[Résolu] Infection PC par iStartSurf et autres malwares

[Ludovic_j57]

Voici le lien du rapport ZHPDiag: http://www.cjoint.com/c/EFqsUJNsrdZ

 

Dsl...

 

Ludovic_j57

[Apollo]

Et ça t'empêche de faire ZHPFix? Essaie en mode sans échec..

Modifié le 16 juin 2015 par Apollo

[Ludovic_j57]

Voilà le rapport ZHPFix:

 

 

Rapport de ZHPFix 2015.4.9.5 par Nicolas Coolman, Update du 18/03/2015
Fichier d'export Registre :
Run by Ludovic at 16/06/2015 21:03:07
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Corbeille vidée (00mn 03s)
Dossier Prefetcher vidé
Réparation des raccourcis navigateur

========== Logiciels ==========
SUPPRIMÉ: Akamai NetSession Interface

========== Clés du Registre ==========
SUPPRIMÉ Software Key: McAfee Security Scan [McAfee Security Scan Plus]
SUPPRIMÉ: CLSID BHO: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
SUPPRIMÉ: [HKLM\SOFTWARE\Classes\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
SUPPRIMÉ Driver Key: scfd_1_10_0_16
SUPPRIMÉ: Service: McComponentHostService
Branche de Base de Registres IFEO non infectée !

========== Valeurs du Registre ==========
SUPPRIMÉ RunValue: Update
SUPPRIMÉ: RegExtension: {e4f94d1e-2f53-401e-8885-681602c0ddd8}
SUPPRIMÉ RunValue: NIRegistrationWizard
SUPPRIMÉ RunValue: Akamai NetSession Interface
ProxyFix : Configuration proxy supprimée avec succès
SUPPRIMÉ ProxyServer Value
SUPPRIMÉ ProxyEnable Value
SUPPRIMÉ EnableHttp1_1 Value
SUPPRIMÉ ProxyHttp1.1 Value
SUPPRIMÉ ProxyOverride Value
Aucune Valeur Standard Profile: FirewallRaz :
Aucune Valeur Domain Profile: FirewallRaz :
SUPPRIMÉ: FirewallRaz (Private) : TCP Query User{6147C27C-48BD-4E32-A07E-E6C73D017524}C:\users\ludovic\appdata\local\akamai\netsession_win.exe
SUPPRIMÉ: FirewallRaz (Private) : UDP Query User{66202F0A-A6E8-4AEC-AC06-87D393ED5616}C:\users\ludovic\appdata\local\akamai\netsession_win.exe
SUPPRIMÉ: FirewallRaz (Public) : TCP Query User{40A0A260-9B51-47DF-AB1E-623196DCA9EC}C:\users\ludovic\appdata\local\akamai\netsession_win.exe
SUPPRIMÉ: FirewallRaz (Public) : UDP Query User{4B05522A-E88C-46B7-93BD-586487BF4971}C:\users\ludovic\appdata\local\akamai\netsession_win.exe

========== Dossiers ==========
Aucun dossiers CLSID Local utilisateur vide
SUPPRIMÉS Temporaires Windows (34)
SUPPRIMÉS Flash Cookies (0)

========== Fichiers ==========
SUPPRIMÉ Redémarrage: c:\windows\system32\drivers\msft_kernel_webtinstmktn84_01009.wdf
SUPPRIMÉ: c:\users\ludovic\appdata\local\temp\hydb093.tmp.1434471861\hta\3rdparty\ocsetuphlp.dll
SUPPRIMÉ: c:\program files\mcafee security scan\3.8.150\mcafeemss_ie.dll
SUPPRIMÉ: c:\windows\secuniapackage.log
SUPPRIMÉ: c:\users\ludovic\appdata\local\temp\jrt\mws.bat
SUPPRIMÉ: c:\users\ludovic\appdata\local\temp\jrt\get.bat
SUPPRIMÉ: c:\users\ludovic\appdata\local\temp\jrt\misc.bat
SUPPRIMÉ: c:\users\ludovic\appdata\local\temp\hydb093.tmp.1434471861\hta\3rdparty\occomsdk.dll
SUPPRIMÉ: c:\program files\mcafee security scan\3.8.150\mcchsvc.exe
SUPPRIMÉ: c:\users\ludovic\appdata\roaming\microsoft\windows\start menu\programs\internet explorer.lnk ((http://www.istartsurf.com/?type=sc&ts=1434479332&z=f81ab2760b491887cae9f1agdz9c1z5zcm9taccc6g&from=face&uid=HitachiXHTS543232L9A300_090914FB240ACEHXGZ7AX))
CRÉÉ: C:\Users\Ludovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
SUPPRIMÉ: c:\users\ludovic\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\internet explorer.lnk ((http://www.istartsurf.com/?type=sc&ts=1434479332&z=f81ab2760b491887cae9f1agdz9c1z5zcm9taccc6g&from=face&uid=HitachiXHTS543232L9A300_090914FB240ACEHXGZ7AX))
CRÉÉ: C:\Users\Ludovic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
SUPPRIMÉ: c:\users\ludovic\appdata\roaming\microsoft\windows\start menu\programs\accessories\system tools\internet explorer (no add-ons).lnk ((http://www.istartsurf.com/?type=sc&ts=1434479332&z=f81ab2760b491887cae9f1agdz9c1z5zcm9taccc6g&from=face&uid=HitachiXHTS543232L9A300_090914FB240ACEHXGZ7AX))
CRÉÉ: C:\Users\Ludovic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
SUPPRIMÉ: c:\users\ludovic\appdata\roaming\microsoft\internet explorer\quick launch\launch internet explorer browser.lnk ((http://www.istartsurf.com/?type=sc&ts=1434479332&z=f81ab2760b491887cae9f1agdz9c1z5zcm9taccc6g&from=face&uid=HitachiXHTS543232L9A300_090914FB240ACEHXGZ7AX))
CRÉÉ: C:\Users\Ludovic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
SUPPRIMÉ: c:\users\public\desktop\mozilla firefox.lnk ((http://www.istartsurf.com/?type=sc&ts=1434479332&z=f81ab2760b491887cae9f1agdz9c1z5zcm9taccc6g&from=face&uid=HitachiXHTS543232L9A300_090914FB240ACEHXGZ7AX))
CRÉÉ: C:\Users\Public\Desktop\Mozilla Firefox.lnk
SUPPRIMÉ: c:\programdata\microsoft\windows\start menu\programs\mozilla firefox.lnk ((http://www.istartsurf.com/?type=sc&ts=1434479332&z=f81ab2760b491887cae9f1agdz9c1z5zcm9taccc6g&from=face&uid=HitachiXHTS543232L9A300_090914FB240ACEHXGZ7AX))
CRÉÉ: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
SUPPRIMÉ: c:\users\ludovic\appdata\roaming\microsoft\internet explorer\quick launch\user pinned\taskbar\mozilla firefox.lnk ((http://www.istartsurf.com/?type=sc&ts=1434479332&z=f81ab2760b491887cae9f1agdz9c1z5zcm9taccc6g&from=face&uid=HitachiXHTS543232L9A300_090914FB240ACEHXGZ7AX))
CRÉÉ: C:\Users\Ludovic\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
SUPPRIMÉS Temporaires Windows (236) (36 278 164 octets)
SUPPRIMÉS Flash Cookies (0) (0 octets)

========== Tache planifiée ==========
SUPPRIMÉ: NIUpdateServiceCheckTask
SUPPRIMÉ: {10F22520-D3F9-4D02-90D0-66545B36B2AD}
SUPPRIMÉ: {1FC47B32-CCFF-452A-8254-443DFE5460E7}
SUPPRIMÉ: {2404DE16-9AF1-413D-8E66-F77ACE80D9C5}
SUPPRIMÉ: {6E5A0290-79D2-4495-A788-0C80FB0F2D6C}
SUPPRIMÉ: {939CE1FB-3FEF-4FB8-AB0E-540C7A12C1F0}
SUPPRIMÉ: {A69785B1-3FB0-4F85-B99A-334038D218F6}
SUPPRIMÉ: {E4A0DFF5-5D0C-41A6-B476-3551B3766888}
SUPPRIMÉ: {EC7500BD-F03F-4E22-901E-41563F1EBEEC}
SUPPRIMÉ: {EFE2A42D-ACEB-414F-8DD2-73208ED81CF1}
SUPPRIMÉ: {F027E59D-9B6F-4859-BC7A-AA8893DD7796}
SUPPRIMÉ: {F61F3AD4-9DC3-4BC7-AAE9-4535267B254C}

========== Autre ==========
NON TRAITÉ McAfee Security Scan Plus v3.8.150.1


========== Récapitulatif ==========
6 : Clés du Registre
16 : Valeurs du Registre
3 : Dossiers
25 : Fichiers
1 : Logiciels
12 : Tache planifiée
1 : Autre


End of clean in 00mn 32s

========== Chemin de fichier rapport ==========
C:\Users\Ludovic\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/06/2015 00:01:05 [12829]
C:\Users\Ludovic\AppData\Roaming\ZHP\ZHPFix[R2].txt - 16/06/2015 21:03:10 [6437]

 

A+

Ludovic_j57

[Apollo]

1) Réinitialisation des navigateurs:

 

http://www.commentcamarche.net/faq/26679-reinitialiser-son-navigateur

 

---------------------

2) Fais ce scan en ligne:

 

Télécharge ESET Online Scanner sur ton Bureau.

https://www.eset.com/fr/online-scanner-popup/

 

http://www.bibou0007.com/t3691-tutorial-eset-online-scanner

• Double-clique sur le fichier esetsmartinstaller_enu.exe présent sur ton Bureau pour installer le scanner. Attention: si tu disposes de Windows VISTA/7/8, clique droit sur esetsmartinstaller_enu.exe puis sélectionne "exécuter en tant qu'administrateur"
• Accepte la licence en cochant la case "YES, i accept the terms of use", puis clique sur le bouton "Start"
• Une fois le scanner installé, configure-le en cochant la case "Remove found threats" et en cochant la case "Scan archives" de même que la case "scan for the potentially unsafe applications."
• Lance la recherche antivirale en cliquant sur le bouton "Start": l'outil se met à jour puis lance le scan: une barre de progression indique où en est la recherche
• Quand le scan est terminé, si des virus ont été détectés, clique sur la ligne "List of found threats":
• Une nouvelle fenêtre apparaît: clique sur "Export to text file" et enregistre le rapport sur ton Bureau en le nommant logESET.txt
• Clique sur le bouton "Back" pour retourner à l'interface précédente, puis coche la case "Uninstall application on close"
• Clique enfin sur le bouton "Finish" puis ferme la fenêtre du scanner
• Ouvre le fichier logESET sur ton Bureau et copie-colle son contenu dans ta prochaine réponse

Nota : ce scan peut être très long et prendre plusieurs heures.

 

@++

[Ludovic_j57]

Bonjour,

 

Pour mes 2 premières analyses (près de 5h), j'ai oublié de réinitialiser IE (vu que j'utilise que firefox) et ESET a trouvé les résultats présentés ci-dessous. Après avoir réinitialisé les 2 navigateurs, j'ai refait une nouvelle analyse au cours de laquelle rien a été trouvé.

 

Analyse 1:

 

C:\Users\Ludovic\AppData\Roaming\801385D1-1434219566-DF11-BBAD-C8993E5BBD79\knsfF9D0.tmp a variant of Win32/Adware.ConvertAd.SX application
C:\Users\Ludovic\AppData\Roaming\801385D1-1434219566-DF11-BBAD-C8993E5BBD79\vnssDBC1.tmp multiple threats
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Firefox\chrome\content\main.js.vir Win32/Toolbar.Perion.K potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Firefox\{cc89419d-fcd5-4a6b-aca2-09043448db22}.xpi.vir Win32/Toolbar.Perion.K potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\csrcc.exe.vir a variant of Win32/Toolbar.Perion.R potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Mfwkw.dll.vir a variant of Win32/Toolbar.Perion.Q potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Roeoen.dll.vir a variant of Win32/Toolbar.Perion.M potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Rszirrka.exe.vir a variant of Win32/Toolbar.Perion.N potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Tenxak.dll.vir a variant of Win32/Toolbar.BitCocktail.C potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Tenxak64.dll.vir a variant of Win64/Toolbar.Perion.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Vooeaudbu.dll.vir a variant of Win32/Toolbar.Perion.K potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Vooeaudbu64.dll.vir a variant of Win32/Toolbar.Perion.K potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Yjregops.dll.vir a variant of Win32/Toolbar.Perion.S potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Yjregops64.dll.vir a variant of Win64/Toolbar.Perion.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\bestadblocker\tAmONAni4gfYVA.dll.vir a variant of Win32/Adware.MultiPlug.KM application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\bestadblocker\tAmONAni4gfYVA.exe.vir a variant of Win32/Adware.MultiPlug.JY application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\bestadblocker\tAmONAni4gfYVA.x64.dll.vir a variant of Win64/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\BrowserV11.06\utils.exe.vir a variant of Win32/Toolbar.CrossRider.CM potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\coupoon\iiwjljrnpc64.exe.vir a variant of Win64/Adware.Adpeak.F application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\coupoon\nfapi.dll.vir a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\diamondata\bin\plugins\diamondata.16.dll.vir a variant of Win64/BrowseFox.CF potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\diamondata\bin\plugins\diamondata.FFUpdate.dll.vir a variant of MSIL/BrowseFox.E potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\diamondata\bin\plugins\diamondata.GCUpdate.dll.vir a variant of MSIL/BrowseFox.E potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\diamondata\bin\plugins\diamondata.IEUpdate.dll.vir a variant of Win64/BrowseFox.CF potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\diamondata\bin\diamondata.BrowserFilter.Helper.dll.vir a variant of Win32/BrowseFox.W potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\diamondata\bin\diamondataBrowserFilter.exe.vir a variant of MSIL/BrowseFox.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\diamondata\bin\utildiamondata.exe.vir a variant of Win32/BrowseFox.H potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\diamondata\diamondataBHO.dll.vir a variant of Win32/BrowseFox.F potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\diamondata\diamondataUninstall.exe.vir Win32/BrowseFox.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\diamondata\hendmekoldfacfhlojkjcnbjegkahclb.crx.vir Win32/BrowseFox.Q potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\diamondata\updatediamondata.exe.vir a variant of Win32/BrowseFox.H potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_005010002\gamesdesktop_widget.exe.vir a variant of Win32/AdWare.EoRezo.AU application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_005010002\gmsd_de_005010002.exe.vir a variant of Win32/AdWare.EoRezo.AU application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_005010002\predm.exe.vir a variant of Win32/Adware.EoRezo.AZ application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_fr_005010002\gamesdesktop_widget.exe.vir a variant of Win32/AdWare.EoRezo.AU application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_fr_005010002\gmsd_fr_005010002.exe.vir a variant of Win32/AdWare.EoRezo.AU application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_fr_005010002\predm.exe.vir a variant of Win32/Adware.EoRezo.AZ application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_fr_005010003\gamesdesktop_widget.exe.vir a variant of Win32/AdWare.EoRezo.AU application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_fr_005010003\gmsd_fr_005010003.exe.vir a variant of Win32/AdWare.EoRezo.AU application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_fr_005010003\predm.exe.vir a variant of Win32/Adware.EoRezo.AZ application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\GUPlayer\GUplayerUninstaller.exe.vir a variant of Win32/TrojanDropper.Addrop.J trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Hades\HadesUninstaller.exe.vir a variant of Win32/TrojanDropper.Addrop.J trojan cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HighlightSearches\ABDLL.dll.vir a variant of Win32/Packed.Komodia.A suspicious application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HighlightSearches\abenginecert.dll.vir a variant of Win32/Packed.Komodia.A suspicious application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HighlightSearches\abenginewd.dll.vir a variant of Win32/Komodia.A potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\HighlightSearches\iren3006.exe.vir Win32/Adware.Flinject.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe.vir a variant of Win32/Adware.Vitruvian.F application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Linkey\apphelp.dll.vir a variant of Win32/Toolbar.SearchSuite.X potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\BrowerWatchCH.dll.vir Win32/ELEX.BM potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\BrowerWatchFF.dll.vir Win32/ELEX.BM potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\BrowserAction.dll.vir a variant of Win32/ELEX.DH potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\CmdShell.exe.vir a variant of Win32/ELEX.CY potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\ffsearch_toolbar!1.0.0.1031.xpi.vir Win32/Toolbar.TNT2.I potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\HPNotify.exe.vir a variant of Win32/ELEX.DK potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\IeWatchDog.dll.vir Win32/ELEX.BM potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\ProtectService.exe.vir a variant of Win32/ELEX.EE potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\miuitab\SupTab.dll.vir a variant of Win32/Thinknice.B potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\OLBPre\OLBPre.exe.vir a variant of MSIL/MyPCBackup.G potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PPRiucEMinuus\PPRiucEMinuus.exe.vir a variant of Win32/Adware.MultiPlug.JY application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceMinus\hnUShgSShozrGP.dll.vir a variant of Win32/Adware.MultiPlug.KM application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceMinus\hnUShgSShozrGP.exe.vir a variant of Win32/Adware.MultiPlug.JY application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\PriceMinus\hnUShgSShozrGP.x64.dll.vir a variant of Win64/Adware.MultiPlug.H application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\5aae4531dc23473f8da7a5bac9f3a51f\5aae4531dc23473f8da7a5bac9f3a51f.exe.vir a variant of Win32/Adware.PicColor.AH application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\DSearchLink\DSearchLink.exe.vir Win32/Toolbar.Babylon.Y potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir a variant of Win32/ELEX.BH potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{01d867d5-c7f8-91e7-01d8-867d5c7f9f57}\ds simulia abaqus 6.14-1.rar.exe.vir a variant of Win32/Adware.MultiPlug.MI application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\ProgramData\{30b26ac1-642b-6b99-30b2-26ac1642ab05}\hqghumeaylnlf.exe.vir a variant of Win32/Adware.SpeedingUpMyPC.Y application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Local\801385D1-1434226997-DF11-BBAD-C8993E5BBD79\onst6DB5.tmp.vir Win32/Adware.ConvertAd.SL application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Local\801385D1-1434226997-DF11-BBAD-C8993E5BBD79\pnst6DB6.exe.vir a variant of Win32/Adware.ConvertAd.RS.gen application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Local\801385D1-1434226997-DF11-BBAD-C8993E5BBD79\rnst6DB4.exe.vir a variant of Win32/Adware.ConvertAd.TB application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Local\801385D1-1434226997-DF11-BBAD-C8993E5BBD79\snse6DA4.tmp.vir Win32/Adware.ConvertAd.SK application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Local\gmsd_de_005010002\Download\majmp_gentleeu.exe.vir multiple threats cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Local\gmsd_de_005010002\upgmsd_de_005010002.exe.vir a variant of Win32/Adware.EoRezo.AJ application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Local\gmsd_fr_005010002\Download\majmp_gentleeu.exe.vir multiple threats cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Local\gmsd_fr_005010002\upgmsd_fr_005010002.exe.vir a variant of Win32/Adware.EoRezo.AJ application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Local\gmsd_fr_005010003\upgmsd_fr_005010003.exe.vir a variant of Win32/Adware.EoRezo.AJ application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Local\gmsd_fr_009010002\Download\majmp_gentleeu.exe.vir multiple threats cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Local\SmartWeb\SmartWebApp.exe.vir a variant of Win32/PriceGong.C potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Local\SmartWeb\SmartWebHelper.exe.vir Win32/Adware.ConvertAd.RC application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Local\SmartWeb\swhk.dll.vir a variant of Win32/PriceGong.C potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Local\SmartWeb\__u.exe.vir a variant of Win32/PriceGong.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Roaming\AnyProtectEx\swf\swfjs.swf.vir Win32/AnyProtect.H potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Roaming\istartsurf\UninstallManager.exe.vir a variant of Win32/ELEX.CP potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Roaming\Mozilla\Firefox\Profiles\7v2gmw2x.default-1434300362899\Extensions\sweetsearch@gmail.com\chrome\content\toolbar.js.vir Win32/Toolbar.TNT2.I potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Roaming\Mozilla\Firefox\Profiles\okkcp6g3.default-1434389355478\Extensions\sweetsearch@gmail.com\chrome\content\toolbar.js.vir Win32/Toolbar.TNT2.I potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Roaming\Mozilla\Firefox\Profiles\uuwi20zt.default\Extensions\sweetsearch@gmail.com\chrome\content\toolbar.js.vir Win32/Toolbar.TNT2.I potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Roaming\Mozilla\Firefox\Profiles\wpzp9x4q.default-1434381583052\Extensions\sweetsearch@gmail.com\chrome\content\toolbar.js.vir Win32/Toolbar.TNT2.I potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Roaming\Mozilla\Firefox\Profiles\xk6v213d.default-1434376038394\Extensions\sweetsearch@gmail.com\chrome\content\toolbar.js.vir Win32/Toolbar.TNT2.I potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Roaming\mystartsearch\UninstallManager.exe.vir a variant of Win32/ELEX.CP potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Roaming\2x5RhLva72djhAYw.exe.vir a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Roaming\2x5RhLva72djhAYw.vir JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Roaming\H7AwObwsRvBZ5JtfyNNtHSUJf7.exe.vir a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Roaming\H7AwObwsRvBZ5JtfyNNtHSUJf7.vir JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Roaming\kqBH29xU0SfhaeoSfwxNa.exe.vir a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Roaming\kqBH29xU0SfhaeoSfwxNa.vir JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Roaming\OZZdIwYTi8jU.exe.vir a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Roaming\VSzYgMxynEXWltV0uHEO5ah.exe.vir a variant of Win32/Toolbar.CrossRider.CB potentially unwanted application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Ludovic\AppData\Roaming\VSzYgMxynEXWltV0uHEO5ah.vir JS/Toolbar.Crossrider.C potentially unwanted application deleted - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\cherimoya.sys.vir a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\innfd_1_10_0_14.sys.vir a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\Program Files (x86)\gmsd_fr_005010004\gamesdesktop_widget.exe a variant of Win32/AdWare.EoRezo.AU application cleaned by deleting - quarantined
C:\Program Files (x86)\gmsd_fr_005010004\gmsd_fr_005010004.exe a variant of Win32/AdWare.EoRezo.AU application cleaned by deleting - quarantined
C:\Program Files (x86)\gmsd_fr_005010004\predm.exe a variant of Win32/Adware.EoRezo.AZ application cleaned by deleting - quarantined
C:\Program Files (x86)\MiuiTab\BrowerWatchCH.dll Win32/ELEX.BM potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\MiuiTab\BrowerWatchFF.dll Win32/ELEX.BM potentially unwanted application cleaned by deleting (after the next restart) - quarantined
C:\Program Files (x86)\MiuiTab\BrowserAction.dll a variant of Win32/ELEX.DH potentially unwanted application cleaned by deleting (after the next restart) - quarantined
C:\Program Files (x86)\MiuiTab\CmdShell.exe a variant of Win32/ELEX.CY potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\MiuiTab\ffsearch_toolbar!1.0.0.1031.xpi Win32/Toolbar.TNT2.I potentially unwanted application deleted - quarantined
C:\Program Files (x86)\MiuiTab\HPNotify.exe a variant of Win32/ELEX.DK potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\MiuiTab\IeWatchDog.dll Win32/ELEX.BM potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\MiuiTab\ProtectService.exe a variant of Win32/ELEX.EE potentially unwanted application cleaned by deleting (after the next restart) - quarantined
C:\Program Files (x86)\MiuiTab\SupTab.dll a variant of Win32/Thinknice.B potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\PragmaEdit\PragmaEdit.dll a variant of Win32/Adware.MultiPlug.IX application cleaned by deleting - quarantined
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe a variant of Win32/ELEX.BH potentially unwanted application cleaned by deleting (after the next restart) - quarantined
C:\Users\Ludovic\AppData\Local\gmsd_fr_005010004\Download\majmp_gentleeu.exe multiple threats cleaned by deleting (after the next restart) - quarantined
C:\Users\Ludovic\AppData\Local\gmsd_fr_005010004\upgmsd_fr_005010004.exe a variant of Win32/Adware.EoRezo.AJ application cleaned by deleting - quarantined
C:\Users\Ludovic\AppData\Local\SmartWeb\SmartWebApp.exe a variant of Win32/PriceGong.C potentially unwanted application cleaned by deleting - quarantined
C:\Users\Ludovic\AppData\Local\SmartWeb\SmartWebHelper.exe Win32/Adware.ConvertAd.RC application cleaned by deleting - quarantined
C:\Users\Ludovic\AppData\Local\SmartWeb\swhk.dll a variant of Win32/PriceGong.C potentially unwanted application cleaned by deleting - quarantined
C:\Users\Ludovic\AppData\Local\SmartWeb\__u.exe a variant of Win32/PriceGong.C potentially unwanted application deleted - quarantined
C:\Users\Ludovic\AppData\Local\Temp\is-1VSDT.tmp\gentlemjmp_ieu.exe multiple threats cleaned by deleting (after the next restart) - quarantined
C:\Users\Ludovic\AppData\Local\Temp\fsdEB91.exe a variant of MSIL/Adware.Imali.A application cleaned by deleting (after the next restart) - quarantined
C:\Users\Ludovic\AppData\Roaming\801385D1-1434219566-DF11-BBAD-C8993E5BBD79\hnsc4201.tmp Win32/Adware.ConvertAd.SJ application cleaned by deleting (after the next restart) - quarantined
C:\Users\Ludovic\AppData\Roaming\801385D1-1434219566-DF11-BBAD-C8993E5BBD79\jnsc2A3B.tmp Win32/Adware.ConvertAd.SI application cleaned by deleting (after the next restart) - quarantined
C:\Users\Ludovic\AppData\Roaming\801385D1-1434219566-DF11-BBAD-C8993E5BBD79\nskDB51.tmp a variant of Win32/Adware.ConvertAd.SX application cleaned by deleting - quarantined
C:\Users\Ludovic\AppData\Roaming\801385D1-1434219566-DF11-BBAD-C8993E5BBD79\rnsn2548.exe a variant of Win32/Adware.ConvertAd.TB application cleaned by deleting - quarantined
C:\Users\Ludovic\AppData\Roaming\801385D1-1434219566-DF11-BBAD-C8993E5BBD79\vnssDBC1.tmp a variant of Win32/Adware.ConvertAd.TC application cleaned by deleting - quarantined
C:\Users\Ludovic\AppData\Roaming\istartsurf\UninstallManager.exe a variant of Win32/ELEX.CP potentially unwanted application cleaned by deleting - quarantined
C:\Users\Ludovic\AppData\Roaming\y2y2yzlxogs1btl\y2y2yzlxogs1btl.exe a variant of Win32/Adware.Salus.H application cleaned by deleting - quarantined
C:\Users\Ludovic\AppData\Roaming\ZHP\Quarantine\installmate.DIR\{5C8FBCE6-35E2-4D62-AF89-7DC0876C9E10}\Custom.dll a variant of Win32/InstalleRex.T potentially unwanted application cleaned by deleting - quarantined
C:\Users\Ludovic\AppData\Roaming\ZHP\Quarantine\y2y2yzlxogs1btl.exe.VIR a variant of Win32/Adware.Salus.H application cleaned by deleting - quarantined
C:\Users\Ludovic\Desktop\Anciennes données de Firefox\7v2gmw2x.default-1434300362899\extensions\sweetsearch@gmail.com\chrome\content\toolbar.js Win32/Toolbar.TNT2.I potentially unwanted application cleaned by deleting - quarantined
C:\Users\Ludovic\Desktop\Anciennes données de Firefox\okkcp6g3.default-1434389355478\extensions\sweetsearch@gmail.com\chrome\content\toolbar.js Win32/Toolbar.TNT2.I potentially unwanted application cleaned by deleting - quarantined
C:\Users\Ludovic\Desktop\Anciennes données de Firefox\uuwi20zt.default\extensions\sweetsearch@gmail.com\chrome\content\toolbar.js Win32/Toolbar.TNT2.I potentially unwanted application cleaned by deleting - quarantined
C:\Users\Ludovic\Downloads\ccsetup506.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted - quarantined
C:\Users\Ludovic\Downloads\daemon_tools_lite_daemon_tools_lite_4_47_1_fr_10729.exe Win32/DownWare.L potentially unwanted application deleted - quarantined
C:\Users\Ludovic\Downloads\DS.SIMULIA.ABAQUS.6.14-3.(x64)(Win Linux.exe a variant of Win32/OutBrowse.CB potentially unwanted application deleted - quarantined
C:\Users\Ludovic\Downloads\DTM_Experience_Demo_Setup.exe a variant of Win32/InstallCore.JE.gen potentially unwanted application cleaned by deleting - quarantined
C:\Users\Ludovic\Downloads\utorrent.exe a variant of Win32/Bunndle potentially unsafe application cleaned by deleting - quarantined
C:\Users\Ludovic\Downloads\VLCMediaPlayerSetup-6FAY5HF.exe Win32/Somoto potentially unwanted application deleted - quarantined
C:\Windows\System32\drivers\y2i2mzl2ohm1bdl.sys a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting - quarantined
C:\Windows\Temp\4y2wp.exe multiple threats cleaned by deleting - quarantined

 

Analyse 2:

 

C:\Users\All Users\WindowsMangerProtect\ProtectWindowsManager.Vexe a variant of Win32/ELEX.BH potentially unwanted application
C:\Program Files (x86)\MiuiTab\BrowerWatchFF.Vdll Win32/ELEX.BM potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\MiuiTab\BrowserAction.Vdll a variant of Win32/ELEX.DH potentially unwanted application cleaned by deleting - quarantined
C:\Program Files (x86)\MiuiTab\ProtectService.Vexe a variant of Win32/ELEX.EE potentially unwanted application cleaned by deleting - quarantined
C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.Vexe a variant of Win32/ELEX.BH potentially unwanted application cleaned by deleting - quarantined
C:\Users\Ludovic\AppData\Local\gmsd_fr_005010004\Download\majmp_gentleeu.exe multiple threats cleaned by deleting - quarantined
C:\Users\Ludovic\AppData\Local\Temp\fsdEB91.Vexe a variant of MSIL/Adware.Imali.A application cleaned by deleting (after the next restart) - quarantined
C:\Users\Ludovic\AppData\Local\Temp\is-1VSDT.tmp\gentlemjmp_ieu.exe multiple threats cleaned by deleting (after the next restart) - quarantined
C:\Users\Ludovic\AppData\Roaming\801385D1-1434219566-DF11-BBAD-C8993E5BBD79\hnsc4201.Vtmp Win32/Adware.ConvertAd.SJ application cleaned by deleting - quarantined
C:\Users\Ludovic\AppData\Roaming\801385D1-1434219566-DF11-BBAD-C8993E5BBD79\jnsc2A3B.Vtmp Win32/Adware.ConvertAd.SI application cleaned by deleting - quarantined
C:\Users\Ludovic\AppData\Roaming\801385D1-1434219566-DF11-BBAD-C8993E5BBD79\knso182D.tmp a variant of Win32/Adware.ConvertAd.TC application cleaned by deleting (after the next restart) - quarantined

 

A+

Ludovic_j57

[Apollo]

Bonjour,

 

Y a t-il une amélioration?

[Ludovic_j57]

Re,

 

Pour l'instant pas de pages malveillantes qui s'ouvrent. Cependant en examinant "programmes et fonctionnalités " GamesDesktop, istartsurf uninstaller et SmartWeb sont bien présents. Je voudrai savoir si l'utlisation du logiciel Simulia Abaqus génère l'apparition de ces malwares sur mon PC.

 

A+

Ludovic_j57

[Apollo]

Je l'ignore, vois pour cela les gens du forum Software. Je ne connais pas ce genre de programme.

 

Si tu veux désinstaller ce que tu cites ci-dessus, fais-le avec RevoUninstaller.

 

http://theknitter-apollo.xooit.com/p20405.htm

 

On désinstallera les outils spéciaux dès cette désinfection terminée.

 

@++

[Ludovic_j57]

J'ai utilisé RevoUninstaller. Néanmoins, je doute sur le fait d'avoir bien désinstallé GamesDeskstop. Contrairement aux 2 autres, il n'y avait aucun élément en gras à supprimer pour GamesDeskstop.

 

A+

Ludovic_j57

[Apollo]

Et par Programmes et fonctionnalités?

 

Si le pc "tourne bien",

 

Désinstaller les outils spéciaux.

 

Télécharge DelFix sur ton bureau. https://toolslib.net/downloads/viewdownload/2-delfix/

Lance-le et coche "Supprimer les outils de désinfection" ET "purger la restauration système" ; >> Exécuter.

 

 

Delfix s'autodétruira ensuite.

• Pense à éditer ton premier post pour ajouter [Résolu] devant le titre. Pour cela clique sur "Modifier" dans ton premier post. Tu pourras alors changer le titre.

Utilise pour ça, l'éditeur complet

 

 

@++