[Grosdoy]

Bonjour,

Je n'arrive pas a me débarrasser de Search, Sidecube et autre pourrisseurs de navigateurs.

FRST.txt
http://pjjoint.malekal.com/files.php?id ... i15k11x7o7

Addition.txt
http://pjjoint.malekal.com/files.php?id ... y12m15j9q9

Shotcurt.txt
http://pjjoint.malekal.com/files.php?id ... h13t8l10z8


SI quelqu'un peut m'aider ...

Merci d'avance

[Malekal_morte]

Salut,

PC bien pourri.
En plus tu as installé Reimage, surement à cause de publicités incessantes pour ce soft ...
Hijack.DNS
Détournement de la page de démarrage des navigateurs WEB.
Adwares dans tous les sens.

Trois étapes sont à faire.

Voici la correction à effectuer avec FRST. Tu peux t'aider de cette note explicative avec des captures d'écran.

Ouvre le bloc-notes : Touche Windows + R,
Dans le champs "Exécuter", saisir notepad et OK.
Copie/Colle dedans ce qui suit :

Code : Tout sélectionner

CreateRestorePoint:
CloseProcesses:
Task: {3FDAAD98-F5A3-4CD7-923B-26E34D53A908} - System32\Tasks\gyroductdo => C:\Windows\system32\config\systemprofile\AppData\Local\Ran-Lux [Argument = /t 3898 8171] <==== ATTENTION
Task: {6031A778-2323-4381-A4F9-5F60527E631F} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2016-09-29] (Reimage ltd.) <==== ATTENTION
Task: {6900AA1D-3460-4727-B0AE-73BE66DD0BF6} - System32\Tasks\Tergas Log => C:\Program Files\Drarush\qerzeght.exe
Task: {6E50FEC4-8335-46D4-8227-A9FE07B51AA9} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2016-09-28] (Reimage®) <==== ATTENTION
Task: {9042A587-74AB-4EB3-8E41-73E80AB0680C} - System32\Tasks\klfzq1f4 => C:\Program Files\Common Files\lkgcx453\a17d7tj2n3tah.exe [2016-10-09] () <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\administrateur\Desktop\CGoban 3.lnk -> W:\installs\Java\jre_1_8\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://files.gokgs.com/javaBin/cgoban.jnlp "C:\Users\administrateur\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\21086f76-68fc2e17"
ShortcutWithArgument: C:\Users\administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://9o0gle.com/
ShortcutWithArgument: C:\Users\administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KGS Online\CGoban 3.lnk -> W:\installs\Java\jre_1_8\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://files.gokgs.com/javaBin/cgoban.jnlp "C:\Users\administrateur\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\21086f76-68fc2e17"
ShortcutWithArgument: C:\Users\administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://9o0gle.com/
ShortcutWithArgument: C:\Users\administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://9o0gle.com/
ShortcutWithArgument: C:\Users\administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://9o0gle.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://9o0gle.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://9o0gle.com/
 2016-10-10 20:05 - 2016-10-13 18:04 - 00510016 _____ C:\Windows\system32\NetUtils2016.dll  
 2016-10-09 21:46 - 2016-10-13 18:02 - 00000000 ____D C:\ProgramData\Affenpinscher 
 2016-10-09 21:46 - 2016-10-09 21:46 - 02935850 _____ () C:\Program Files\Common Files\vbohorpw.exe  
 2016-10-09 21:46 - 2016-10-09 21:46 - 00000000 ____D C:\ProgramData\Affenpinschers 
 2016-10-09 21:44 - 2016-10-09 21:44 - 00000000 ____D C:\Program Files\Common Files\lkgcx453 
 2016-10-09 20:24 - 2016-10-10 20:00 - 00000000 ____D C:\Users\administrateur\AppData\Local\Apps\2.0  
 2016-10-09 20:01 - 2016-10-09 20:01 - 00000000 ____D C:\Users\Public\Thunder Network 
 2016-10-09 19:59 - 2016-10-09 19:59 - 00000000 ____D C:\Users\administrateur\AppData\Local\Lahpyphehiied 
 2016-10-09 19:55 - 2016-10-10 20:00 - 00691832 _____ C:\Windows\system32\Drivers\NetUtils2016.sys  
 2016-10-09 19:55 - 2016-10-09 19:55 - 00000000 ____D C:\Windows\system32\sstmp 
 2016-10-09 19:54 - 2016-10-09 19:54 - 00000000 _____ C:\TOSTACK 
 2016-10-09 19:48 - 2016-10-09 19:48 - 00136811 _____ () C:\Users\administrateur\AppData\Roaming\Stimair.bin  
 2016-10-09 19:48 - 2016-10-09 19:48 - 00041472 _____ C:\Users\administrateur\AppData\Local\Bamtechno.dat  
 2016-10-09 19:48 - 2016-10-09 19:48 - 00004608 _____ C:\Users\administrateur\AppData\Local\Bamtechno.exe  
 2016-10-09 19:48 - 2016-10-09 19:48 - 00000187 _____ C:\Users\administrateur\AppData\Local\Bamtechno.exe.config  
 2016-10-09 19:47 - 2016-10-09 19:47 - 07176704 _____ C:\Users\administrateur\AppData\Roaming\agent.dat  
 2016-10-09 19:47 - 2016-10-09 19:47 - 01927094 _____ C:\Users\administrateur\AppData\Roaming\Lightfax.tst 
 2016-10-09 19:47 - 2016-10-09 19:47 - 01897577 _____ C:\Users\administrateur\AppData\Roaming\TrueFax.bin  
 2016-10-09 19:47 - 2016-10-09 19:47 - 00190394 _____ C:\Users\administrateur\AppData\Roaming\Lexidublam.bin  
 2016-10-09 19:47 - 2016-10-09 19:47 - 00126464 _____ C:\Users\administrateur\AppData\Roaming\noah.dat  
 2016-10-09 19:47 - 2016-10-09 19:47 - 00070704 _____ C:\Users\administrateur\AppData\Roaming\Config.xml  
 2016-10-09 19:47 - 2016-10-09 19:47 - 00018432 _____ C:\Users\administrateur\AppData\Roaming\Main.dat  
 2016-10-09 19:47 - 2016-10-09 19:47 - 00005568 _____ C:\Users\administrateur\AppData\Roaming\md.xml  
 2016-10-09 19:47 - 2016-10-09 19:45 - 00693760 _____ C:\Users\administrateur\AppData\Roaming\Lightfax.exe 
 2016-10-09 19:45 - 2016-10-09 19:55 - 00140288 _____ C:\Users\administrateur\AppData\Roaming\Installer.dat  
 2016-10-09 19:45 - 2016-10-09 19:55 - 00015792 _____ C:\Users\administrateur\AppData\Roaming\InstallationConfiguration.xml  
 2016-10-09 19:44 - 2016-10-09 20:26 - 00000000 ____D C:\Windows\system32\SSL 
 2016-10-09 19:44 - 2016-10-09 19:44 - 00000000 ____D C:\Users\administrateur\AppData\Local\Hcithergherksh 
 2016-10-06 18:51 - 2016-10-06 18:51 - 02009269 _____ C:\Windows\be043f80296f678ebfaded5cb2042353.exe  
 R2 Affenpinscher; C:\ProgramData\\Affenpinscher\\Affenpinscher.exe [400896 2016-10-09] () [File not signed] 
 R2 productliegyroductdo; C:\Users\administrateur\AppData\Local\Bamtechno.exe [4608 2016-10-09] () [File not signed] 
AppInit_DLLs: C:\ProgramData\Affenpinscher\Holdfan.dll => C:\ProgramData\Affenpinscher\Holdfan.dll [248320 2016-10-09] () 
 2016-10-13 21:37 - 2016-10-13 21:39 - 00000000 ____D C:\ProgramData\Reimage Protector  
 2016-10-13 21:37 - 2016-10-13 21:37 - 00002092 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk 
 2016-10-13 21:37 - 2016-10-13 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair  
 2014-06-16 21:53 - 2014-06-16 21:53 - 0830792 _____ (Click Me In Limited) C:\Users\administrateur\AppData\Local\nsuF05C.tmp  
 2014-06-16 21:29 - 2014-06-16 21:29 - 0301608 _____ (VuuPC Limited) C:\Users\administrateur\AppData\Local\nsv14FB.tmp  
 2016-10-09 19:48 - 2016-10-09 19:48 - 0041472 _____ () C:\Users\administrateur\AppData\Local\Bamtechno.dat  
 2016-10-09 19:48 - 2016-10-09 19:48 - 0004608 _____ () C:\Users\administrateur\AppData\Local\Bamtechno.exe  
 2016-10-09 19:48 - 2016-10-09 19:48 - 0000187 _____ () C:\Users\administrateur\AppData\Local\Bamtechno.exe.config  
 2016-10-13 21:36 - 2016-10-13 21:38 - 00000000 ____D C:\Program Files\Reimage  
 2016-10-13 21:35 - 2016-10-13 21:40 - 00000000 ____D C:\rei 
 2016-10-13 21:34 - 2016-10-13 21:40 - 00000150 _____ C:\Windows\Reimage.ini  
 R1 NetUtils2016; C:\Windows\system32\drivers\NetUtils2016.sys [691832 2016-10-10] () <==== ATTENTION  
RemoveProxy:
EmptyTemp:
Reboot:

Une fois, le texte collé dans le Bloc-notes,
Menu "Fichier" puis "Enregistrer sous",
A gauche, place toi sur le Bureau,
Dans le champs en bas, nom du fichier mets : fixlist.txt
Clique sur "Enregistrer", cela va créer fixlist.txt sur le Bureau.

Relance FRST et clique sur le bouton "Corriger / Fix"
Un redémarrage sera peut-être nécessaire ( pas obligatoire )
Un fichier texte apparait, copie/colle le contenu ici dans un nouveau message.


Redémarre l'ordinateur.

2°)
Réinitialise manuellement tes navigateurs (Pas de nettoyage zoek ou ZHPCleaner) :
* Réinitialiser et réparer Mozilla Firefox
* Réinitialiser et réparer Google Chrome
* Réinitialiser et réparer Internet Explorer

3°)
Remets/Vérifie que tous les serveurs de noms (DNS) sont automatiques. Suis le paragraphe "manuellement" PUIS vide ensuite le cache DNS et internet. Ces 3 étapes sont importantes et à faire sinon les publicités vont continuer.

[Grosdoy]

Merci pour la rapidité on progresse mais reste de problèmes

Voici le FixLog

Code : Tout sélectionner

Fix result of Farbar Recovery Scan Tool (x86) Version: 13-10-2016
Ran by administrateur (15-10-2016 10:43:00) Run:1
Running from C:\Users\administrateur\Desktop
Loaded Profiles: administrateur (Available Profiles: administrateur)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Task: {3FDAAD98-F5A3-4CD7-923B-26E34D53A908} - System32\Tasks\gyroductdo => C:\Windows\system32\config\systemprofile\AppData\Local\Ran-Lux [Argument = /t 3898 8171] <==== ATTENTION
Task: {6031A778-2323-4381-A4F9-5F60527E631F} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2016-09-29] (Reimage ltd.) <==== ATTENTION
Task: {6900AA1D-3460-4727-B0AE-73BE66DD0BF6} - System32\Tasks\Tergas Log => C:\Program Files\Drarush\qerzeght.exe
Task: {6E50FEC4-8335-46D4-8227-A9FE07B51AA9} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2016-09-28] (Reimage®) <==== ATTENTION
Task: {9042A587-74AB-4EB3-8E41-73E80AB0680C} - System32\Tasks\klfzq1f4 => C:\Program Files\Common Files\lkgcx453\a17d7tj2n3tah.exe [2016-10-09] () <==== ATTENTION
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Users\administrateur\Desktop\CGoban 3.lnk -> W:\installs\Java\jre_1_8\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://files.gokgs.com/javaBin/cgoban.jnlp "C:\Users\administrateur\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\21086f76-68fc2e17"
ShortcutWithArgument: C:\Users\administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://9o0gle.com/
ShortcutWithArgument: C:\Users\administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KGS Online\CGoban 3.lnk -> W:\installs\Java\jre_1_8\bin\javaws.exe (Oracle Corporation) -> -localfile -J-Djnlp.application.href=hxxp://files.gokgs.com/javaBin/cgoban.jnlp "C:\Users\administrateur\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\21086f76-68fc2e17"
ShortcutWithArgument: C:\Users\administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://9o0gle.com/
ShortcutWithArgument: C:\Users\administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://9o0gle.com/
ShortcutWithArgument: C:\Users\administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://9o0gle.com/
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://9o0gle.com/
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://9o0gle.com/
 2016-10-10 20:05 - 2016-10-13 18:04 - 00510016 _____ C:\Windows\system32\NetUtils2016.dll 
 2016-10-09 21:46 - 2016-10-13 18:02 - 00000000 ____D C:\ProgramData\Affenpinscher
 2016-10-09 21:46 - 2016-10-09 21:46 - 02935850 _____ () C:\Program Files\Common Files\vbohorpw.exe 
 2016-10-09 21:46 - 2016-10-09 21:46 - 00000000 ____D C:\ProgramData\Affenpinschers
 2016-10-09 21:44 - 2016-10-09 21:44 - 00000000 ____D C:\Program Files\Common Files\lkgcx453
 2016-10-09 20:24 - 2016-10-10 20:00 - 00000000 ____D C:\Users\administrateur\AppData\Local\Apps\2.0 
 2016-10-09 20:01 - 2016-10-09 20:01 - 00000000 ____D C:\Users\Public\Thunder Network
 2016-10-09 19:59 - 2016-10-09 19:59 - 00000000 ____D C:\Users\administrateur\AppData\Local\Lahpyphehiied
 2016-10-09 19:55 - 2016-10-10 20:00 - 00691832 _____ C:\Windows\system32\Drivers\NetUtils2016.sys 
 2016-10-09 19:55 - 2016-10-09 19:55 - 00000000 ____D C:\Windows\system32\sstmp
 2016-10-09 19:54 - 2016-10-09 19:54 - 00000000 _____ C:\TOSTACK
 2016-10-09 19:48 - 2016-10-09 19:48 - 00136811 _____ () C:\Users\administrateur\AppData\Roaming\Stimair.bin 
 2016-10-09 19:48 - 2016-10-09 19:48 - 00041472 _____ C:\Users\administrateur\AppData\Local\Bamtechno.dat 
 2016-10-09 19:48 - 2016-10-09 19:48 - 00004608 _____ C:\Users\administrateur\AppData\Local\Bamtechno.exe 
 2016-10-09 19:48 - 2016-10-09 19:48 - 00000187 _____ C:\Users\administrateur\AppData\Local\Bamtechno.exe.config 
 2016-10-09 19:47 - 2016-10-09 19:47 - 07176704 _____ C:\Users\administrateur\AppData\Roaming\agent.dat 
 2016-10-09 19:47 - 2016-10-09 19:47 - 01927094 _____ C:\Users\administrateur\AppData\Roaming\Lightfax.tst
 2016-10-09 19:47 - 2016-10-09 19:47 - 01897577 _____ C:\Users\administrateur\AppData\Roaming\TrueFax.bin 
 2016-10-09 19:47 - 2016-10-09 19:47 - 00190394 _____ C:\Users\administrateur\AppData\Roaming\Lexidublam.bin 
 2016-10-09 19:47 - 2016-10-09 19:47 - 00126464 _____ C:\Users\administrateur\AppData\Roaming\noah.dat 
 2016-10-09 19:47 - 2016-10-09 19:47 - 00070704 _____ C:\Users\administrateur\AppData\Roaming\Config.xml 
 2016-10-09 19:47 - 2016-10-09 19:47 - 00018432 _____ C:\Users\administrateur\AppData\Roaming\Main.dat 
 2016-10-09 19:47 - 2016-10-09 19:47 - 00005568 _____ C:\Users\administrateur\AppData\Roaming\md.xml 
 2016-10-09 19:47 - 2016-10-09 19:45 - 00693760 _____ C:\Users\administrateur\AppData\Roaming\Lightfax.exe
 2016-10-09 19:45 - 2016-10-09 19:55 - 00140288 _____ C:\Users\administrateur\AppData\Roaming\Installer.dat 
 2016-10-09 19:45 - 2016-10-09 19:55 - 00015792 _____ C:\Users\administrateur\AppData\Roaming\InstallationConfiguration.xml 
 2016-10-09 19:44 - 2016-10-09 20:26 - 00000000 ____D C:\Windows\system32\SSL
 2016-10-09 19:44 - 2016-10-09 19:44 - 00000000 ____D C:\Users\administrateur\AppData\Local\Hcithergherksh
 2016-10-06 18:51 - 2016-10-06 18:51 - 02009269 _____ C:\Windows\be043f80296f678ebfaded5cb2042353.exe 
 R2 Affenpinscher; C:\ProgramData\\Affenpinscher\\Affenpinscher.exe [400896 2016-10-09] () [File not signed]
 R2 productliegyroductdo; C:\Users\administrateur\AppData\Local\Bamtechno.exe [4608 2016-10-09] () [File not signed]
AppInit_DLLs: C:\ProgramData\Affenpinscher\Holdfan.dll => C:\ProgramData\Affenpinscher\Holdfan.dll [248320 2016-10-09] ()
 2016-10-13 21:37 - 2016-10-13 21:39 - 00000000 ____D C:\ProgramData\Reimage Protector 
 2016-10-13 21:37 - 2016-10-13 21:37 - 00002092 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
 2016-10-13 21:37 - 2016-10-13 21:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair 
 2014-06-16 21:53 - 2014-06-16 21:53 - 0830792 _____ (Click Me In Limited) C:\Users\administrateur\AppData\Local\nsuF05C.tmp 
 2014-06-16 21:29 - 2014-06-16 21:29 - 0301608 _____ (VuuPC Limited) C:\Users\administrateur\AppData\Local\nsv14FB.tmp 
 2016-10-09 19:48 - 2016-10-09 19:48 - 0041472 _____ () C:\Users\administrateur\AppData\Local\Bamtechno.dat 
 2016-10-09 19:48 - 2016-10-09 19:48 - 0004608 _____ () C:\Users\administrateur\AppData\Local\Bamtechno.exe 
 2016-10-09 19:48 - 2016-10-09 19:48 - 0000187 _____ () C:\Users\administrateur\AppData\Local\Bamtechno.exe.config 
 2016-10-13 21:36 - 2016-10-13 21:38 - 00000000 ____D C:\Program Files\Reimage 
 2016-10-13 21:35 - 2016-10-13 21:40 - 00000000 ____D C:\rei
 2016-10-13 21:34 - 2016-10-13 21:40 - 00000150 _____ C:\Windows\Reimage.ini 
 R1 NetUtils2016; C:\Windows\system32\drivers\NetUtils2016.sys [691832 2016-10-10] () <==== ATTENTION 
RemoveProxy:
EmptyTemp:
Reboot:
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3FDAAD98-F5A3-4CD7-923B-26E34D53A908}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FDAAD98-F5A3-4CD7-923B-26E34D53A908}" => key removed successfully.
C:\Windows\System32\Tasks\gyroductdo => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\gyroductdo" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6031A778-2323-4381-A4F9-5F60527E631F}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6031A778-2323-4381-A4F9-5F60527E631F}" => key removed successfully.
C:\Windows\System32\Tasks\Reimage Reminder => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Reimage Reminder" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6900AA1D-3460-4727-B0AE-73BE66DD0BF6}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6900AA1D-3460-4727-B0AE-73BE66DD0BF6}" => key removed successfully.
C:\Windows\System32\Tasks\Tergas Log => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Tergas Log" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6E50FEC4-8335-46D4-8227-A9FE07B51AA9}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E50FEC4-8335-46D4-8227-A9FE07B51AA9}" => key removed successfully.
C:\Windows\System32\Tasks\ReimageUpdater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9042A587-74AB-4EB3-8E41-73E80AB0680C}" => key removed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9042A587-74AB-4EB3-8E41-73E80AB0680C}" => key removed successfully.
C:\Windows\System32\Tasks\klfzq1f4 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\klfzq1f4" => key removed successfully.
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => removed successfully.
C:\Users\administrateur\Desktop\CGoban 3.lnk => Shortcut argument removed successfully..
C:\Users\administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully..
C:\Users\administrateur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KGS Online\CGoban 3.lnk => Shortcut argument removed successfully..
C:\Users\administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => Shortcut argument removed successfully..
C:\Users\administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk => Shortcut argument removed successfully..
C:\Users\administrateur\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => Shortcut argument removed successfully..
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully..
C:\Users\Public\Desktop\Mozilla Firefox.lnk => Shortcut argument removed successfully..
C:\Windows\system32\NetUtils2016.dll => moved successfully
C:\ProgramData\Affenpinscher => moved successfully
C:\Program Files\Common Files\vbohorpw.exe => moved successfully
C:\ProgramData\Affenpinschers => moved successfully
C:\Program Files\Common Files\lkgcx453 => moved successfully
C:\Users\administrateur\AppData\Local\Apps\2.0 => moved successfully
C:\Users\Public\Thunder Network => moved successfully
C:\Users\administrateur\AppData\Local\Lahpyphehiied => moved successfully
C:\Windows\system32\Drivers\NetUtils2016.sys => moved successfully
C:\Windows\system32\sstmp => moved successfully
C:\TOSTACK => moved successfully
C:\Users\administrateur\AppData\Roaming\Stimair.bin => moved successfully
C:\Users\administrateur\AppData\Local\Bamtechno.dat => moved successfully
C:\Users\administrateur\AppData\Local\Bamtechno.exe => moved successfully
C:\Users\administrateur\AppData\Local\Bamtechno.exe.config => moved successfully
C:\Users\administrateur\AppData\Roaming\agent.dat => moved successfully
C:\Users\administrateur\AppData\Roaming\Lightfax.tst => moved successfully
C:\Users\administrateur\AppData\Roaming\TrueFax.bin => moved successfully
C:\Users\administrateur\AppData\Roaming\Lexidublam.bin => moved successfully
C:\Users\administrateur\AppData\Roaming\noah.dat => moved successfully
C:\Users\administrateur\AppData\Roaming\Config.xml => moved successfully
C:\Users\administrateur\AppData\Roaming\Main.dat => moved successfully
C:\Users\administrateur\AppData\Roaming\md.xml => moved successfully
C:\Users\administrateur\AppData\Roaming\Lightfax.exe => moved successfully
C:\Users\administrateur\AppData\Roaming\Installer.dat => moved successfully
C:\Users\administrateur\AppData\Roaming\InstallationConfiguration.xml => moved successfully
C:\Windows\system32\SSL => moved successfully
C:\Users\administrateur\AppData\Local\Hcithergherksh => moved successfully
C:\Windows\be043f80296f678ebfaded5cb2042353.exe => moved successfully
Affenpinscher => service removed successfully.
productliegyroductdo => Service stopped successfully.
productliegyroductdo => service removed successfully.
"C:\ProgramData\Affenpinscher\Holdfan.dll" => Value data removed successfully..
C:\ProgramData\Reimage Protector => moved successfully
C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair => moved successfully
C:\Users\administrateur\AppData\Local\nsuF05C.tmp => moved successfully
C:\Users\administrateur\AppData\Local\nsv14FB.tmp => moved successfully
"C:\Users\administrateur\AppData\Local\Bamtechno.dat" => not found.
"C:\Users\administrateur\AppData\Local\Bamtechno.exe" => not found.
"C:\Users\administrateur\AppData\Local\Bamtechno.exe.config" => not found.
C:\Program Files\Reimage => moved successfully
C:\rei => moved successfully
C:\Windows\Reimage.ini => moved successfully
NetUtils2016 => Unable to stop service.
NetUtils2016 => service removed successfully.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-461764445-960237116-3714817136-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-461764445-960237116-3714817136-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully.


========= End of RemoveProxy: =========


=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 13718041 B
Java, Flash, Steam htmlcache => 596994 B
Windows/system/drivers => 183659972 B
Edge => 0 B
Chrome => 0 B
Firefox => 459725951 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 36245451 B
LocalService => 132244 B
NetworkService => 191756 B
administrateur => 349018977 B

RecycleBin => 50483351 B
EmptyTemp: => 1 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:48:38 ====

J'avais supprimmé
C:\Users\administrateur\AppData\Local\Bamtechno*


Mais mon navigateur (FF) est toujours quasiment inutilisable :
Dès que je clique ou TAB dedans ( y compris pour changer de champ d'un formulaire)

J'ai systématiquement ouverture d'un onglet, ou fenêtre vers des pub
pckeeper, reimage ...

De plus j'ai des inclusions de messages de type : "Content can(t be loaded, it's seems that you're not logged ... if it's first time please ... it's free"

le lien est évidemment pourri, du type :
http://speednetwork14.adk2x.com/click/L ... hpSWmK3aUo


J'ai raté ou mal executé une étape ?

[Malekal_morte]

Ton lien speedtest n'est pas bon.

1°)
MalwareBytes ( durée : environ 40min de scan ):
==================================================
Télécharge et installe MBAM. La version gratuite permet de nettoyer ( décoche bien la proposition d'essai de la version Premium à la fin de l'installation ) :
* Tutoriel Malwarebytes Anti-Malware (MBAM) version gratuite
* Tutoriel MBAM version payante

Mettre MBAM à jour puis lancer un examen.
A la fin du scan, clique sur "Supprimer Sélection" en bas à gauche.
Redémarrer l'ordinateur si nécessaire puis relancer Malwarebytes.
Vas chercher le rapport dans l'onglet "Historique".

A gauche "Journal d'analyse", double-clique sur l'examen dans la liste. Puis en bas "Copier dans le presse papier", va sur http://pjjoint.malekal.com/, clique droit "Coller" pour coller le contenu du rapport du scan. Clique sur "Envoyer". Dans un nouveau message ici en réponse, donne le lien pjjoint afin de pouvoir consulter le rapport.

2°)
Refais un scan FRST et donne les nouveaux rapports via pjjoint.

[Grosdoy]

Les PUP ont l'air là
rapport mbam
http://pjjoint.malekal.com/files.php?id ... 1y10g10n10

Je supprime tout ce qui est en quarantaine ?

FRST
http://pjjoint.malekal.com/files.php?id ... 2h6g13m8b5
Addition
http://pjjoint.malekal.com/files.php?id ... 15e9q13p15
shortcuts
http://pjjoint.malekal.com/files.php?id ... x6i11v6u15

Sinon, le navigateur est toujours un peu lent, mais on progresse toujours

[angelique]

1 . Sauvegarder restaurer ses marque-pages Firefox . > http://www.univ-rennes2.fr/sites/defaul ... irefox.pdf

2 . Fermer Firefox

3 . Tape dans exécuter (touche ѡindows+r du clavier) ---> %appdata%

- ouvrir le dossier Roaming dans la fenêtre qui s'ouvre

- supprimer le dossier \Mozilla


4 . Relançer Firefox


5 . restaurer ses marque-pages Firefox , voir 1 .


Puis sécurise le .::

Donc FireFox + Adblock + Blockulicious

• Firefox: http://www.mozilla.org/fr/firefox/new/ < https://download.mozilla.org/?product=f ... in&lang=fr > ou setup d'installation hors ligne > http://www.mozilla.org/en-US/firefox/all/

➬ Adblock: https://addons.mozilla.org/en-US/firefo ... lock-plus/ ou pour chrome https://chrome.google.com/webstore/deta ... idom?hl=fr

Mettre "actif" d'un clic les modules ci dessous qui apparraissent apres installation de ADBlock : chrome://adblockplus/content/ui/firstRun.html



List FR + EasyList << à mettre à jour regulièrement ainsi que les autres





NOTE POUR Adblock :
Certains sites abusent des publicités, dont leurs pages peuvent en être inondées (cela ralentit la navigation etc). Mais notez que les publicités sont parfois le seul revenus des sites WEB.
Filtrer toutes les publicités peuvent, par exemple, pénaliser ces sites, c’est notamment le cas de malekal.com
Si vous pensez que certains sites le méritent, vous pouvez les ajouter en liste blanche.


Pour prévenir les sites malicieux, tu peux installer Blockulicious : http://forum.malekal.com/blockulicious- ... 46656.html

[Grosdoy]

Merci pour le suivi, PC tout propre semble t'il

La suppression totale de Roaming\Mozilla un peu brutale tout de même. Dysfonctionnement de firefox encore plus.
Heureusement que THunderbird "n'était pas là"
Mais FF réparé lors de la mise à jour ...

Merci encore.