[Malware/Virus] System Speedup

System Speedup [Malware/Virus] - Virus/Spywares - Windows & Software

Marsh Posté le 30-06-2014 à 23:54:20    

Bonjour,

 

J'ai un PC infecté par plusieurs petites saloperies : SystemSpeedup, Advanced System Protector, et une extension Chrome qui refuse de partir (Deeal, avec deux "e" vivi).

 

J'ai passé plusieurs fois :

 

- Adwcleaner (qui les détecte)
- Malwarebytes (qui les détecte)
- Spybot (ne détecte rien)

 

Mais un reboot et ça revient automatiquement. J'ai donc besoin d'aide !

 

Voici le lien pour mon rapport ZHP :
http://pjjoint.malekal.com/files.p [...] j15t9i7o10

 

Et mon rapport Hijackthis :
http://pjjoint.malekal.com/files.p [...] 15h10y6l14

 

Merci pour votre aide.


Message édité par Febalchi le 30-06-2014 à 23:55:51
Reply

Marsh Posté le 30-06-2014 à 23:54:20   

Reply

Marsh Posté le 01-07-2014 à 14:11:38    

Bonjour,
 

  • Désinstalle Ad-Aware Antivirus et Spybot (ils sont inutiles).


  • Copie tout le texte présent dans le cadre ci-dessous (Sélectionne-le, clique droit dessus et choisis "Copier" ).


Script ZHPFix
SysRestore
ProxyFix  
P2 - FPN: [HKCU] [bebomedia.com/OfferMosquitoIEHelper] - (...) -- C:\Users\Pupuce\AppData\Local\ext_offermosquito\npOfferMosquitoIEHelper.dll (.not file.)  
O2 - BHO: Deeal [64Bits] - {70C53538-9F82-42BC-A327-74F7A46E700C} . (.Deeal - ScriptHost.) -- C:\Program Files (x86)\Deeal\ScriptHost.dll  
O4 - GS\Desktop [Public]: Advanced System Protector.lnk . (.Systweak - Advanced System Protector.)  -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe    
O4 - GS\Desktop [Public]: System Speedup.lnk . (.System Speedup - System Speedup.)  -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe  
OPT:O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe  
[MD5.00000000000000000000000000000000] [APT] [Advanced System Protector] (...) -- C:\Program Files (x86)\RegClean Pro\SystweakASP.exe (.not file.)   [0]    
[MD5.E754386A083BCB72A4EC7CC1869B715B] [APT] [Advanced System Protector_startup] (.Systweak.) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe   [6598384]    
[MD5.02D5B7F0AC2CA0EA954CA21E9C3A010F] [APT] [System Speedup] (.System Speedup.) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe   [7833176]   =>PUP.SystemSpeedup  
[MD5.02D5B7F0AC2CA0EA954CA21E9C3A010F] [APT] [System Speedup_DEFAULT] (.System Speedup.) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe   [7833176]   =>PUP.SystemSpeedup  
[MD5.02D5B7F0AC2CA0EA954CA21E9C3A010F] [APT] [System Speedup_UPDATES] (.System Speedup.) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe   [7833176]   =>PUP.SystemSpeedup  
[MD5.00000000000000000000000000000000] [APT] [TaskUserUpdate_wp] (...) -- C:\Users\Pupuce\AppData\Roaming\~uvbrcwn.exe (.not file.)   [0]    => Infection FakeAlert (Possible)  
[MD5.BD2B3806854FEE15E76CB2CE662028DA] [APT] [WIN-fdfEfEfAfC] (...) -- C:\Users\Pupuce\AppData\Roaming\~zqjekqy.exe   [667648]    
[MD5.00000000000000000000000000000000] [APT] [{70F71889-0BD0-47F2-AB5B-DCAFB25334D5}] (...) -- C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.8.3.8\GUninstaller.exe (.not file.)   [0]  
O39 - APT: System Speedup_DEFAULT - (.System Speedup.) -- C:\Windows\Tasks\System Speedup_DEFAULT.job   [286]   =>PUP.SystemSpeedup  
O39 - APT: System Speedup_DEFAULT - (.System Speedup.) -- C:\Windows\System32\Tasks\System Speedup_DEFAULT   [286]   =>PUP.SystemSpeedup  
O39 - APT: System Speedup_UPDATES - (.System Speedup.) -- C:\Windows\Tasks\System Speedup_UPDATES.job   [294]   =>PUP.SystemSpeedup  
O39 - APT: System Speedup_UPDATES - (.System Speedup.) -- C:\Windows\System32\Tasks\System Speedup_UPDATES   [294]   =>PUP.SystemSpeedup  
O42 - Logiciel: Advanced System Protector - (.Systweak Software.) [HKLM][64Bits] -- 00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1  
O42 - Logiciel: Deeal - (.Kreapixel inc..) [HKLM][64Bits] -- Deeal    
O42 - Logiciel: Pricora 12.0 - (.Corporate Inc.) [HKLM][64Bits] -- Pricora 12.0    
O42 - Logiciel: System Speedup - (.systemspeedup.com.) [HKLM][64Bits] -- System Speedup_is1  
[HKCU\Software\Snoozer]  
[HKCU\Software\System Speedup]    
[HKCU\Software\systweak]  
[HKLM\Software\Wow6432Node\System Speedup]    
[HKLM\Software\Wow6432Node\systweak]    
O43 - CFD: 30/06/2014 - 22:31:32 - [] ----D C:\Program Files (x86)\Advanced System Protector  
O43 - CFD: 30/06/2014 - 13:47:44 - [] ----D C:\Program Files (x86)\Deeal    
O43 - CFD: 30/06/2014 - 22:25:32 - [] ----D C:\Program Files (x86)\System Speedup    
O43 - CFD: 27/10/2013 - 19:49:41 - [] ----D C:\Program Files (x86)\Webgameplay setup    
O43 - CFD: 13/10/2012 - 21:50:23 - [] ----D C:\ProgramData\InstallMate  
O43 - CFD: 30/06/2014 - 22:30:21 - [] ----D C:\ProgramData\Systweak  
O43 - CFD: 30/06/2014 - 22:23:10 - [] ----D C:\Users\Pupuce\AppData\Roaming\betadeeal    
O43 - CFD: 30/06/2014 - 22:26:41 - [] ----D C:\Users\Pupuce\AppData\Roaming\System Speedup   =>PUP.SystemSpeedup  
O43 - CFD: 30/06/2014 - 22:32:30 - [] ----D C:\Users\Pupuce\AppData\Roaming\systweak  
O43 - CFD: 08/06/2013 - 00:04:49 - [] ----D C:\Users\Pupuce\AppData\Local\CRE    
O44 - LFC:[MD5.13014E17D8DB6432FAB9BB94E01BDBF2] - 30/06/2014 - 21:25:39 ---A- . (.System Speedup - System Speedup.) -- C:\Windows\System32\roboot64.exe   [19544]  
O61 - LFC: 27/06/2014 - 23:11:06 ---A- . (...) -- C:\Users\Pupuce\AppData\Roaming\Microsoft\~gbgwxgo.exe   [429568]    => Infection Diverse (Possible)  
C:\Users\Pupuce\AppData\Local\Microsoft\WinU      
O61 - LFC: 30/06/2014 - 23:11:08 ---A- . (...) -- C:\Users\Pupuce\AppData\Roaming\~zqjekqy.exe   [667648]  
[MD5.98161DC6255C6BE7FFA89BEA634E2A6E] [SPRF][13/06/2014] (...) -- C:\ProgramData\uninstall_Deeal.exe   [431104]  
[MD5.BD2B3806854FEE15E76CB2CE662028DA] [SPRF][30/06/2014] (.Pas de propriétaire - betadeeal service scheduler.) -- C:\Users\Pupuce\AppData\Roaming\~zqjekqy.exe   [667648]    
[MD5.5D7E6E5BBA302C89942F10B19DC59956] [WIS][27/12/2013] (.Kreapixel - Webplayer.) -- C:\Windows\Installer\1476f3f.msi   [21504]  
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32   =>PUP.MyPCBackup  
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS   =>PUP.MyPCBackup  
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\20120702IminentSetup_RASAPI32   =>Adware.IMBooster  
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\20120702IminentSetup_RASMANCS   =>Adware.IMBooster  
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32   =>PUP.AdvancedSystemProtector  
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS   =>PUP.AdvancedSystemProtector  
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FREEzeFrogSA_RASAPI32   =>Adware.FreezeFrog  
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\FREEzeFrogSA_RASMANCS   =>Adware.FreezeFrog  
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock_RASAPI32   =>PUP.BubbleDock  
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Install_BubbleDock_RASMANCS   =>PUP.BubbleDock  
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASAPI32   =>PUP.Dealio  
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\pdfforgeToolbar-stub-1_RASMANCS   =>PUP.Dealio  
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASAPI32   =>Adware.SearchSettings  
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchSettings_RASMANCS   =>Adware.SearchSettings  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70C53538-9F82-42BC-A327-74F7A46E700C}]   =>PUP.DeealFr^  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1]   =>PUP.AdvancedSystemProtector^  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Deeal]   =>PUP.DeealFr^  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pricora 12.0]   =>Adware.Pricora^  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Speedup_is1]   =>PUP.SystemSpeedup^  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]   =>Toolbar.AdAware  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375]   =>PUP.Tarma  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5]   =>PUP.Tarma  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9]   =>PUP.Dealio  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24]   =>PUP.Dealio  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607]   =>PUP.Dealio  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F]   =>PUP.Dealio  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21]   =>PUP.Dealio  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF]   =>PUP.Dealio  
EmptyCLSID
EmptyFlash
EmptyTemp


  • Lance ZHPFix depuis le raccourci situé sur ton Bureau.


  • Clique sur le bouton "IMPORTER". Dans l'encadré principal, tu verras les lignes que tu as copié précédemment apparaître.


  • Clique sur "GO" et confirme pour lancer le nettoyage. Laisse l'outil travailler et ne touche à rien.


  • Accepte la désinstallation des programmes si proposé, mais refuse le redémarrage de ton PC si également proposé, car cela stopperait ZHPFix.


  • Une fois terminé, héberge le rapport sur pjjoint.malekal.com puis copie-colle le lien dans ton prochain message.

Reply

Marsh Posté le 02-07-2014 à 23:04:01    

Bonjour, J'ai exactement les mêmes soucis avec les mêmes saletés.
voici mon rapport ZHP.  
http://pjjoint.malekal.com/files.p [...] 9o5y11h9n6
 
et Hijackthis
http://pjjoint.malekal.com/files.p [...] 1t8k9k12i8
 
Merci par avance si vous pouvez me secourir.
Cordialement

Reply

Marsh Posté le 03-07-2014 à 01:02:27    

Bonjour evenement38,
 
ZHPDiag fait la même chose qu'HijackThis mais de manière plus complète, il est donc inutile d'utiliser les deux  :p  
 
Même procédure que ci-dessus mais avec le script suivant :
 

Script ZHPFix
SysRestore
O2 - BHO: (no name) [64Bits] - {70C53538-9F82-42BC-A327-74F7A46E700C} Clé orpheline  
[MD5.00000000000000000000000000000000] [APT] [Advanced System Protector] (...) -- C:\Program Files (x86)\RegClean Pro\SystweakASP.exe (.not file.)   [0]  
[MD5.02D5B7F0AC2CA0EA954CA21E9C3A010F] [APT] [System Speedup] (.System Speedup.) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe   [7833176]   =>PUP.SystemSpeedup  
[MD5.02D5B7F0AC2CA0EA954CA21E9C3A010F] [APT] [System Speedup_DEFAULT] (.System Speedup.) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe   [7833176]   =>PUP.SystemSpeedup  
[MD5.02D5B7F0AC2CA0EA954CA21E9C3A010F] [APT] [System Speedup_UPDATES] (.System Speedup.) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe   [7833176]   =>PUP.SystemSpeedup  
[MD5.00000000000000000000000000000000] [APT] [TaskUserUpdate_wp] (...) -- C:\Users\Jean\AppData\Roaming\~herphlo.exe (.not file.)   [0]    => Infection FakeAlert (Possible)  
[MD5.BD2B3806854FEE15E76CB2CE662028DA] [APT] [WIN-fdfEfEfAfC] (...) -- C:\Users\Jean\AppData\Roaming\~spdtafk.exe   [667648]    
O39 - APT: System Speedup_DEFAULT - (.System Speedup.) -- C:\Windows\Tasks\System Speedup_DEFAULT.job   [302]   =>PUP.SystemSpeedup  
O39 - APT: System Speedup_DEFAULT - (.System Speedup.) -- C:\Windows\System32\Tasks\System Speedup_DEFAULT   [302]   =>PUP.SystemSpeedup  
O39 - APT: System Speedup_UPDATES - (.System Speedup.) -- C:\Windows\Tasks\System Speedup_UPDATES.job   [310]   =>PUP.SystemSpeedup  
O39 - APT: System Speedup_UPDATES - (.System Speedup.) -- C:\Windows\System32\Tasks\System Speedup_UPDATES   [310]   =>PUP.SystemSpeedup  
O42 - Logiciel: System Speedup - (.systemspeedup.com.) [HKLM][64Bits] -- System Speedup_is1    
[HKCU\Software\System Speedup]  
[HKCU\Software\systweak]  
[HKLM\Software\Wow6432Node\System Speedup]    
[HKLM\Software\Wow6432Node\systweak]    
O43 - CFD: 02/07/2014 - 18:13:37 - [] ----D C:\Program Files (x86)\System Speedup  
O43 - CFD: 29/04/2014 - 20:13:09 - [] ----D C:\ProgramData\InstallMate  
O43 - CFD: 02/07/2014 - 11:01:59 - [0] ----D C:\ProgramData\Systweak  
O43 - CFD: 29/04/2014 - 20:13:09 - [] ----D C:\ProgramData\MiniApp  
O43 - CFD: 02/07/2014 - 18:13:51 - [] ----D C:\Users\Jean\AppData\Roaming\Advanced System Protector
O43 - CFD: 02/07/2014 - 18:13:05 - [] ----D C:\Users\Jean\AppData\Roaming\betadeeal  
O43 - CFD: 02/07/2014 - 18:18:45 - [] ----D C:\Users\Jean\AppData\Roaming\System Speedup    
O43 - CFD: 02/07/2014 - 11:02:08 - [] ----D C:\Users\Jean\AppData\Roaming\systweak    
O44 - LFC:[MD5.13014E17D8DB6432FAB9BB94E01BDBF2] - 30/06/2014 - 19:38:47 ---A- . (.System Speedup - System Speedup.) -- C:\Windows\System32\roboot64.exe   [19544]  
O45 - LFCP:[MD5.10ACD6F5EC8B1FC3AE9C9E84BF020D77] - 30/06/2014 - 17:59:57 ---A- - C:\Windows\Prefetch\ADVANCEDSYSTEMPROTECTOR.EXE-9B4B6DAD.pf   =>PUP.AdvancedSystemProtector  
O45 - LFCP:[MD5.C3BEF1570FADFA9D1D4BD151C16C070B] - 30/06/2014 - 17:59:05 ---A- - C:\Windows\Prefetch\OF_VUUPC-FR_CHK_0_28.EXE-81DE2943.pf   =>PUP.VuuPC  
O45 - LFCP:[MD5.E2CDD68F9D8426C6715FB08F34F1CA36] - 29/10/2013 - 10:57:48 ---A- - C:\Windows\Prefetch\SEARCHPROTECTINT.EXE-7EC917BB.pf   =>PUP.SearchProtect  
O45 - LFCP:[MD5.5E8041E0489E2EA6CE676DAA54908541] - 02/07/2014 - 17:03:51 ---A- - C:\Windows\Prefetch\UNINSTALL_DEEAL.EXE-9E7ED293.pf   =>PUP.DeealFr  
O45 - LFCP:[MD5.8F5956FCE062E086BC8EC9BEB49498F6] - 30/06/2014 - 17:59:14 ---A- - C:\Windows\Prefetch\VOPACKAGE.EXE-7B0AF267.pf   =>Adware.Downware  
O45 - LFCP:[MD5.ECD4D7BE192793CF770565778353A1EB] - 30/06/2014 - 17:59:05 ---A- - C:\Windows\Prefetch\VUUPC.EXE-167719D8.pf   =>PUP.VuuPC  
O45 - LFCP:[MD5.8F2E0AA6E6F409E8FAF3940FA352DEE1] - 11/06/2014 - 11:55:30 ---A- - C:\Windows\Prefetch\WEBPLAYER.EXE-37C7CC71.pf   =>Adware.SocialSkinz  
O61 - LFC: 02/07/2014 - 18:22:14 ---A- . (...) -- C:\Users\Jean\AppData\Local\Microsoft\Windows\INetCache\IE\GUILEDHL\ssupsetup_binstall3[1].exe   [4624790]    => Microsoft Corporation - Windows  
O61 - LFC: 02/07/2014 - 18:22:14 ---A- . (...) -- C:\Users\Jean\AppData\Local\Microsoft\Windows\INetCache\IE\TTQFHT0S\betadeeal[1].exe   [1802752]   =>PUP.DeealFr  
C:\Users\Jean\AppData\Local\Microsoft\WinU
O61 - LFC: 30/06/2014 - 18:22:50 ---A- . (...) -- C:\Users\Jean\AppData\Roaming\~spdtafk.exe   [667648]    
[MD5.98161DC6255C6BE7FFA89BEA634E2A6E] [SPRF][13/06/2014] (...) -- C:\ProgramData\uninstall_Deeal.exe   [431104]  
[MD5.BD2B3806854FEE15E76CB2CE662028DA] [SPRF][30/06/2014] (.Pas de propriétaire - betadeeal service scheduler.) -- C:\Users\Jean\AppData\Roaming\~spdtafk.exe   [667648]  
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32   =>PUP.AdvancedSystemProtector  
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS   =>PUP.AdvancedSystemProtector  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Speedup_is1]    
[HKLM\Software\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}]   =>Toolbar.Freecorder  
[HKLM\Software\Wow6432Node\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}]   =>Toolbar.Freecorder  
[HKLM\Software\Classes\AppID\AddonsFramework.DLL]   =>Toolbar.Freecorder  
[HKLM\Software\Classes\AppID\ScriptHost.DLL]   =>Toolbar.Freecorder  
[HKLM\Software\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}]   =>Toolbar.Freecorder  
[HKLM\Software\Wow6432Node\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}]   =>Toolbar.Freecorder  
[HKLM\Software\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}]   =>Toolbar.Freecorder  
[HKLM\Software\Wow6432Node\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}]   =>Toolbar.Freecorder  
[HKLM\Software\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}]   =>Toolbar.Freecorder  
[HKLM\Software\Wow6432Node\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}]   =>Toolbar.Freecorder  
[HKLM\Software\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}]   =>Toolbar.Freecorder  
[HKLM\Software\Wow6432Node\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}]   =>Toolbar.Freecorder  
[HKLM\Software\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}]   =>Toolbar.Freecorder  
[HKLM\Software\Wow6432Node\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}]   =>Toolbar.Freecorder  
[HKLM\Software\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}]   =>Toolbar.Freecorder  
[HKLM\Software\Wow6432Node\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}]   =>Toolbar.Freecorder  
[HKLM\Software\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}]   =>Toolbar.Freecorder  
[HKLM\Software\Wow6432Node\Classes\Interface\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}]   =>Toolbar.Freecorder  
[HKLM\Software\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}]   =>Toolbar.Freecorder  
[HKLM\Software\Wow6432Node\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}]   =>Toolbar.Freecorder  
[HKLM\Software\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}]   =>Toolbar.Freecorder  
[HKLM\Software\Wow6432Node\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}]   =>Toolbar.Freecorder  
[HKLM\Software\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}]   =>Toolbar.Freecorder  
[HKLM\Software\Wow6432Node\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}]   =>Toolbar.Freecorder  
[HKLM\Software\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}]   =>Toolbar.Freecorder  
[HKLM\Software\Wow6432Node\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}]   =>Toolbar.Freecorder  
[HKLM\Software\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}]   =>Toolbar.Freecorder  
[HKLM\Software\Wow6432Node\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}]   =>Toolbar.Freecorder  
[HKLM\Software\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}]   =>Toolbar.Freecorder  
[HKLM\Software\Wow6432Node\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}]   =>Toolbar.Freecorder  
[HKLM\Software\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}]   =>Toolbar.Freecorder  
[HKLM\Software\Wow6432Node\Classes\Interface\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}]   =>Toolbar.Freecorder  
[HKLM\Software\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}]   =>Adware.Adkubru
[HKLM\Software\Wow6432Node\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}]   =>Adware.Adkubru
EmptyFlash
EmptyTemp


Message édité par Destrio5 le 03-07-2014 à 01:04:35
Reply

Marsh Posté le 03-07-2014 à 10:22:32    

Bonjour, j'ai sensiblement le même souci avec SystemSpeedup et Advanced System Protector. Je parviens à les désinstaller mais ils reviennent dès que je reboot le pc.
 
Voici le lien du rapport complet de ZHPdiag:
 
http://pjjoint.malekal.com/files.p [...] 14h6d10v11
 
Merci par avance pour l'aide apportée :)

Reply

Marsh Posté le 03-07-2014 à 12:18:19    

Bonjour shilandra,
 
Script pour ZHPFix :
 

Script ZHPFix
SysRestore
O4 - GS\Desktop [Public]: System Speedup.lnk . (.System Speedup - System Speedup.)  -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe  
[MD5.00000000000000000000000000000000] [APT] [Advanced System Protector] (...) -- C:\Program Files (x86)\RegClean Pro\SystweakASP.exe (.not file.)   [0]  
[MD5.00000000000000000000000000000000] [APT] [Advanced System Protector_startup] (...) -- C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (.not file.)   [0]  
[MD5.02D5B7F0AC2CA0EA954CA21E9C3A010F] [APT] [System Speedup] (.System Speedup.) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe   [7833176]   =>PUP.SystemSpeedup  
[MD5.02D5B7F0AC2CA0EA954CA21E9C3A010F] [APT] [System Speedup_DEFAULT] (.System Speedup.) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe   [7833176]   =>PUP.SystemSpeedup  
[MD5.02D5B7F0AC2CA0EA954CA21E9C3A010F] [APT] [System Speedup_UPDATES] (.System Speedup.) -- C:\Program Files (x86)\System Speedup\SystemSpeedup.exe   [7833176]   =>PUP.SystemSpeedup  
[MD5.00000000000000000000000000000000] [APT] [TaskUserUpdate_wp] (...) -- C:\Users\Dorine\AppData\Roaming\~jqbzddz.exe (.not file.)   [0]    => Infection FakeAlert (Possible)  
[MD5.00000000000000000000000000000000] [APT] [{093218FC-3482-4C66-86D2-D332359EA9EC}] (...) -- C:\Users\Dorine\AppData\Roaming\sweet-page\UninstallManager.exe (.not file.)   [0]   =>PUP.SweetPage  
O39 - APT: System Speedup_DEFAULT - (.System Speedup.) -- C:\Windows\Tasks\System Speedup_DEFAULT.job   [294]   =>PUP.SystemSpeedup  
O39 - APT: System Speedup_DEFAULT - (.System Speedup.) -- C:\Windows\System32\Tasks\System Speedup_DEFAULT   [294]   =>PUP.SystemSpeedup  
O39 - APT: System Speedup_UPDATES - (.System Speedup.) -- C:\Windows\Tasks\System Speedup_UPDATES.job   [302]   =>PUP.SystemSpeedup  
O39 - APT: System Speedup_UPDATES - (.System Speedup.) -- C:\Windows\System32\Tasks\System Speedup_UPDATES   [302]   =>PUP.SystemSpeedup  
O42 - Logiciel: System Speedup - (.systemspeedup.com.) [HKLM][64Bits] -- System Speedup_is1  
[HKCU\Software\System Speedup]    
[HKCU\Software\systweak]  
[HKLM\Software\Wow6432Node\System Speedup]    
[HKLM\Software\Wow6432Node\systweak]    
O43 - CFD: 02/07/2014 - 11:56:18 - [] ----D C:\Program Files (x86)\System Speedup  
O43 - CFD: 02/07/2014 - 14:19:41 - [0] ----D C:\ProgramData\Systweak  
O43 - CFD: 03/07/2014 - 09:58:47 - [] ----D C:\Users\Dorine\AppData\Roaming\System Speedup   =>PUP.SystemSpeedup  
O43 - CFD: 02/07/2014 - 14:19:41 - [] ----D C:\Users\Dorine\AppData\Roaming\systweak    
O44 - LFC:[MD5.13014E17D8DB6432FAB9BB94E01BDBF2] - 02/07/2014 - 10:56:19 ---A- . (.System Speedup - System Speedup.) -- C:\Windows\System32\roboot64.exe   [19544]  
C:\Users\Dorine\AppData\Local\Microsoft\WinU
[MD5.FFAA448AA83402027F289C085954FFD3] [WIS][19/01/2014] (.Kreapixel - Webplayer.) -- C:\Windows\Installer\6b307a2.msi   [21504]    
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32   =>PUP.AdvancedSystemProtector  
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS   =>PUP.AdvancedSystemProtector  
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFortunitas_RASAPI32   =>PUP.Fortunitas  
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updateFortunitas_RASMANCS   =>PUP.Fortunitas  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Speedup_is1]    
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\1C875DDE39636004CA8CDAEC335B4160]   =>Adware.PredictAd  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\38D5CDD0A851B3940A43CC50ABBA251C]   =>Adware.Boxore^  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AAC05EAA51DC78A41A1DCE3B31038584]   =>Adware.Boxore^  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA71D41F6CC0B6247B05D473850A8AEA]   =>Adware.Boxore^  
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA0054A5AB3EFFE4CB5660E44A1E7DCC]   =>Adware.Boxore^  
C:\Windows\Installer\6b307a2.msi    
[MD5.00000000000000000000000000000000] [APT] [Norton WSC Integration] (...) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [Norton Error Analyzer] (...) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [Norton Error Processor] (...) -- C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe (.not file.)   [0]
EmptyFlash
EmptyTemp

Reply

Marsh Posté le 03-07-2014 à 22:42:10    

Merci infiniment, problème résolu :)

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed