I'll put all Windows 10 in english, sorry. I suppose it can switch languages.
I'll put all Windows 10 in english, sorry. I suppose it can switch languages.
we can continue in french if need be.Originally Posted by waterreedshimmer
please post
Fixlog.txt
AdwCleaner[C1].txt
Malwarebytes log
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Résultats de correction de Farbar Recovery Scan Tool (x64) Version: 22-05-2017
Exécuté par Francoise (23-05-2017 10:38:41) Run:2
Exécuté depuis C:\Users\Francoise\Documents\auto launch with security\frst in french
Profils chargés: Francoise (Profils disponibles: UpdatusUser & Francoise)
Mode d'amorçage: Normal
==============================================
fixlist contenu:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll [2017-05-20] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-20] (Oracle Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-20] (Oracle Corporation)
CHR HomePage: Default -> hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MF0EB4FF8-58E5-48DF-B125-CD0ECCC2BAA7&SearchSource=55&CUI=&UM=6&UP=SPD0539E0E-470F-4696-A94D-BE2536B7839C&SSPV=
2017-04-02 15:53 - 2017-04-02 15:55 - 105535336 _____ () C:\Users\Francoise\AppData\Local\Temp\228E.exe
2008-08-25 11:31 - 2008-08-25 11:31 - 242743296 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\dotnetfx35_sp1.exe
2009-03-16 19:38 - 2009-03-16 19:38 - 1914000 _____ (Adobe Systems Incorporated) C:\Users\Francoise\AppData\Local\Temp\install_flash_player_10_active_x.exe
2017-01-24 16:35 - 2017-01-24 16:35 - 0739904 _____ (Oracle Corporation) C:\Users\Francoise\AppData\Local\Temp\jre-8u121-windows-au.exe
2017-05-20 13:23 - 2017-05-20 13:23 - 0739904 _____ (Oracle Corporation) C:\Users\Francoise\AppData\Local\Temp\jre-8u131-windows-au.exe
2016-12-28 13:39 - 2017-01-12 21:10 - 2858376 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.2.2.Installer.exe
2017-02-21 17:29 - 2017-02-21 17:29 - 2903480 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.3.2.Installer.exe
2017-03-23 20:42 - 2017-03-23 20:42 - 2982992 _____ () C:\Users\Francoise\AppData\Local\Temp\npp.7.3.3.Installer.exe
2008-12-15 18:34 - 2008-12-15 18:34 - 2585872 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\Wi3.1-x86.exe
2006-12-07 13:43 - 2006-12-07 13:43 - 8100680 _____ (Microsoft Corporation) C:\Users\Francoise\AppData\Local\Temp\wmfdist11.exe
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.33.3\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.32.7\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => Pas de fichier
CustomCLSID: HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Francoise\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => Pas de fichier
Task: {0B7D69F0-8C95-42CB-A499-E24D1B8B9482} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Pas de fichier <==== ATTENTION
Task: {614FF4A2-C57A-411F-90B2-03260DE99E05} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Pas de fichier <==== ATTENTION
Task: {6C4B3157-B581-42DF-80E4-2AD927D09E7C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Pas de fichier <==== ATTENTION
Task: {89CD61D1-1947-40CF-A633-A02CA31EF2D3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Pas de fichier <==== ATTENTION
Task: {951AE104-974A-424B-AC10-607338DA5222} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Pas de fichier <==== ATTENTION
Task: {A7F3D7B0-0A9C-4251-AAD5-EF6F1434E287} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Pas de fichier <==== ATTENTION
Task: {AAAF8CC1-1AA2-47E0-8C62-152B4A0CCA8E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Pas de fichier <==== ATTENTION
Task: {B82AEADE-CD01-47C9-A8A0-B665ADE7BD99} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Pas de fichier <==== ATTENTION
Task: {BBD43C31-CFA2-4E2E-B5EA-CCB7E72FD4E8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Pas de fichier <==== ATTENTION
Task: {CB9D70F7-BA2F-48F9-8877-3E681F8368A3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Pas de fichier <==== ATTENTION
Task: {F968BCFC-807A-41B2-B1E2-484E4E334945} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Pas de fichier <==== ATTENTION
EmptyTemp:
*****************
Le Point de restauration a été créé avec succès.
Processus fermé avec succès.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => valeur non trouvé(e).
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui => clé non trouvé(e).
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => clé non trouvé(e).
HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => clé non trouvé(e).
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => clé non trouvé(e).
HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => clé non trouvé(e).
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.131.2 => clé non trouvé(e).
C:\Program Files (x86)\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll => non trouvé(e).
HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.131.2 => clé non trouvé(e).
C:\Program Files (x86)\Java\jre1.8.0_131\bin\plugin2\npjp2.dll => non trouvé(e).
Chrome HomePage => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\228E.exe" => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\dotnetfx35_sp1.exe" => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\install_flash_player_10_active_x.exe" => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\jre-8u121-windows-au.exe" => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\jre-8u131-windows-au.exe" => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\npp.7.2.2.Installer.exe" => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\npp.7.3.2.Installer.exe" => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\npp.7.3.3.Installer.exe" => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\Wi3.1-x86.exe" => non trouvé(e).
"C:\Users\Francoise\AppData\Local\Temp\wmfdist11.exe" => non trouvé(e).
HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => clé non trouvé(e).
HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856} => clé non trouvé(e).
HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => clé non trouvé(e).
HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04} => clé non trouvé(e).
HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => clé non trouvé(e).
HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA} => clé non trouvé(e).
HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => clé non trouvé(e).
HKU\S-1-5-21-3610230612-1959919224-871680787-1002_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B7D69F0-8C95-42CB-A499-E24D1B8B9482} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{614FF4A2-C57A-411F-90B2-03260DE99E05} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C4B3157-B581-42DF-80E4-2AD927D09E7C} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89CD61D1-1947-40CF-A633-A02CA31EF2D3} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{951AE104-974A-424B-AC10-607338DA5222} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A7F3D7B0-0A9C-4251-AAD5-EF6F1434E287} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAAF8CC1-1AA2-47E0-8C62-152B4A0CCA8E} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B82AEADE-CD01-47C9-A8A0-B665ADE7BD99} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBD43C31-CFA2-4E2E-B5EA-CCB7E72FD4E8} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB9D70F7-BA2F-48F9-8877-3E681F8368A3} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F968BCFC-807A-41B2-B1E2-484E4E334945} => clé non trouvé(e).
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => clé non trouvé(e).
=========== EmptyTemp: ==========
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 1056016 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 2294336 B
Edge => 17095 B
Chrome => 383533336 B
Firefox => 375281306 B
Opera => 27968763 B
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 27097354 B
NetworkService => 75075302 B
UpdatusUser => 0 B
Francoise => 311422964 B
RecycleBin => 2323073 B
EmptyTemp: => 1.1 GB données temporaires supprimées.
================================
Le système a dû redémarrer.
==== Fin de Fixlog 10:46:04 ====
# AdwCleaner v6.047 - Logfile created 23/05/2017 at 11:56:25
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-05-22.1 [Local]
# Operating System : Windows 8 Pro (X64)
# Username : Francoise - EARENDIL-LIGHT
# Running from : C:\Users\Francoise\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Folders ] *****
[-] Folder deleted: C:\Users\Francoise\AppData\Local\SweetLabs App Platform
[-] Folder deleted: C:\Users\Default User\AppData\Local\Pokki
[#] Folder deleted on reboot: C:\Users\Default\AppData\Local\Pokki
[-] Folder deleted: C:\Users\Public\Pokki
***** [ Files ] *****
[-] File deleted: C:\Users\Francoise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
[-] File deleted: C:\Users\Francoise\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
[-] Task deleted: SweetLabs App Platform
***** [ Registry ] *****
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_03d432a7e610c3e908213e7689d4342ce2111caf
[-] Key deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Classes\pokki
[-] Key deleted: HKCU\Software\Classes\pokki
[-] Key deleted: [x64] HKCU\Software\Classes\pokki
[-] Key deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\SweetLabs App Platform
[-] Key deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Key deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Key deleted: HKCU\Software\SweetLabs App Platform
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Key deleted: [x64] HKCU\Software\SweetLabs App Platform
[-] Key deleted: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_AP
[-] Key deleted: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SweetLabs_Start_Menu
[-] Key deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AC2673AB-B2E7-11E4-82DA-201A06CBDE2D}
[#] Data restored on reboot: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AC2673AB-B2E7-11E4-82DA-201A06CBDE2D}
[#] Data restored on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key deleted: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Key deleted: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AC2673AB-B2E7-11E4-82DA-201A06CBDE2D}
[#] Data restored on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope] {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AA9A4890-4262-4441-8977-E2FFCBFB706C}
[-] Value deleted: HKU\S-1-5-21-3610230612-1959919224-871680787-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
[-] Key deleted: HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key deleted: HKCU\Software\Classes\Directory\shell\pokki
[-] Key deleted: HKCU\Software\Classes\Drive\shell\pokki
[-] Key deleted: HKCU\Software\Classes\lnkfile\shell\pokki
***** [ Web browsers ] *****
[-] [C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: fr.yhs4.search.yahoo.com
[-] [C:\Users\Francoise\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: homepage-web.com
[-] [C:\Users\Francoise\AppData\Local\Google\Chrome SxS\User Data\Default] [homepage] Deleted: hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MF0EB4FF8-58E5-48DF-B125-CD0ECCC2BAA7&SearchSource=55&CUI=&UM=6&UP=SPD0539E0E-470F-4696-A94D-BE2536B7839C&SSPV=
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [4828 Bytes] - [23/05/2017 11:56:25]
C:\AdwCleaner\AdwCleaner[S0].txt - [5416 Bytes] - [23/05/2017 10:46:29]
C:\AdwCleaner\AdwCleaner[S1].txt - [4981 Bytes] - [23/05/2017 11:35:20]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5047 Bytes] ##########
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 5/23/17
Scan Time: 12:42 PM
Log File: malwarebytes.txt
Administrator: Yes
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.2003
License: Trial
-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: EARENDIL-LIGHT\Francoise
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 458789
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 6 min, 15 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 0
(No malicious items detected)
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 0
(No malicious items detected)
Physical Sector: 0
(No malicious items detected)
(end)
Thank you both for your concern and for your work =)
----------------------------------------------------------------
Admin Edit
Tavern thread: https://forums.spybot.info/showthrea...l=1#post475963
Last edited by tashi; 2017-05-23 at 16:59. Reason: Edited out text and added it to previous topic in Tavern. Copy pasted logs requested into this topic.
* st scab = 1st scan
It appears you ran the script for FRST twice, was not necessary.
http://www.shouldiremoveit.com/Pokki-5024-program.aspxwhat concerns AdwCleaner, fixes concerned Pokki
http://www.shouldiremoveit.com/Pokki...1-program.aspx
**************
Please run the below fix script once.
~~~
Start FRST (Please double-click on FRST/FRST64) with Administrator privileges
Right click on the text below and select Copy.
Start::
EndProcesses:
SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> DefaultScope {AC2673AB-B2E7-11E4-82DA-201A06CBDE2D} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://fr.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3610230612-1959919224-871680787-1002 -> {AC2673AB-B2E7-11E4-82DA-201A06CBDE2D} URL = hxxp://search.homepage-web.com/?src=omnibox&partner=acer&q={searchTerms}
Emptytemp:
End::
Press the Fix button.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.
Please copy and paste its contents in your next reply.
*****************
Let's try to reset Google Chrome and see if the redirect changes
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
Backup Chrome Bookmarks
Proceed with the reset once done.
**********
Zemana AntiMalware Free
Please download it from here:
Double-click on the file named “Zemana.AntiMalware.Portable” to perform a system scan with Zemana AntiMalware Free.
You may be presented with a User Account Control dialog asking you if you want to run this program. If this happens, you should click “Yes” to allow Zemana AntiMalware to run.
When Zemana AntiMalware starts, click on the “Scan” button to perform a system scan.
without changing any options, press Scan
When Zemana has finished finished scanning it will show a screen that displays any malware that has been detected. To remove all the malicious files, click on the “Next” button.
Zemana AntiMalware will now start to remove all the malicious programs from your computer.
Note: If restart is required to finish the cleaning process, you should click Reboot. If reboot isn't required, please restart your computer manually.
- open Zemana AntiMalware again and locate the latest report
- please paste the contents into your reply
When the process is complete, you can close Zemana AntiMalware
Please post these logs when finished.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
Hello =) I'll post in Tavern what I think.
Did you follow instructions for this?try to reset Google Chrome
Since you have used Zemana AntiMalware, has your computer improved?
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
We came back to step 1 :( I found out: https://adwords.google.com/apt/anon/...__c=1000000000 that shows same result then 1st one and add &gl=fr&pws=0 to Google Search results that also shows same result then 1st one. So we took 2 steps back :(
It's just firefox that had change address length.
Posting Permissions
