Storm Alerts

Répondre

Storm Alerts#151399

par fredouille - mar. 18 nov. 2014 21:05

- mar. 18 nov. 2014 21:05 #151399

Bonjour,

Après avoir installé un logiciel nécessaire à ses études (via l'université de ma fille) elle s'est aperçue de la présence de Storm Alerts et on ne peut pas le supprimer.

Pouvez-vous m'indiquer les manipulations à effectuer pour le supprimer et dans le même temps supprimer toutes ses pages publicitaires intempestives.

Cordialement

Fredouille

Re: Storm Alerts#151400

par V-X - mar. 18 nov. 2014 21:11

- mar. 18 nov. 2014 21:11 #151400

Hello,

Télécharge OTL (by OldTimer) sur ton bureau.
Lance OTL, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
Coche les cases suivantes :

Tous les utilisateurs
Recherche Lop
Recherche Purity

Copie et colle le Script ci dessous dans la partie inférieure d'OTL "Personnalisation"

Code : Tout sélectionner

        HKCU\Software
        HKCU\Software\AppDataLow /s
        HKLM\Software
        HKCU\Software\Microsoft\Command Processor /s
        HKLM\Software\Microsoft\Command Processor /s
        HKLM\Software\Microsoft\Windows\CurrentVersion\RunMRU /s
        HKLM\System\CurrentControlSet\Control\Session Manager\AppcertDlls /s
        %Homedrive%\*
        %Homedrive%\*.
        %Homedrive%\Recycler\*.exe /s
        %Homedrive%\Recycler\*.scr /s
        %Homedrive%\Recycler\*.pif /s
        %Homedrive%\Recycler\*.vb* /s
        %Homedrive%\$Recycle.bin\*.exe /s
        %Homedrive%\$Recycle.bin\*.scr /s
        %Homedrive%\$Recycle.bin\*.pif /s
        %Homedrive%\$Recycle.bin\*.vb* /s
        %Userprofile%\*
        %Userprofile%\*.
        %Allusersprofile%\*
        %Allusersprofile%\*.
        %LocalAppData%\*
        %LocalAppData%\*.
        %Userprofile%\Local Settings\*
        %Userprofile%\Local Settings\*.
        %Userprofile%\Local Settings\Application Data\*
        %Userprofile%\Local Settings\Application Data\*.
        %Userprofile%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\*
        %Userprofile%\AppData\Local\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\*.
        %Userprofile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\*
        %Userprofile%\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\*.
        %programFiles%\*
        %programFiles%\*.
        %programfiles%\Google\Desktop\*.
        %ProgramFiles%\Common Files\*.
        %ProgramFiles(X86)%\Common Files\*.
        %Systemroot%\Installer\*.
        %Systemroot%\Temp\*.exe /s
        %systemroot%\system32\*.dll /lockedfiles
        %systemroot%\system32\*.exe /lockedfiles
        %systemroot%\system32\*.in*
        %systemroot%\PSS\* /s
        %systemroot%\Tasks\*
        %systemroot%\Tasks\*.
        %systemroot%\system32\Tasks\*
        %systemroot%\system32\Tasks\*.
        %systemroot%\syswow64\Tasks\*
        %systemroot%\syswow64\Tasks\*.
        %systemroot%\system32\drivers\*.sy* /lockedfiles
        %systemroot%\system32\config\*.exe /s
        %Systemroot%\ServiceProfiles\*.exe /s
        %systemroot%\system32\*.sys
        dir %Homedrive%\* /S /A:L /C
        msconfig
        activex
        /md5start
        explorer.exe
        winlogon.exe
        wininit.exe
        volsnap.sys
        atapi.sys
        ndis.sys
        cdrom.sys
        i8042prt.sys
        iastor.sys
        tdx.sys
        netbt.sys
        afd.sys
        /md5stop
        netsvcs
        safebootminimal
        safebootnetwork
        CREATERESTOREPOINT

Clique sur Analyse
Une fois le scan terminé 1 ou 2 rapports vont s'ouvrir OTL.txt et Extras.txt.
Héberge les rapports OTL.txt et Extras.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.

Note : Au cas où, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés

Aide:

Re: Storm Alerts#151561

par fredouille - jeu. 20 nov. 2014 20:59

- jeu. 20 nov. 2014 20:59 #151561

OTL logfile created on: 20/11/2014 19:39:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Célia\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17116)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,44 Gb Total Physical Memory | 0,21 Gb Available Physical Memory | 14,87% Memory free
3,79 Gb Paging File | 2,02 Gb Available in Paging File | 53,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118,80 Gb Total Space | 81,58 Gb Free Space | 68,67% Space Free | Partition Type: NTFS
Drive D: | 157,74 Gb Total Space | 157,43 Gb Free Space | 99,81% Space Free | Partition Type: NTFS

Computer Name: CÉLIAPRISCO | User Name: Célia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014/11/20 19:38:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Célia\Downloads\OTL.exe
PRC - [2014/11/14 15:28:38 | 002,726,776 | ---- | M] (Rational Thought Solutions LLC) -- C:\ProgramData\kTVTZBDjkd\glAynMMW.exe
PRC - [2014/10/22 05:05:02 | 000,854,344 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2014/08/23 13:42:43 | 004,085,896 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2014/08/23 13:41:16 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2014/01/10 23:16:37 | 000,158,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
PRC - [2013/08/08 18:17:56 | 000,020,280 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
PRC - [2013/07/09 13:00:18 | 019,645,008 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
PRC - [2013/06/19 20:49:58 | 000,277,120 | ---- | M] (ASUS) -- C:\Program Files\ASUS\P4G\InsOnSrv.exe
PRC - [2013/06/19 20:49:56 | 000,594,744 | ---- | M] (ASUS) -- C:\Program Files\ASUS\P4G\InsOnWMI.exe
PRC - [2013/06/03 21:55:02 | 000,055,416 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
PRC - [2013/06/03 21:06:10 | 000,184,432 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
PRC - [2013/05/30 14:17:48 | 000,205,624 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2013/05/29 17:11:48 | 000,303,928 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2013/05/21 09:50:34 | 000,406,328 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2013/01/15 16:20:54 | 000,107,320 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
PRC - [2012/05/28 10:04:48 | 000,113,312 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
PRC - [2011/11/21 14:19:50 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

========== Modules (No Company Name) ==========

MOD - [2014/10/22 05:05:00 | 014,902,600 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll
MOD - [2014/10/22 05:04:57 | 008,910,664 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
MOD - [2014/10/22 05:04:51 | 001,042,760 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
MOD - [2014/10/22 05:04:49 | 000,211,272 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
MOD - [2014/10/22 05:04:48 | 001,681,224 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
MOD - [2014/08/23 13:41:37 | 019,329,904 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2014/08/23 13:41:23 | 000,301,152 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\aswProperty.dll
MOD - [2014/01/10 23:14:57 | 000,312,896 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\appvisvstream32.dll
MOD - [2014/01/10 23:14:56 | 000,354,368 | ---- | M] () -- C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
MOD - [2013/04/29 14:17:56 | 000,587,264 | ---- | M] () -- C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll

========== Services (SafeList) ==========

SRV - [2014/11/14 15:28:38 | 002,726,776 | ---- | M] (Rational Thought Solutions LLC) [Auto | Running] -- C:\ProgramData\kTVTZBDjkd\glAynMMW.exe -- (glAynMMW)
SRV - [2013/07/27 07:05:15 | 002,676,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2013/01/15 16:20:54 | 000,107,320 | ---- | M] (ASUSTek Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe -- (ASLDRService)
SRV - [2012/12/19 07:10:38 | 000,072,192 | ---- | M] () [On_Demand | Running] -- C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe -- (Asus WebStorage Windows Service)
SRV - [2012/07/26 04:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2011/11/21 14:19:50 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2010/10/12 18:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

========== Driver Services (SafeList) ==========

DRV - [2011/09/07 09:55:04 | 000,017,536 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009/07/02 17:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://fr.yahoo.com?fr=hp-avast&type=avastbcl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/yhs/search? ... earchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com?fr=hp-avast&type=avastbcl
IE - HKLM\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTer ... &pc=ASU2JS
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKLM\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://fr.search.yahoo.com/yhs/search? ... earchTerms}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3761925557-2092854932-1937655249-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = https://fr.yahoo.com?fr=hp-avast&type=avastbcl
IE - HKU\S-1-5-21-3761925557-2092854932-1937655249-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = https://fr.search.yahoo.com/yhs/search? ... earchTerms}
IE - HKU\S-1-5-21-3761925557-2092854932-1937655249-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com?fr=hp-avast&type=avastbcl
IE - HKU\S-1-5-21-3761925557-2092854932-1937655249-1001\..\SearchScopes,DefaultScope = {9CB96984-43C3-4D44-90EF-01466EFCF7BB}
IE - HKU\S-1-5-21-3761925557-2092854932-1937655249-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.p ... 703594&ir=
IE - HKU\S-1-5-21-3761925557-2092854932-1937655249-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchT ... urceid=ie7
IE - HKU\S-1-5-21-3761925557-2092854932-1937655249-1001\..\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}: "URL" = https://fr.search.yahoo.com/yhs/search? ... earchTerms}
IE - HKU\S-1-5-21-3761925557-2092854932-1937655249-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2014/08/23 13:41:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK

========== Chrome ==========

CHR - default_search_provider: (Enabled)
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =
CHR - plugin: Error reading preferences file
CHR - Extension: No name found = C:\Users\Célia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Célia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: No name found = C:\Users\Célia\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Célia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Célia\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Célia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\10.0.2502.149_0\
CHR - Extension: No name found = C:\Users\Célia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: No name found = C:\Users\Célia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/26 06:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {3004627E-F8E9-4E8B-909D-316753CBA923} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - Startup: C:\Users\Célia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Envoyer à OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0920FA31-55EE-49A6-8EFA-CE2E588C0FCA}: DhcpNameServer = 40.54.1.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7FF8290D-61D8-4991-9734-46CC2FF0A480}: DhcpNameServer = 192.168.0.254
O18 - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014/11/20 18:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser
[2014/11/14 15:30:59 | 000,000,000 | ---D | C] -- C:\Users\Célia\AppData\Local\StormAlert
[2014/11/14 15:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\kTVTZBDjkd
[2014/11/14 15:28:19 | 000,000,000 | ---D | C] -- C:\ProgramData\StormAlert
[2014/10/30 20:35:33 | 000,000,000 | ---D | C] -- C:\AMD
[2014/10/30 20:31:12 | 000,000,000 | -HSD | C] -- C:\Recovery
[2014/10/29 19:49:10 | 000,568,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2014/10/29 19:49:08 | 000,124,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
[2014/10/28 12:47:23 | 000,000,000 | ---D | C] -- C:\Users\Célia\AppData\Local\Microsoft Help

========== Files - Modified Within 30 Days ==========

[2014/11/20 19:35:58 | 000,001,138 | ---- | M] () -- C:\Users\Célia\Desktop\Continue File Opener Installation.lnk
[2014/11/20 19:23:29 | 000,000,074 | ---- | M] () -- C:\Users\Célia\AppData\Roaming\sp_data.sys
[2014/11/20 19:21:42 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014/11/20 19:19:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/11/20 19:15:13 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\MySearchDial.job
[2014/11/20 19:06:30 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014/11/14 16:15:04 | 000,000,112 | ---- | M] () -- C:\Users\Célia\AppData\Roaming\WB.CFG
[2014/11/04 20:57:10 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014/11/04 20:57:05 | 1238,573,056 | -HS- | M] () -- C:\hiberfil.sys
[2014/10/30 17:40:13 | 000,022,863 | ---- | M] () -- C:\Windows\diagwrn.xml
[2014/10/30 17:40:12 | 000,022,863 | ---- | M] () -- C:\Windows\diagerr.xml
[2014/10/29 19:35:44 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014/10/22 02:08:16 | 000,568,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WSShared.dll
[2014/10/22 02:08:16 | 000,124,928 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll

========== Files Created - No Company Name ==========

[2014/11/20 19:35:58 | 000,001,138 | ---- | C] () -- C:\Users\Célia\Desktop\Continue File Opener Installation.lnk
[2014/10/30 16:55:34 | 000,022,863 | ---- | C] () -- C:\Windows\diagwrn.xml
[2014/10/30 16:55:34 | 000,022,863 | ---- | C] () -- C:\Windows\diagerr.xml
[2014/03/06 16:15:55 | 000,000,112 | ---- | C] () -- C:\Users\Célia\AppData\Roaming\WB.CFG
[2014/01/10 19:28:21 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll
[2014/01/10 17:08:49 | 000,000,074 | ---- | C] () -- C:\Users\Célia\AppData\Roaming\sp_data.sys
[2013/10/27 00:54:29 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2013/10/27 00:49:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013/10/27 00:47:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013/10/27 00:47:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013/10/27 00:47:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2013/10/27 00:47:15 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/10/27 00:47:15 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/04/26 00:15:21 | 000,024,576 | ---- | C] () -- C:\ProgramData\SetStretch.exe
[2013/04/26 00:15:21 | 000,000,256 | ---- | C] () -- C:\ProgramData\SetStretch.cmd
[2013/04/26 00:15:21 | 000,000,103 | ---- | C] () -- C:\ProgramData\SetStretch.VBS
[2013/03/18 15:09:26 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll

========== ZeroAccess Check ==========

[2014/11/14 15:26:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2014/03/28 09:23:06 | 019,759,104 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/03/28 07:18:26 | 017,562,112 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/26 04:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/26 04:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/26 04:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014/01/10 17:04:43 | 000,000,000 | ---D | M] -- C:\Users\Célia\AppData\Roaming\ASUS WebStorage
[2014/01/10 20:20:09 | 000,000,000 | ---D | M] -- C:\Users\Célia\AppData\Roaming\AVAST Software
[2014/08/26 14:00:47 | 000,000,000 | ---D | M] -- C:\Users\Célia\AppData\Roaming\Dropbox
[2014/08/26 14:00:44 | 000,000,000 | ---D | M] -- C:\Users\Célia\AppData\Roaming\DropboxMaster
[2014/03/06 16:15:48 | 000,000,000 | ---D | M] -- C:\Users\Célia\AppData\Roaming\mysearchdial
[2014/03/06 13:37:23 | 000,000,000 | ---D | M] -- C:\Users\Célia\AppData\Roaming\ZHP
[2014/09/08 14:09:07 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2014/09/08 14:09:07 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage

========== Purity Check ==========

< End of report >

Re: Storm Alerts#151562

par fredouille - jeu. 20 nov. 2014 21:06

- jeu. 20 nov. 2014 21:06 #151562

OTL Extras logfile created on: 20/11/2014 19:39:43 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Célia\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.17116)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,44 Gb Total Physical Memory | 0,21 Gb Available Physical Memory | 14,87% Memory free
3,79 Gb Paging File | 2,02 Gb Available in Paging File | 53,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 118,80 Gb Total Space | 81,58 Gb Free Space | 68,67% Space Free | Partition Type: NTFS
Drive D: | 157,74 Gb Total Space | 157,43 Gb Free Space | 99,81% Space Free | Partition Type: NTFS

Computer Name: CÉLIAPRISCO | User Name: Célia | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-3761925557-2092854932-1937655249-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08DF9207-336B-4D4F-B1FD-122BC45D324B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{0DE51C40-8DDC-42DF-874C-6977D43464B0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10DC7671-F312-4B02-9EC9-16596E56EDCC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30125C0C-ADFC-47D5-8A60-80ACBEFADBA0}" = rport=139 | protocol=6 | dir=out | app=system |
"{31DCF0F2-6CA2-48B7-9EF4-0ECA45718F79}" = lport=445 | protocol=6 | dir=in | app=system |
"{397F2046-1BEE-4B88-8DEB-B38A12C9780A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3E643B89-E3FD-4D5A-BF33-2D0A19A7782E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6B7D6058-D10B-493D-B315-CF0A660D0082}" = lport=139 | protocol=6 | dir=in | app=system |
"{6B7FA73E-A988-4724-A464-043F52413FE9}" = lport=5353 | protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe |
"{7362FCCC-0A95-4978-97FB-E8C260F989BC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{77BFA72C-B78F-485E-A5ED-96ED924D11C9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7B6FA540-A66F-4C7F-B8DD-4EAD9F71CBA3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{920071C7-D209-496D-9FAC-79D5A9B673E5}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{92D6D35D-B5C2-49B7-83FF-A42CDD0FE345}" = rport=445 | protocol=6 | dir=out | app=system |
"{A99DAB1A-30A0-47F7-95A5-804682F3E902}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{B1EEDA64-2626-47FF-9F41-481BEA0CDFE9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B973F8F9-9167-4A3F-88FB-85FABFB764E1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CACDB418-5466-44CB-97EB-234638B11E8D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{E605A171-6D83-4EB8-A198-530624F38CDA}" = lport=10243 | protocol=6 | dir=in | app=system |
"{E809180D-2E12-4024-98DC-D48C93E1A15F}" = lport=137 | protocol=17 | dir=in | app=system |
"{F36AC7BE-0A6F-407C-B635-086764556AC3}" = lport=138 | protocol=17 | dir=in | app=system |
"{F381EA1F-3086-46D4-A408-884FFCE30928}" = rport=138 | protocol=17 | dir=out | app=system |
"{F44AA2D5-3DC7-42A1-8A20-1E813A72CCC0}" = rport=137 | protocol=17 | dir=out | app=system |
"{F487E0B2-6FE5-4286-B4BA-286BFFB6C269}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010DD732-4B49-48A9-9472-240B408531BB}" = dir=out | name=windows_ie_ac_001 |
"{03505121-DFD3-48FA-A817-83937A460850}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{069B6A54-96A0-45FF-B98F-5DB99787946A}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{0BD0FB74-54D1-419C-9863-48D0A20DDCE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0C36AD5B-2A17-4FB1-B60F-9BFFA37F9B0D}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{0E1EBD05-CE0E-488E-8994-ACA1145FDAFE}" = dir=out | name=@{microsoft.bingsports_1.8.0.51_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{19C18A50-CF08-4939-8F7E-D26BAA195C38}" = dir=out | name=@{microsoft.zunemusic_1.1.144.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} |
"{1BDCB423-69FB-43A5-9CED-9508A556B20C}" = dir=in | name=music maker jam |
"{22F915F5-5A59-48E7-84B3-FC74245A61C2}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{2A37D134-3CE8-40B8-8950-7A13B27D360F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2DE61099-450E-4FF1-898D-73A6C819FD87}" = dir=out | name=@{microsoft.xboxlivegames_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{30D0A487-E7F6-48E7-8DF9-29A72E8A726A}" = dir=out | name=music maker jam |
"{31F0FAD4-E3F0-4707-8988-2B6C18318C66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{339C4E8C-FE5C-4299-A961-7FA2B699AAC9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{36410218-6060-4AD7-A19C-3F7186DFFF1A}" = dir=in | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{429F23F6-2EE1-4D3E-80FF-81E0FB800761}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4698DB8C-4E2D-44F8-B4D6-84E24571754D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{47249F4C-5809-4BC0-8210-ECE0E00383DF}" = dir=out | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{4ADBD283-FFE5-4ACE-97A0-10D7DE0F3C5A}" = dir=in | name=@{microsoft.skypeapp_1.3.0.112_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} |
"{4EF514BA-8CE5-4C37-9945-70EF082AAEC0}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4FB75615-2960-4C41-B069-3F7267DD6F3F}" = dir=in | name=pinball fx2 |
"{535FD643-644F-4D57-B63D-53EE72F4B287}" = dir=out | name=@{microsoft.reader_6.2.9200.20623_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{56AE4621-6A58-40D2-BD36-2E52B1539362}" = dir=out | name=@{microsoft.bingnews_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{5E54E683-BFE2-44B8-87A4-359EF595903C}" = protocol=6 | dir=out | app=system |
"{6774D849-150F-49EF-8EDB-2F18E5D633B5}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} |
"{6A0E5AD5-4B4A-4E77-9FCC-E6A4F1193C8D}" = dir=out | name=@{microsoft.bingweather_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{6E60E306-FD4C-46E7-97B8-21B5C4A9F07A}" = dir=out | name=- games app - |
"{736975C7-6679-4496-A699-A4F89CAC1B5E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{73F5C8B7-A5D3-48BA-8A26-A39484B791C0}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{7D758E15-E6B7-4293-9E55-EA456328BAAA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{80B4AAD6-7DC2-4BE4-A3C7-5000889420B5}" = dir=out | name=@{microsoft.bingtravel_1.7.0.26_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{82D6A38C-61A0-4BAA-A4FF-B71CFEB6F499}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{82E6ADCC-E484-450E-9EF8-543DE29A0966}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{83553FA7-04DA-4126-AA42-EE39BE7C408E}" = dir=out | name=pinball fx2 |
"{89E1E734-ECC9-468A-BD13-88F9A4B05D5A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{8F742722-EB63-4B60-8280-435B83C49A8F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9674376A-4A9C-41E3-A578-30B5F8CCF55F}" = dir=out | name=@{microsoft.zunevideo_1.1.134.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} |
"{979199AC-3BFF-40ED-8242-3452AC7F8EFE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{988E7F83-51A7-4019-A556-30299DABD73D}" = dir=out | name=@{microsoft.bingfinance_1.7.0.38_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{99AB5382-1059-45AC-AAEB-E32736E99DF9}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{9CBDB688-1560-4EC3-B3C4-13B86FD1A88A}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{9D27C0E2-D6E0-43DD-A182-E1E0EAB3050F}" = dir=out | name=@{microsoft.bingmaps_1.5.1.240_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{9E10A718-DDB3-4BB5-B740-A21E9784E4BC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B4C5EED4-785C-4B49-B370-BB6F291679E0}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BEF9B0BD-F414-422C-93F9-E94B1AEE6F0B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{C0EE506C-4C5F-45D0-8516-06A1A1D0C05A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CF26611B-A8A2-460A-B5C7-CB693E23A9FE}" = dir=out | name=fresh paint |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E8E0B43B-2226-4DFB-BFA9-7D77453CC848}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{EFFE3C02-4F9B-4997-BB3D-36A5D0465E18}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{F34ACA30-EC64-4720-844C-9B9FEA329411}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{4AA2A466-8031-403A-8236-5301B4E391FB}" = Windows Live UX Platform Language Pack
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6CEA775F-E70A-4D72-A3B4-1EB3A5AD4B5C}" = Windows Live Essentials
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8D813AFF-D91D-4EE0-821F-B901FC2E89FA}" = Windows Live
"{90993BD9-C7D9-4C2F-B56C-2F7AFEBD4CD0}" = Windows Live UX Platform Language Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B096A0E4-26A1-4E9F-8548-577964B9434B}" = Windows Live Essentials
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B7F31B9C-8775-4500-8E9D-6ABE9AE17CF4}" = Windows Live Essentials
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE542E0D-E056-4426-9F98-084C13E18641}" = Windows Live UX Platform Language Pack
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F21F0424-B2FF-40BF-A984-9E0D7FB4C97E}" = Windows Live UX Platform Language Pack
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"Google Chrome" = Google Chrome
"StormAlert" = Storm Alert
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3761925557-2092854932-1937655249-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25/10/2014 04:33:37 | Computer Name = CéliaPrisco | Source = Application Hang | ID = 1002
Description = Le programme WWAHost.exe version 6.2.9200.16420 a cessé d’interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID
de processus : 30c Heure de début : 01cff02d90f27890 Heure de fin : 4294967295 Chemin
d’accès de l’application : C:\Windows\System32\WWAHost.exe ID de rapport : 89d68b86-5c21-11e4-be8f-bcee7b4f5719

Nom
complet du package défaillant : winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy ID
de l’application relative au package défaillant : Windows.Store

Error - 25/10/2014 09:12:57 | Computer Name = CéliaPrisco | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 29/10/2014 13:18:15 | Computer Name = CéliaPrisco | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = L’application winstore_cw5n1h2txyewy!Windows.Store n’a pas été lancée
dans le délai qui lui était imparti.

Error - 29/10/2014 13:19:06 | Computer Name = CéliaPrisco | Source = Application Hang | ID = 1002
Description = Le programme WWAHost.exe version 6.2.9200.16420 a cessé d’interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID
de processus : d68 Heure de début : 01cff39c49f4fa65 Heure de fin : 4294967295 Chemin
d’accès de l’application : C:\Windows\System32\WWAHost.exe ID de rapport : 94dcd12f-5f8f-11e4-be90-bcee7b4f5719

Nom
complet du package défaillant : winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy ID
de l’application relative au package défaillant : Windows.Store

Error - 29/10/2014 13:19:06 | Computer Name = CéliaPrisco | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Échec de l’activation de l’application winstore_cw5n1h2txyewy!Windows.Store
avec l’erreur : -2144927142 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error - 29/10/2014 14:13:33 | Computer Name = CéliaPrisco | Source = Microsoft-Windows-Immersive-Shell | ID = 2486
Description = L’application Microsoft.BingWeather_8wekyb3d8bbwe!App n’a pas été
lancée dans le délai qui lui était imparti.

Error - 29/10/2014 14:15:34 | Computer Name = CéliaPrisco | Source = Application Hang | ID = 1002
Description = Le programme wwahost.exe version 6.2.9200.16420 a cessé d’interagir
avec Windows et a été fermé. Pour déterminer si des informations supplémentaires
sont disponibles, consultez l’historique du problème dans le Centre de maintenance.

ID
de processus : 44 Heure de début : 01cff3a3f09c6043 Heure de fin : 4294967295 Chemin
d’accès de l’application : C:\Windows\system32\wwahost.exe ID de rapport : 4e4c99d6-5f97-11e4-be90-bcee7b4f5719

Nom
complet du package défaillant : Microsoft.BingWeather_1.7.0.26_x64__8wekyb3d8bbwe

ID
de l’application relative au package défaillant : App

Error - 29/10/2014 14:15:36 | Computer Name = CéliaPrisco | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Échec de l’activation de l’application Microsoft.BingWeather_8wekyb3d8bbwe!App
avec l’erreur : -2144927142 Pour plus d’informations, voir le journal Microsoft-Windows-TWinUI/Opérationnel.

Error - 29/10/2014 16:03:13 | Computer Name = CéliaPrisco | Source = Application Error | ID = 1000
Description = Nom de l’application défaillante FBAgent.exe, version : 2.0.0.2, horodatage
: 0x51bae339 Nom du module défaillant : ntdll.dll, version : 6.2.9200.17046, horodatage
: 0x53b4864c Code d’exception : 0xc0000374 Décalage d’erreur : 0x00000000000e9e99
ID
du processus défaillant : 0x4e8 Heure de début de l’application défaillante : 0x01cff29ce40d80a6
Chemin
d’accès de l’application défaillante : C:\Windows\system32\FBAgent.exe Chemin d’accès
du module défaillant: C:\Windows\SYSTEM32\ntdll.dll ID de rapport : 9c924254-5fa6-11e4-be90-bcee7b4f5719
Nom
complet du package défaillant : ID de l’application relative au package défaillant :

Error - 30/10/2014 07:14:38 | Computer Name = CéliaPrisco | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 20/10/2014 03:49:29 | Computer Name = CéliaPrisco | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =

Error - 28/10/2014 06:48:44 | Computer Name = CéliaPrisco | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =

Error - 30/10/2014 06:23:31 | Computer Name = CéliaPrisco | Source = Service Control Manager | ID = 7031
Description = Le service AFBAgent s’est terminé de manière inattendue. Ceci s’est
produit 1 fois. L’action corrective suivante va être effectuée dans 60000 millisecondes :
Redémarrer le service.

Error - 30/10/2014 12:30:25 | Computer Name = CéliaPrisco | Source = DCOM | ID = 10010
Description =

Error - 01/11/2014 06:19:17 | Computer Name = CéliaPrisco | Source = Microsoft-Windows-Kernel-General | ID = 6
Description =

Error - 01/11/2014 06:21:13 | Computer Name = CéliaPrisco | Source = Service Control Manager | ID = 7022
Description = Le service Publication des ressources de découverte de fonctions est
en attente de démarrage.

Error - 01/11/2014 06:21:24 | Computer Name = CéliaPrisco | Source = Service Control Manager | ID = 7022
Description = Le service Découverte SSDP est en attente de démarrage.

Error - 01/11/2014 06:21:24 | Computer Name = CéliaPrisco | Source = Service Control Manager | ID = 7001
Description = Le service Fournisseur du Groupement résidentiel dépend du service
Publication des ressources de découverte de fonctions qui n’a pas pu démarrer en
raison de l’erreur : %%1070

Error - 01/11/2014 06:23:20 | Computer Name = CéliaPrisco | Source = Service Control Manager | ID = 7009
Description = Le dépassement de délai (30000 millisecondes) a été atteint lors de
l’attente de la connexion du service Asus WebStorage Windows Service.

Error - 01/11/2014 06:23:20 | Computer Name = CéliaPrisco | Source = Service Control Manager | ID = 7000
Description = Le service Asus WebStorage Windows Service n’a pas pu démarrer en
raison de l’erreur : %%1053

< End of report >

Re: Storm Alerts#151568

par V-X - jeu. 20 nov. 2014 21:35

- jeu. 20 nov. 2014 21:35 #151568

Re,

Il est pourtant indiquer d'héberger les rapports ...

De plus, tu n'as pas utilisé le script pour OTL.....

Lance OTL, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista

Colle les lignes ci-dessous dans la partie inférieure d'OTL "Personnalisation"

Code : Tout sélectionner

:OTL 
IE - HKU\S-1-5-21-3761925557-2092854932-1937655249-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=tele_14_10_CH&cd=2XzuyEtN2Y1L1Qzu0B0C0E0EyB0ByE0FyDyBtCzy0A0EyDtDtN0D0Tzu0SyBzyyCtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAtBtAyD0BzyyCyEtGyEtAzyzytGtAtBtBzztGtD0E0DtDtGtBzytC0E0D0B0EtByD0CtByC2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyC0FtBtAtAtB0DtG0B0DtC0CtG0CyD0AtDtG0FzyyEtDtGyDzztDtDyB0Fzy0B0A0DyD0D2Q&cr=1616703594&ir=
O2 - BHO: (no name) - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {3004627E-F8E9-4E8B-909D-316753CBA923} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

:files
C:\ProgramData\kTVTZBDjkd
C:\ProgramData\StormAlert
C:\ProgramData\Browser
C:\Users\Célia\AppData\Local\StormAlert
C:\Windows\tasks\MySearchDial.job

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StormAlert]

:commands
[EMPTYFLASH]
[EMPTYTEMP]

Clique sur Correction
OTL peut te demander de redémarrer, si c'est le cas fait le immédiatement !
Une fois le scan terminé 1 rapport va s'ouvrir, enregistre le sur ton bureau
Héberge le rapport ¤¤¤¤¤¤¤¤¤¤¤.log sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.

Note : Au cas où, tu peux les retrouver dans le dossier C:\_OTL\Moved Files ou sur ton bureau en fonction des cas rencontrés

Aide:

Tutoriel OTL Option "Script"

Re: Storm Alerts#151621

par fredouille - ven. 21 nov. 2014 17:48

- ven. 21 nov. 2014 17:48 #151621

Bonsoir,

Désolée mais Storm alerts me bloque beaucoup du coup je fais n'importe quoi.

http://upload.sosvirus.net/www/?a=d&i=utlN7yIJ2W

Merci

Re: Storm Alerts#151622

par V-X - ven. 21 nov. 2014 17:51

- ven. 21 nov. 2014 17:51 #151622

Re,

Dans l'ordre :

Réinitialise tes navigateurs << === Clique sur ce lien.

[hr]

Télécharge ZHPDiag (de Nicolas Coolman) sur ton bureau.
Installe le logiciel.
Lance ZHPDiag,
/!\ Sous Vista, Windows 7 et 8, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
Clic sur Complet

Note : Ne pas fermer le programme même si il est indiqué qu'il ne répond plus.
Une fois le scan terminé rends toi sur le bureau, le fichier ZHPDiag.txt à été créé.
Héberge le rapport ZHPDiag.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

Aide : Tutoriel ZHPDiag

+++

Re: Storm Alerts#151638

par fredouille - ven. 21 nov. 2014 21:49

- ven. 21 nov. 2014 21:49 #151638

http://upload.sosvirus.net/www/?a=d&i=mrQ5RXrCK6

Re: Storm Alerts#151640

par V-X - ven. 21 nov. 2014 21:54

- ven. 21 nov. 2014 21:54 #151640

Re,

Copie les lignes ci dessous :

Code : Tout sélectionner

Script ZHPFix
ShortcutFix
O43 - CFD: 21/11/2014 - 17:38:17 - [] ----D C:\ProgramData\kTVTZBDjkd
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com
O23 - Service: glAynMMW (glAynMMW) . (.Rational Thought Solutions LLC - StormAlert Service.) - C:\ProgramData\kTVTZBDjkd\glAynMMW.exe
[MD5.CBFFB477B24A1637086FCD08F93A1BA7] [APT] [MySearchDial] (...) -- C:\Users\Célia\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe   [109056]
[HKCU\Software\AppDataLow\Software\DynConIE]
[HKCU\Software\InstallCore]
[HKCU\Software\mysearchdial]
[HKLM\Software\Wow6432Node\InstallCore]
C:\Program Files (x86)\Mysearchdial
C:\Users\Célia\AppData\Roaming\mysearchdial
C:\Users\Célia\AppData\Local\StormAlert
O45 - LFCP:[MD5.A2AC961BB509E6E16DD30D8D443665B6] - 14/11/2014 - 15:28:32 ---A- - C:\Windows\Prefetch\STORMALERTINSTALL.EXE-11B4F7D8.pf
SR - | Auto 14/11/2014 2726776 |  (glAynMMW) . (.Rational Thought Solutions LLC.) - C:\ProgramData\kTVTZBDjkd\glAynMMW.exe
[HKLM\SYSTEM\CurrentControlSet\Services\glAynMMW]
[HKLM\Software\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]
[HKLM\Software\Wow6432Node\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}]
[HKLM\Software\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKLM\Software\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKLM\Software\Wow6432Node\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKLM\Software\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]
[HKLM\Software\Wow6432Node\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}]
[HKLM\Software\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[HKLM\Software\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[HKLM\Software\Wow6432Node\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}]
[HKLM\Software\Classes\AppID\escort.dll]
[HKLM\Software\Classes\AppID\escortapp.dll]
[HKLM\Software\Classes\AppID\escorteng.dll]
[HKLM\Software\Classes\AppID\esrv.EXE]
[HKLM\Software\Classes\esrv.mysearchdialESrvc]
[HKLM\Software\Classes\esrv.mysearchdialESrvc.1]
[HKLM\Software\Classes\mysearchdial.mysearchdialappCore]
[HKLM\Software\Classes\mysearchdial.mysearchdialappCore.1]
[HKLM\Software\Classes\mysearchdial.mysearchdialdskBnd]
[HKLM\Software\Classes\mysearchdial.mysearchdialdskBnd.1]
[HKLM\Software\Classes\mysearchdial.mysearchdialHlpr]
[HKLM\Software\Classes\mysearchdial.mysearchdialHlpr.1]
[HKLM\Software\Classes\AppID\escorTlbr.DLL]
[HKLM\Software\Wow6432Node\Classes\esrv.mysearchdialESrvc]
[HKLM\Software\Wow6432Node\Classes\esrv.mysearchdialESrvc.1]
[HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialappCore]
[HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialappCore.1]
[HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialdskBnd]
[HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialdskBnd.1]
[HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialHlpr]
[HKLM\Software\Wow6432Node\Classes\mysearchdial.mysearchdialHlpr.1]
[HKLM\Software\Wow6432Node\Classes\AppID\escort.DLL]
[HKLM\Software\Wow6432Node\Classes\AppID\escortApp.DLL]
[HKLM\Software\Wow6432Node\Classes\AppID\escortEng.DLL]
[HKLM\Software\Wow6432Node\Classes\AppID\escorTlbr.DLL]
C:\Users\Célia\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.exe
O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Clé orpheline
[HKLM\Software\McAfee]
O43 - CFD: 27/10/2013 - 01:23:25 - [] ----D C:\ProgramData\McAfee
[HKLM\Software\Wow6432Node\McAfee]
O43 - CFD: 27/10/2013 - 01:23:25 - [] ----D C:\Program Files (x86)\McAfee
O43 - CFD: 27/10/2013 - 01:23:26 - [] ----D C:\Program Files (x86)\Common Files\McAfee    => McAfee Comon Files
EmptyPrefetch
EmptyFlash
FirewallRAZ
EmptyTemp

Lances ZHPFix, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista

Clique sur Importer
Colle les lignes helper données
Puis Clic sur "GO"
Confirmes les nettoyages des données en cliquant sur "Oui"
Une fois le scan terminé rends toi sur le bureau, le fichier ZHPFixReport à été crée.
Héberge le rapport ZHPFixReport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.

Aide :

Tutoriel ZHPFix

Re: Storm Alerts#151642

par fredouille - ven. 21 nov. 2014 22:10

- ven. 21 nov. 2014 22:10 #151642

http://upload.sosvirus.net/www/?a=d&i=Qs4nLPaXAt

Re: Storm Alerts#151644

par V-X - ven. 21 nov. 2014 22:13

- ven. 21 nov. 2014 22:13 #151644

Re,

Télécharge MalwareBytes sur ton bureau.
Procède à l'installation de celui çi Décocher "Activer l'essai gratuit de Malwarebytes Anti-Malware Premium"
Sur la fenêtre principal de malwarebytes, dans la partie "Database Version"
Clique sur Update Now (la mise à jour ce fait)
Clique sur Setting
Choisis la langue "Français"
Dans le menu à gauche, clique sur "Détection et Protection"
Dans la partie "options de détection" coche la case "Recherche de Rootkits"
Clique sur Examen (en haut)
Sélectionne Examen "Menaces"
Clique sur Examiner maintenant
Si une mise à jour est signalée clique sur Mettre à jour maintenant puis patiente durant l'examen
Une fois l'examen terminé, veille à ce que l'action Quarantaine soit sélectionnée pour tous les éléments détectés.
Clique sur "Appliquer les actions". S'il tes demandés de redémarrer le PC, fais-le.
Dans l'onglet Examen, clique sur Exporter le journal => Fichier texte (txt). Sinon, va dans l'onglet Historique puis Journaux de l'application => coche la case a côté de "Journal d'examen" => "Afficher" => en bas de la fenêtre clique sur "Exporter" et choisis le format Texte (.txt).
Héberge le rapport sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.

Aide : Tutoriel Malwarebytes Anti-Malware

++

Re: Storm Alerts#151654

par fredouille - ven. 21 nov. 2014 23:12

- ven. 21 nov. 2014 23:12 #151654

http://upload.sosvirus.net/www/?a=d&i=D6HkgfqHsB

J'espère que ce que j'ai fais est correct car malgré avoir sélectionner le français tout était en anglais et je suis nulle

Re: Storm Alerts#151655

par V-X - ven. 21 nov. 2014 23:14

- ven. 21 nov. 2014 23:14 #151655

Re,

Comment va le PC ?

+

Re: Storm Alerts#151674

par fredouille - sam. 22 nov. 2014 12:09

- sam. 22 nov. 2014 12:09 #151674

beaucoup mieux

faut il faire autre chose ?
Merci de partager tes compétences

Re: Storm Alerts#151679

par V-X - sam. 22 nov. 2014 13:34

- sam. 22 nov. 2014 13:34 #151679

Re,

Si tout va bien, fais ceci :

Désactive ton Antivirus, le temps du téléchargement et utilisation de SFTGC.

Télécharge SFTGC (de Pierre13) sur ton Bureau et pas ailleurs !.
Lance SFTGC, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
Clique sur GO

Note : A la fin un rapport va s'ouvrir
Une fois le scan terminé rends toi sur le bureau, le fichier SFTGC.txt à été créé.
Héberge le rapport SFTGC.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum.

[hr]

Télécharges Delfix sur ton Bureau.
Lance Delfix,
/!\ Sous Vista, Windows 7 et 8, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
Coche la case suivantes :
- Réactiver l'UAC
- Supprimer les outils de désinfection
- Effectuer une sauvegarde du registre
- Purger la restauration système
- Réinitialisation des paramètres système
  - Héberge le rapport DelFix.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse.

+

Répondre

Options
15 messages

Page 1 sur 1
15 messages

FORUM D’ENTRAIDE INFORMATIQUE (FEI)
Site d’assistance et de sécurité informatique

Storm Alerts#151399

Re: Storm Alerts#151400

Re: Storm Alerts#151561

Re: Storm Alerts#151562

Re: Storm Alerts#151568

Re: Storm Alerts#151621

Re: Storm Alerts#151622

Re: Storm Alerts#151638

Re: Storm Alerts#151640

Re: Storm Alerts#151642

Re: Storm Alerts#151644

Re: Storm Alerts#151654

Re: Storm Alerts#151655

Re: Storm Alerts#151674

Re: Storm Alerts#151679

Spine Surgery Edison NJ

Tour du lịch Đà Nẵng trọn gói thiên đường miền trung

"Elevating Digital Presence: Glendale SEO Company"

Gestion de projets, les fondamentaux ?

Forum d'Entraide Informatique (FEI)

Nous suivre sur Twitter @forumFEI

FORUM D’ENTRAIDE INFORMATIQUE (FEI)Site d’assistance et de sécurité informatique

Forum d'Entraide Informatique (FEI)

FORUM D’ENTRAIDE INFORMATIQUE (FEI)
Site d’assistance et de sécurité informatique