Help me, Pc infecté !

[rimas555]

Bonjour,

 

Merci

 

voilà le lien vers le 1er rapport

 

Cijoint.fr - Service gratuit de dépôt de fichiers

[rimas555]

je te trouve pas le 2eme rapport, il ne s'ouvre pas

[rimas555]

Bonjour Tomtom95 !

 

Mon rapport OTL est bon ? j'ai l'impression que je suis toujours infecté !

 

je n'arrive pas à obtenir le ficiher Extras, il devrait s'ouvrir tout seul, non ?

 

Merci

[tomtom95]

Bonsoir rimas

 

Journée de travail oblige, je ne peux que te répond que maintenant.

Le fichier Extras.Txt est sauvegardé au même endroit que OTL.que tu as placé ici(C:\Users\Samir\Downloads\OTL-1.exe)

 

 

• Relance OTL
  
   
  
• Important :Copie-colle correctement toutes c'est lignes dans la fenêtre personnalisation :
   

  Instructions:
  :OTL
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found
  O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
  O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = File not found
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
  O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18 )
  O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
  O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
  O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
  O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
  O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
  O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
  O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
  O34 - HKLM BootExecute: (autocheck autochk *) - File not found
  [2011/04/27 20:08:44 | 000,000,000 | ---D | C] -- C:\Users\Samir\Desktop\RK_Quarantine
  [2011/04/21 00:43:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
  [2011/04/28 00:08:57 | 000,000,000 | ---D | C] -- C:\Users\Samir\AppData\Local\{AD06DFB1-F632-4A14-BA00-3B099C29B359}
  [2011/04/27 02:58:49 | 000,000,000 | ---D | C] -- C:\Users\Samir\AppData\Local\{150DEF54-55D3-45BF-9D9D-9A0529AB6493}
  [2011/04/20 17:34:33 | 000,000,000 | ---D | C] -- C:\Users\Samir\AppData\Local\{18B6009F-E389-4572-A6DE-81FE8921E863}
  [2011/04/19 12:55:17 | 000,000,000 | ---D | C] -- C:\Users\Samir\AppData\Local\{E88AC85E-D79F-4E47-A035-DB6B94494DA8}
  [2011/04/19 10:07:47 | 000,000,000 | ---D | C] -- C:\Users\Samir\AppData\Local\{5E5948BA-F2F8-43B7-B889-687835813077}
  [2011/04/18 16:32:20 | 000,000,000 | ---D | C] -- C:\Users\Samir\AppData\Local\{A22B97E0-2DCF-467C-B675-05B14689075D}
  [2011/04/15 14:24:59 | 000,000,000 | ---D | C] -- C:\Users\Samir\AppData\Local\{18FF9846-BF4D-426A-B8CB-C596505EEBC5}
  [2011/04/13 02:30:33 | 000,000,000 | ---D | C] -- C:\Users\Samir\AppData\Local\{5E58811E-2CD9-413E-B347-7B24446E2221}
  [2011/04/11 14:16:21 | 000,000,000 | ---D | C] -- C:\Users\Samir\AppData\Local\{97D4FFEE-6F24-4F6D-BF7A-1AC553B3027E}
  [2011/04/08 10:43:37 | 000,000,000 | ---D | C] -- C:\Users\Samir\AppData\Local\{1B280B41-8693-465C-AC2A-4AE07A95F491}
  [2011/04/07 14:23:12 | 000,000,000 | ---D | C] -- C:\Users\Samir\AppData\Local\{86D1D127-A0CF-41CE-A744-81D8DEFA7D2D}
  [2011/04/07 02:22:43 | 000,000,000 | ---D | C] -- C:\Users\Samir\AppData\Local\{3F81CF9E-0E8A-469D-A454-9E796210DBB7}
  [2011/04/26 02:27:26 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
  [2010/04/16 00:39:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
   
   
   
  :files
  C:\Users\Samir\AppData\Roaming\install
  C:\program files (X86)\RELEVANTKNOWLEDGE
  C:\Windows\SysNative\drivers\lvuvc.hs
   
   
  :commands
  [emptytemp]
  [EmptyFlash]
  [createrestorepoint]
  

• Clique ensuite sur Correction laisse l'outil travailler.
  
• Poste le contenu du nouveau rapport c'est un fichier "LOG"
  Il est sauvegardé dans le dossier C:\OTL\MovedFiles qui doit s'ouvrir avec le bloc-notes.
  
• Copie-colle ce texte dans ta prochaine réponse
  Tu peux utiliser les raccourcis clavier (CTRL+A
  CTRL+C et CTRL+V) pour le copier et coller sur le forum.

 

Télécharge sur le site AD-R (de C_XX) sur ton Bureau.

 

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

 

• Double-clique sur le raccourci AD-R.exe qui est sur ton bureau pour lancer l'outil .
  
• Choisit ta langue
   
  
• Au menu principal choisis l'option "Nettoyer" et tape sur [entrée] .
   
  
  

/!\ Laisse travailler l'outil et ne touche à rien /!\

 

Poste le rapport qui apparait à la fin .

 

( Le rapport est sauvegardé sous C:\Ad-report-clean-(date).log )

 

A+

[rimas555]

Bonsoir rimas

 

Journée de travail oblige, je ne peux que te répond que maintenant.

Le fichier Extras.Txt est sauvegardé au même endroit que OTL.que tu as placé ici(C:\Users\Samir\Downloads\OTL-1.exe)

 

 

• Relance OTL
  
   
  
• Important :Copie-colle correctement toutes c'est lignes dans la fenêtre personnalisation :
   
   
  
• Clique ensuite sur Correction laisse l'outil travailler.
  
• Poste le contenu du nouveau rapport c'est un fichier "LOG"
  Il est sauvegardé dans le dossier C:\OTL\MovedFiles qui doit s'ouvrir avec le bloc-notes.
  
• Copie-colle ce texte dans ta prochaine réponse
  Tu peux utiliser les raccourcis clavier (CTRL+A
  CTRL+C et CTRL+V) pour le copier et coller sur le forum.

 

Télécharge sur le site AD-R (de C_XX) sur ton Bureau.

 

/!\ Déconnecte-toi et ferme toutes applications en cours /!\

 

• Double-clique sur le raccourci AD-R.exe qui est sur ton bureau pour lancer l'outil .
  
• Choisit ta langue
   
  
• Au menu principal choisis l'option "Nettoyer" et tape sur [entrée] .
   
  
  

/!\ Laisse travailler l'outil et ne touche à rien /!\

 

Poste le rapport qui apparait à la fin .

 

( Le rapport est sauvegardé sous C:\Ad-report-clean-(date).log )

 

A+

 

 

Bonjour,

 

Merci pour ton aide

 

Alors, voilà le rapport OTL :

 

All processes killed

Error: Unable to interpret <Instructions:> in the current context!

========== OTL ==========

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk moved successfully.

File move failed. C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk scheduled to be moved on reboot.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ deleted successfully.

File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ deleted successfully.

File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.

File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ deleted successfully.

File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03C514A3-1EFB-4856-9F99-10D7BE1653C0}\ deleted successfully.

File {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324}\ deleted successfully.

File {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.

C:\Users\Samir\Desktop\RK_Quarantine folder moved successfully.

C:\Windows\SysNative\SPReview\zh-tw folder moved successfully.

C:\Windows\SysNative\SPReview\zh-hk folder moved successfully.

C:\Windows\SysNative\SPReview\zh-cn folder moved successfully.

C:\Windows\SysNative\SPReview\uk-ua folder moved successfully.

C:\Windows\SysNative\SPReview\tr-tr folder moved successfully.

C:\Windows\SysNative\SPReview\th-th folder moved successfully.

C:\Windows\SysNative\SPReview\sv-se folder moved successfully.

C:\Windows\SysNative\SPReview\sr-latn-cs folder moved successfully.

C:\Windows\SysNative\SPReview\sl-si folder moved successfully.

C:\Windows\SysNative\SPReview\sk-sk folder moved successfully.

C:\Windows\SysNative\SPReview\ru-ru folder moved successfully.

C:\Windows\SysNative\SPReview\ro-ro folder moved successfully.

C:\Windows\SysNative\SPReview\pt-pt folder moved successfully.

C:\Windows\SysNative\SPReview\pt-br folder moved successfully.

C:\Windows\SysNative\SPReview\pl-pl folder moved successfully.

C:\Windows\SysNative\SPReview\nl-nl folder moved successfully.

C:\Windows\SysNative\SPReview\nb-no folder moved successfully.

C:\Windows\SysNative\SPReview\lv-lv folder moved successfully.

C:\Windows\SysNative\SPReview\lt-lt folder moved successfully.

C:\Windows\SysNative\SPReview\ko-kr folder moved successfully.

C:\Windows\SysNative\SPReview\ja-jp folder moved successfully.

C:\Windows\SysNative\SPReview\it-it folder moved successfully.

C:\Windows\SysNative\SPReview\hu-hu folder moved successfully.

C:\Windows\SysNative\SPReview\hr-hr folder moved successfully.

C:\Windows\SysNative\SPReview\he-il folder moved successfully.

C:\Windows\SysNative\SPReview\fr-fr folder moved successfully.

C:\Windows\SysNative\SPReview\fi-fi folder moved successfully.

C:\Windows\SysNative\SPReview\et-ee folder moved successfully.

C:\Windows\SysNative\SPReview\es-es folder moved successfully.

C:\Windows\SysNative\SPReview\en-us folder moved successfully.

C:\Windows\SysNative\SPReview\el-gr folder moved successfully.

C:\Windows\SysNative\SPReview\de-de folder moved successfully.

C:\Windows\SysNative\SPReview\da-dk folder moved successfully.

C:\Windows\SysNative\SPReview\cs-cz folder moved successfully.

C:\Windows\SysNative\SPReview\bg-bg folder moved successfully.

C:\Windows\SysNative\SPReview\ar-sa folder moved successfully.

C:\Windows\SysNative\SPReview folder moved successfully.

C:\Users\Samir\AppData\Local\{AD06DFB1-F632-4A14-BA00-3B099C29B359} folder moved successfully.

C:\Users\Samir\AppData\Local\{150DEF54-55D3-45BF-9D9D-9A0529AB6493} folder moved successfully.

C:\Users\Samir\AppData\Local\{18B6009F-E389-4572-A6DE-81FE8921E863} folder moved successfully.

C:\Users\Samir\AppData\Local\{E88AC85E-D79F-4E47-A035-DB6B94494DA8} folder moved successfully.

C:\Users\Samir\AppData\Local\{5E5948BA-F2F8-43B7-B889-687835813077} folder moved successfully.

C:\Users\Samir\AppData\Local\{A22B97E0-2DCF-467C-B675-05B14689075D} folder moved successfully.

C:\Users\Samir\AppData\Local\{18FF9846-BF4D-426A-B8CB-C596505EEBC5} folder moved successfully.

C:\Users\Samir\AppData\Local\{5E58811E-2CD9-413E-B347-7B24446E2221} folder moved successfully.

C:\Users\Samir\AppData\Local\{97D4FFEE-6F24-4F6D-BF7A-1AC553B3027E} folder moved successfully.

C:\Users\Samir\AppData\Local\{1B280B41-8693-465C-AC2A-4AE07A95F491} folder moved successfully.

C:\Users\Samir\AppData\Local\{86D1D127-A0CF-41CE-A744-81D8DEFA7D2D} folder moved successfully.

C:\Users\Samir\AppData\Local\{3F81CF9E-0E8A-469D-A454-9E796210DBB7} folder moved successfully.

C:\Windows\SysNative\drivers\lvuvc.hs moved successfully.

C:\ProgramData\ezsidmv.dat moved successfully.

========== FILES ==========

C:\Users\Samir\AppData\Roaming\install folder moved successfully.

File\Folder C:\program files (X86)\RELEVANTKNOWLEDGE not found.

File\Folder C:\Windows\SysNative\drivers\lvuvc.hs not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56502 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Samir

->Temp folder emptied: 584549 bytes

->Temporary Internet Files folder emptied: 7171196 bytes

->Java cache emptied: 29059903 bytes

->FireFox cache emptied: 3509550 bytes

->Google Chrome cache emptied: 153734842 bytes

->Apple Safari cache emptied: 59637760 bytes

->Flash cache emptied: 63931 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 381256 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50607 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 243,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Samir

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

Restore point Set: OTL Restore Point

 

OTL by OldTimer - Version 3.2.22.3 log created on 04282011_194629

 

Files\Folders moved on Reboot...

File\Folder C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk not found!

C:\Users\Samir\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

File\Folder C:\Windows\temp\logishrd\LVPrcInj03.dll not found!

 

Registry entries deleted on Reboot...

[rimas555]

Et voilà le 2eme rapport :

 

 

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

 

Mis à jour par TeamXscript le 12/04/11

Contact: AdRemover[DOT]contact[AT]gmail[DOT]com

Site web: http://www.teamxscript.org

 

C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 19:59:53 le 28/04/2011, Mode normal

 

Microsoft Windows 7 Édition Familiale Premium (X64)

Samir@SAMIR-PC (Dell Inc. Inspiron 1545)

 

============== ACTION(S) ==============

 

 

 

(!) -- Fichiers temporaires supprimés.

 

 

 

 

============== SCAN ADDITIONNEL ==============

 

**** Mozilla Firefox Version [3.6.13 (fr)] ****

 

HKCU_MozillaPlugins\@movenetworks.com/Quantum Media Player (x)

Components\Scriptff.dll (McAfee, Inc.)

HKLM_Extensions|{23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video

HKLM_Extensions|{6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa

HKCU_Extensions|moveplayer@movenetworks.com - C:\Users\Samir\AppData\Roaming\Move Networks

 

-- C:\Users\Samir\AppData\Roaming\Mozilla\FireFox\Profiles\yad3kh0d.default --

Prefs.js - browser.startup.homepage_override.mstone, rv:1.9.2.13

 

========================================

 

**** Google Chrome Version [10.0.648.205] ****

 

Extension\fnjbmmemklcjgepojigaapkoodmkgbae (C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx) (?)

Extension\jfmjfhklogoienhpfnppmbcbjfjnkonk (C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx) (?)

Extension\nneajnkjbffgblleaoojgaacokifdkhm (C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx) (?)

 

-- C:\Users\Samir\AppData\Local\Google\Chrome\User Data\Default --

Preferences - default_search_provider: "Google" (Activé: true) (?)

Preferences - homepage:

Preferences - homepage_is_newtabpage: true

Plugin - RealJukebox NS Plugin (Activé: true) (C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll)

Plugin - Windows Live\u0099 Photo Gallery (Activé: true) (C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll)

Plugin - "Windows Live\u0099 Photo Gallery" (Activé: true)

Plugin - "Picasa" (Activé: true)

Plugin - "RealJukebox NS Plugin" (Activé: true)

Preferences - urls_to_restore_on_startup: hxxp://lemonde.fr/

 

========================================

 

**** Internet Explorer Version [8.0.7600.16385] ****

 

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896

HKCU_Main|Start Page - hxxp://fr.msn.com/

HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896

HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm

HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKLM_Main|Start Page - hxxp://fr.msn.com/

HKCU_SearchScopes\{4A3AF989-B165-4BC4-81A6-D7E2F96BBEDD} - "?" (?)

HKCU_Toolbar\WebBrowser|{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} (C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll)

HKLM_Toolbar|{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} (C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll)

HKCU_ElevationPolicy\{2E422264-6D8A-4ca0-97C7-A2CF868471EA} - C:\Users\Samir\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe (?)

HKCU_ElevationPolicy\{5C0D11B8-C5F6-4be3-AD2C-2B1A3EB94AB6} - C:\Program Files (x86)\Spotify\spotify.exe (Spotify Ltd)

HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)

HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)

HKLM_ElevationPolicy\{1FCCD250-A453-4348-86C1-E5EA9B76FADB} - C:\Program Files\McAfee\VirusScan\mcvsmap.exe (McAfee, Inc.)

HKLM_ElevationPolicy\{5F17E524-3447-4c7d-8E5F-4EFF31CDE3B7} - C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe (DivX, LLC)

HKLM_ElevationPolicy\{64903E32-AE0B-408D-909C-09A08791F28D} - C:\Program Files (x86)\DivX\DivX Plus Web Player\dwpBroker.exe (DivX, LLC)

HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)

HKLM_ElevationPolicy\{A8F94DF3-F6C6-422a-8BFC-7EE0F60A8609} - C:\Program Files\McAfee\VirusScan\mcvsshld.exe (McAfee, Inc.)

HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)

HKLM_ElevationPolicy\{D802E3EF-2513-4661-972E-BAD737EFBA88} - C:\Program Files (x86)\DivX\DivX OVS Helper\OVSHelperBroker.exe (DivX, LLC.)

BHO\{27B4851A-3207-45A2-B947-BE8AFE6163AB} - "McAfee Phishing Filter" (c:\progra~1\mcafee\msk\mskapbho.dll)

BHO\{326E768D-4182-46FD-9C16-1449A49795F4} - "DivX Plus Web Player HTML5 <video>" (C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll)

BHO\{593DDEC6-7468-4cdd-90E1-42DADAA222E9} - "DivX HiQ" (C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll)

BHO\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - "Search Helper" (C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll)

BHO\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - "scriptproxy" (C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20101105084626.dll)

 

========================================

 

C:\Program Files (x86)\Ad-Remover\Quarantine: 0 Fichier(s)

C:\Program Files (x86)\Ad-Remover\Backup: 14 Fichier(s)

 

C:\Ad-Report-CLEAN[1].txt - 28/04/2011 20:00:15 (5578 Octet(s))

 

Fin à: 20:03:12, 28/04/2011

 

============== E.O.F ==============

[tomtom95]

Rimas je vais manger ,et regarde les rapports ensuite (reviens vers 20H40 )

Dis moi commenbt ce comporte le pc maintenant

 

A+

[rimas555]

oui pas de soucis, moi je vais sortir manger dehors !

 

Depuis hier déjà, le PC va mieux, il ne chauffe plus comme avant, c'est déjà ça,

 

mais le ventilo tourne toujours ( je pense que c'est plutot bon signe, ça veut dire qu'il fonctionne) !

 

Avant, quand je lançais mon anti virus pour MBAM, ça prenait tellement de temps que le PC s'arrêtait tout seul avant la fin des opérations, tellement il était chaud ...

 

là, ça va bcp mieux, je vais lancer MBAM pour voir !

 

Bon apétit,

[tomtom95]

OUi fait un scanne complet avec MBAM

 

Avant applique ceci stp

 

• Relance OTL
  
   
  
• Important :Copie-colle correctement toutes c'est lignes dans la fenêtre personnalisation :
   

  :OTL
   
  :reg
  [HKCU\Software\Microsoft\Internet Explorer\SearchScopes]
  "{4A3AF989-B165-4BC4-81A6-D7E2F96BBEDD}"=-
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}]
  [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}]
   
   
  :files
  C:\Windows\SysWOW64\wpcer.exe
  C:\Windows\SysWOW64\winfxdocobj.exe
  C:\Windows\system32\TSWbPrxy.exe
   
  :commands
  [emptytemp]
  

• Clique ensuite sur Correction laisse l'outil travailler.
  
• Poste le contenu du nouveau rapport c'est un fichier "LOG"
  Il est sauvegardé dans le dossier C:\OTL\MovedFiles qui doit s'ouvrir avec le bloc-notes.
  
• Copie-colle ce texte dans ta prochaine réponse
  Tu peux utiliser les raccourcis clavier (CTRL+A
  CTRL+C et CTRL+V) pour le copier et coller sur le forum.
   
  Pour MBAM
  
• Branche tes supports externes sur le pc (Clé USB,Disque Dur,etc..)
  Sans les ouvrirs
  
• Exécute maintenant MalwareByte's Anti-Malware.Clique droit sur l'icône et "Exécuter en tant qu'administrateur"
  sélectionne "Exécuter un examen complet".
  
• Coche toutes les cases des lecteurs(C,D,E, etc..)
  
• Afin de lancer la recherche clique sur"Rechercher".
  
• Coche toutes les cases de tes lecteurs
  
• Une fois le scan terminé une fenêtre s'ouvre clique sur OK.
  
• Si des infections sont présentes
  clique sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau.
  
• poste le rapport dans ta prochaine réponse.

 

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression accepte en cliquant sur Ok.

 

A+

[rimas555]

Re bonjour,

 

Voilà le nouveau rapport d'OTL

 

 

All processes killed

========== OTL ==========

========== REGISTRY ==========

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\{4A3AF989-B165-4BC4-81A6-D7E2F96BBEDD} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A3AF989-B165-4BC4-81A6-D7E2F96BBEDD}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a402d70-1f10-4ae7-bec9-286a98240695}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0a402d70-1f10-4ae7-bec9-286a98240695}\ not found.

Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}\ scheduled to be deleted on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}\ not found.

Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}\ scheduled to be deleted on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}\ not found.

========== FILES ==========

File\Folder C:\Windows\SysWOW64\wpcer.exe not found.

File\Folder C:\Windows\SysWOW64\winfxdocobj.exe not found.

File\Folder C:\Windows\system32\TSWbPrxy.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Samir

->Temp folder emptied: 10511741 bytes

->Temporary Internet Files folder emptied: 50148 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 47535090 bytes

->Apple Safari cache emptied: 0 bytes

->Flash cache emptied: 643 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 242148 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 56,00 mb

 

 

OTL by OldTimer - Version 3.2.22.3 log created on 04282011_220809

 

Files\Folders moved on Reboot...

C:\Users\Samir\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}\ scheduled to be deleted on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}\ not found.

Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}\ scheduled to be deleted on reboot.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B43A0C1E-B63F-4691-B68F-CD807A45DA01}\ not found.

 

 

 

 

 

 

 

Touts ces lignes, ça veut dire que mon PC est encore infecté ? c'est grave ?

 

Je lance MBAM, mais j'en ai pour minimum 3h si j'en juge les dernières fois !