Faux positif sur :
- Google Updater
- Symantec System Recovery
Clé Présente : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 (Symantec System Recovery)
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 (Symantec System Recovery
Cece avec la version 4.002.
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [ Navigateurs ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v33.0 (x86 fr)
-\\ Google Chrome v38.0.2125.104
*************************
Cela fait beaucoup de clés de différences entre les 2 versions.
Bonne journée
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{DCC70A83-E184-40A3-906B-779AF5E941C4}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Analyse avec 4.001
***** [ Services ] *****
***** [ Fichiers / Dossiers ] *****
***** [ Tâches planifiées ] *****
Tâche Présente : RunAsStdUser Task
***** [ Raccourcis ] *****
***** [ Registre ] *****
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{06E58E5E-F8CB-4049-991E-A41C03BD419E}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{258C9770-1713-4021-8D7E-1F184A2BD754}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{43D9E6F0-1776-4897-AE14-ECEDECBAFEC0}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5A074B29-F830-49DE-A31B-5BB9D7F6B407}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{BDEA95CF-F0E6-41E0-BD3D-B00F39A4E939}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}
Clé Présente : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Bonjour,
Je ne suis pas experte, mais il doit y avoir un gros problème avec la nouvelle version 4.001.
Analyses faite l'une derrière l'autre avec la version 4.000 et ensuite 4.001 et voici les résultats:
4.000:
***** [ Services ] *****
***** [ Fichiers / Dossiers ] *****
***** [ Tâches planifiées ] *****
Tâche Présente : RunAsStdUser Task
***** [ Raccourcis ] *****
***** [ Registre ] *****
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Clé Présente : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
***** [ Navigateurs ] *****
-\\ Internet Explorer v11.0.9600.17344
-\\ Mozilla Firefox v33.0 (x86 fr)
-\\ Google Chrome v38.0.2125.104
*************************
Suite sur 2ème message question place.
Also cannot download as Norton blocks and removes it. Here is copy of Norton details:
Filename: adwcleaner[1].exe
Threat name: Trojan.Gen.SMH
Full Path: c:\users\admin\appdata\local\microsoft\windows\temporary internet files\content.ie5\0xz70k18\adwcleaner[1].exe
____________________________
Details
Unknown Community Usage, Unknown Age, Risk High
Origin
Downloaded from
http://download.bleepingcomputer.com/dl/ccc7b1be60ac8b673cbab8cd91aea0c9/5405e713/windows/security/security-utilities/a/adwcleaner/AdwCleaner.exe
Activity
Actions performed: Actions performed: 1
____________________________
On computers as of
9/2/2014 at 8:45:45 AM
Last Used
9/2/2014 at 9:49:52 AM
Startup Item
No
Launched
No
____________________________
Unknown
It is unknown how many users in the Norton Community have used this file.
Unknown
This file release is currently not known.
High
This file risk is high.
Threat type: Virus. Programs that infect other programs, files, or areas of a computer by inserting themselves or attaching themselves to that medium.
___________________________
http://download.bleepingcomputer.com/dl/ccc7b1be60ac8b673cbab8cd91aea0c9/5405e713/windows/security/security-utilities/a/adwcleaner/AdwCleaner.exe
Downloaded File adwcleaner[1].exe Threat name: Trojan.Gen.SMH
from bleepingcomputer.com
Source: External Media
adwcleaner[1].exe
___________________________
File Actions
File: c:\Users\ADMIN\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\0XZ70K18\ adwcleaner[1].exe Removed
____________________________
File Thumbprint - SHA:
f303a32ba4a44ae7d25b73f5b6f3f2c3dcf6d9970ebf88de816b399eedce80b1
File Thumbprint - MD5:
Not available
Here is a log showing what was found on a PC that I had it crash on.
# AdwCleaner v3.303 - Report created 07/08/2014 at 15:00:51
# Updated 06/08/2014 by Xplode
# Operating System : Windows 8.1 (64 bits)
# Username : Robert - MAINPC
# Running from : C:\A.I.R\adwcleaner.exe
# Option : Scan
***** [ Services ] *****
Service Found : CltMngSvc
***** [ Files / Folders ] *****
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Found : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Found : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Robert\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\ProgramData\374311380
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\Users\Robert\AppData\Local\SearchProtect
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Data Found : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Optimizer Pro
Key Found : HKCU\Software\Trymedia Systems
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Optimizer Pro
Key Found : [x64] HKCU\Software\Trymedia Systems
Key Found : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Trymedia Systems
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Google Chrome v36.0.1985.125
[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User
Help please - I run regularly AdwCleaner (most up to date) and I always find items flagged in Chrome - I click on the clean button and after rebooting I found the following:
# AdwCleaner v3.210 - Report created 19/05/2014 at 13:19:25
# Updated 19/05/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Paulo - PAULO-PC
# Running from : C:\Users\Paulo\Desktop\Clean Up\AdwCleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
***** [ Browsers ] *****
-\\ Internet Explorer v0.0.0.0
-\\ Google Chrome v34.0.1847.116
[ File : C:\Users\Paulo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites0103&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEtAtC0D0A0ByCyDtB0DzytN0D0Tzu0CyByByDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=938586735&ir=
Deleted [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3306061&SearchSource=48&CUI=UN25144629123183723&UM=2
Deleted [Startup_urls] : hxxp://start.mysearchdial.com/?f=1&a=dsites0103&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEtAtC0D0A0ByCyDtB0DzytN0D0Tzu0CyByByDtN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R&cr=938586735&ir=
*************************
AdwCleaner[R47].txt - [1467 octets] - [19/05/2014 13:18:36]
AdwCleaner[S21].txt - [1397 octets] - [19/05/2014 13:19:25]
I assume the Chrome items are delete. I run AdwCleaner again, and they seem to be gone. If I run again AwdCleaner a few hours later, the items are back. Where are they coming from? How can I clean them permanently? I do not have ask.com nor aol.com. Please, help.
Contact at pady5star@gmail.com - thanks
########## EOF - C:\AdwCleaner\AdwCleaner[S21].txt - [1458 octets] ##########