Comment supprimer System Security [Résolu]

salut en mode sans echec :

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge List&Kill'em et enregistre le sur ton bureau</gras>

Il ne necessite pas d'installation

▶ double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶laisse travailler l'outil

le rapport va s'afficher , une fois le scan fini

▶ colle le contenu dans ta prochaine réponse

Le bloc note ne s'ouvre pas en mode normal, voici le lien du rapport :

http://www.cijoint.fr/cjlink.php?file=cj200908/cij1g6CrS0.txt

j'avais dit en mode sans echec de le passer

donc en mode sans echec :

Ferme toutes tes fenetres(y compris internet et windows live messenger) , puis :

▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil

apres les verifications , un rapport va s'ouvrir.

▶ ferme-le.

un deuxieme rapport va s'ouvrir ,

▶ colle son contenu dans ta reponse

Je l'ai passé en mode sans échec, donc sans le net, j'ai redemarré en mode normal pour poster le rapport. ;)
Je fais la destruction (en mode sans échec bien sur)

ok ^^

Kill'em by g3n-h@ckm@n 1.0.2.6

updated on 19.08.2009 ::::: 13.00


Microsoft Windows XP [version 5.1.2600]


16/08/2009 16:43:12,92

Fichiers analysés :
=================


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
"C:\Program Files\PlayMP3z"
C:\Documents and Settings\Manu\LOCAL Settings\Temp\aax52E6.tmp.exe
C:\Documents and Settings\Manu\LOCAL Settings\Temp\B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe
C:\Documents and Settings\Manu\LOCAL Settings\Temp\FP_PL_MSI_INSTALLER.exe
C:\Documents and Settings\Manu\LOCAL Settings\Temp\IE8-Setup-Full-MSN-XP.exe
C:\Documents and Settings\Manu\LOCAL Settings\Temp\jre-6u13-windows-i586-p-iftw.exe
C:\Documents and Settings\Manu\LOCAL Settings\Temp\preconfig.exe
C:\Documents and Settings\Manu\LOCAL Settings\Temp\_isAC3.exe
C:\Documents and Settings\Manu\LOCAL Settings\Temp\tmp84.tmp


¤¤¤¤¤¤¤¤¤¤ Action sur les fichiers :

Quarantaine :

aax52E6.tmp.exe.Kill'em
B33C11F5-3A11-4f1e-85E4-C3CABE52C369.exe.Kill'em
FP_PL_MSI_INSTALLER.exe.Kill'em
IE8-Setup-Full-MSN-XP.exe.Kill'em
jre-6u13-windows-i586-p-iftw.exe.Kill'em
PlayMP3z.Kill'em
preconfig.exe.Kill'em
qmgr0.dat.Kill'em
qmgr1.dat.Kill'em
tmp84.tmp.Kill'em
_isAC3.exe.Kill'em

¤¤¤¤¤¤¤¤¤¤ Verification :


List'em by g3n-h@ckm@n 1.0.2.6

updated on 19.08.2009 ::::: 13.00


Microsoft Windows XP [version 5.1.2600]


16/08/2009 16:44:11,51

Infections :
========


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :


¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :


¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

Layout.ini
NTOSBOOT-B00DFAAD.pf




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Télécharge OTL de OLDTimer

▶ enregistre le sur ton Bureau.

▶ Double clic sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur all

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

Tu feras la meme chose avec le "Extra.txt".

J'ai été obligé de le faire en mode sans échec car le programme s'ouvre et referme en mode normal.
(Je me suis rendu compte que pour les utilistations précédentes de ce programme, je ne mettais pas sur all toutes les colonnes, du coup j'ai recommencé...).
Voici les rapports du 2e passage donc :

OTL.txt :
http://www.cijoint.fr/cjlink.php?file=cj200908/cijJ8R8him.txt

Extras.txt :
http://www.cijoint.fr/cjlink.php?file=cj200908/cijXCUpXou.txt

regarde si tu as ceci et desinstalle-le

PlayMP3

▶ Double clic sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
O2 - BHO: (MoreRelevantAdvertisingProgram) - {4E8D6551-F9A4-6D01-4D4B-BFD7673C0E3E} - C:\Program Files\MoreRelevantAdvertisingProgram\MoreRelevantAdvertisingProgram.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [19578124] C:\Documents and Settings\All Users\Application Data\19578124\19578124.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\.DEFAULT..\Run: [] File not found
O4 - HKU\S-1-5-18..\Run: [] File not found
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/... (Reg Error: Key error.)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\msdaipp - No CLSID value found

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Alcmtr"=-
"Bar"=-
"HP Software Update"=-
"SoundMan"=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"=-



:files
C:\8b50b0f14ab6a7cb9bdaeada
C:\ac4c665c10a6f6b908bedd955d
C:\bb317c7b28d4ac6431e20436
C:\fc7dba4483e003709d7c498a26
C:\e05d7c959691f322d1
C:\9cc2a50fc0f0134d06ef3a6d4d
C:\cacb4790caeb94c9ebe377
C:\38189a69ceb5827155
C:\18242d04f747acd69e
C:\529f070a9a381525abf00b
C:\Documents and Settings\All Users\Application Data\19578124

:commands
[emptytemp]
[reboot]


▶ Clique sur RunFix pour lancer la suppression.


▶ Poste le rapport.

All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E8D6551-F9A4-6D01-4D4B-BFD7673C0E3E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4E8D6551-F9A4-6D01-4D4B-BFD7673C0E3E}\ deleted successfully.
C:\Program Files\MoreRelevantAdvertisingProgram\MoreRelevantAdvertisingProgram.dll unregistered successfully.
C:\Program Files\MoreRelevantAdvertisingProgram\MoreRelevantAdvertisingProgram.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\19578124 deleted successfully.
C:\Documents and Settings\All Users\Application Data\19578124\19578124.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Starting removal of ActiveX control {31435657-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wvc1dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{31435657-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31435657-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ipp\ deleted successfully.
File Protocol\Handler\ipp - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msdaipp\ deleted successfully.
File Protocol\Handler\msdaipp - No CLSID value found not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Bar deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SoundMan deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
========== FILES ==========
C:\8b50b0f14ab6a7cb9bdaeada\3082 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\3076 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\2070 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\2052 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1055 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1053 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1049 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1046 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1045 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1044 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1043 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1042 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1041 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1040 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1038 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1037 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1036 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1035 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1033 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1032 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1031 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1030 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1029 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1028 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada\1025 moved successfully.
C:\8b50b0f14ab6a7cb9bdaeada moved successfully.
File\Folder C:\ac4c665c10a6f6b908bedd955d not found.
C:\bb317c7b28d4ac6431e20436\tools moved successfully.
Folder move failed. C:\bb317c7b28d4ac6431e20436\dotnetfx35\x86 scheduled to be moved on reboot.
Folder move failed. C:\bb317c7b28d4ac6431e20436\dotnetfx35 scheduled to be moved on reboot.
Folder move failed. C:\bb317c7b28d4ac6431e20436\dotnetfx30\x86 scheduled to be moved on reboot.
Folder move failed. C:\bb317c7b28d4ac6431e20436\dotnetfx30 scheduled to be moved on reboot.
C:\bb317c7b28d4ac6431e20436\dotnetfx20 moved successfully.
C:\bb317c7b28d4ac6431e20436 moved successfully.
File\Folder C:\fc7dba4483e003709d7c498a26 not found.
C:\e05d7c959691f322d1\tools moved successfully.
Folder move failed. C:\e05d7c959691f322d1\dotnetfx35\x86 scheduled to be moved on reboot.
Folder move failed. C:\e05d7c959691f322d1\dotnetfx35 scheduled to be moved on reboot.
Folder move failed. C:\e05d7c959691f322d1\dotnetfx30\x86 scheduled to be moved on reboot.
Folder move failed. C:\e05d7c959691f322d1\dotnetfx30 scheduled to be moved on reboot.
C:\e05d7c959691f322d1\dotnetfx20 moved successfully.
C:\e05d7c959691f322d1 moved successfully.
File\Folder C:\9cc2a50fc0f0134d06ef3a6d4d not found.
C:\cacb4790caeb94c9ebe377\tools moved successfully.
Folder move failed. C:\cacb4790caeb94c9ebe377\dotnetfx35\x86 scheduled to be moved on reboot.
Folder move failed. C:\cacb4790caeb94c9ebe377\dotnetfx35 scheduled to be moved on reboot.
Folder move failed. C:\cacb4790caeb94c9ebe377\dotnetfx30\x86 scheduled to be moved on reboot.
Folder move failed. C:\cacb4790caeb94c9ebe377\dotnetfx30 scheduled to be moved on reboot.
C:\cacb4790caeb94c9ebe377\dotnetfx20 moved successfully.
C:\cacb4790caeb94c9ebe377 moved successfully.
C:\38189a69ceb5827155\i386 moved successfully.
C:\38189a69ceb5827155\amd64 moved successfully.
C:\38189a69ceb5827155 moved successfully.
File\Folder C:\18242d04f747acd69e not found.
C:\529f070a9a381525abf00b\tools moved successfully.
Folder move failed. C:\529f070a9a381525abf00b\dotnetfx35\x86 scheduled to be moved on reboot.
Folder move failed. C:\529f070a9a381525abf00b\dotnetfx35 scheduled to be moved on reboot.
Folder move failed. C:\529f070a9a381525abf00b\dotnetfx30\x86 scheduled to be moved on reboot.
Folder move failed. C:\529f070a9a381525abf00b\dotnetfx30 scheduled to be moved on reboot.
C:\529f070a9a381525abf00b\dotnetfx20 moved successfully.
C:\529f070a9a381525abf00b moved successfully.
C:\Documents and Settings\All Users\Application Data\19578124 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Clemence
->Temp folder emptied: 5859327 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes

User: Manu
File delete failed. C:\Documents and Settings\Manu\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\WD8IJ3TX\addyn%7C3[1].0%7C516%7C2043568%7C0%7C351%7CADTECH;cfp=1;rndc=124715629;loc=100;target=_blank;sub1=[subst];key=key1+key2+key3+key4;grp=[group];misc=1247156295000 scheduled to be deleted on reboot.
->Temp folder emptied: 246281560 bytes
->Temporary Internet Files folder emptied: 221015757 bytes
->Java cache emptied: 1284579 bytes
->FireFox cache emptied: 2644157 bytes
->Google Chrome cache emptied: 6964755 bytes

User: NetworkService
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1225817 bytes
%systemroot%\System32 .tmp files removed: 3072 bytes
Windows Temp folder emptied: 22323590 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 484,09 mb


OTL by OldTimer - Version 3.0.10.7 log created on 08162009_181234

Files\Folders moved on Reboot...
File\Folder C:\bb317c7b28d4ac6431e20436\dotnetfx35\x86 not found!
File\Folder C:\bb317c7b28d4ac6431e20436\dotnetfx35 not found!
File\Folder C:\bb317c7b28d4ac6431e20436\dotnetfx30\x86 not found!
File\Folder C:\bb317c7b28d4ac6431e20436\dotnetfx30 not found!
File\Folder C:\e05d7c959691f322d1\dotnetfx35\x86 not found!
File\Folder C:\e05d7c959691f322d1\dotnetfx35 not found!
File\Folder C:\e05d7c959691f322d1\dotnetfx30\x86 not found!
File\Folder C:\e05d7c959691f322d1\dotnetfx30 not found!
File\Folder C:\cacb4790caeb94c9ebe377\dotnetfx35\x86 not found!
File\Folder C:\cacb4790caeb94c9ebe377\dotnetfx35 not found!
File\Folder C:\cacb4790caeb94c9ebe377\dotnetfx30\x86 not found!
File\Folder C:\cacb4790caeb94c9ebe377\dotnetfx30 not found!
File\Folder C:\529f070a9a381525abf00b\dotnetfx35\x86 not found!
File\Folder C:\529f070a9a381525abf00b\dotnetfx35 not found!
File\Folder C:\529f070a9a381525abf00b\dotnetfx30\x86 not found!
File\Folder C:\529f070a9a381525abf00b\dotnetfx30 not found!
File\Folder C:\Documents and Settings\Manu\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\WD8IJ3TX\addyn%7C3[1].0%7C516%7C2043568%7C0%7C351%7CADTECH;cfp=1;rndc=124715629;loc=100;target=_blank;sub1=[subst];key=key1+key2+key3+key4;grp=[group];misc=1247156295000 not found!

Registry entries deleted on Reboot...

Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.



▶ Télécharge :

Malwarebytes

ou :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2651
Windows 5.1.2600 Service Pack 3

17/08/2009 00:26:08
mbam-log-2009-08-17 (00-26-08).txt

Type de recherche: Examen complet (C:\|I:\|)
Eléments examinés: 163031
Temps écoulé: 1 hour(s), 0 minute(s), 28 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 6
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{4e8d6551-f9a4-6d01-4d4b-bfd7673c0e3e} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MoreRelevantAdvertisingProgram (Adware.MoreRelevantAdvertising) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Rogue.PlayMp3) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MoreRelevantAdvertisingProgram (Adware.MoreRelevantAdvertising) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\MoreRelevantAdvertisingProgram (Adware.MoreRelevantAdvertising) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Kill'em\PlayMP3z.Kill'em\PlayMP3.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08162009_181234\Documents and Settings\All Users\Application Data\19578124\19578124.exe (Rogue.SystemSecurity) -> Quarantined and deleted successfully.
C:\_OTL\MovedFiles\08162009_181234\Program Files\MoreRelevantAdvertisingProgram\MoreRelevantAdvertisingProgram.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\MoreRelevantAdvertisingProgram\uninstall.exe (Adware.MoreRelevantAdvertising) -> Quarantined and deleted successfully.

salut

bien refais ceci :

http://www.commentcamarche.net/...

OTL.txt :
http://www.cijoint.fr/cjlink.php?file=cj200908/cij0phHN26.txt

Extras.txt :
http://www.cijoint.fr/cjlink.php?file=cj200908/cij7eEkAUl.txt

non mais je voulais un autre scan pas les rapports d'avant hier lol^^

Je viens de me rendre compte que la date n'était pas la bonne, mais ce sont bien les derniers scans !
Je change la date du PC

▶ Double clic sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:services
abp480n5

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1


:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"

:commands
[emptytemp]
[reboot]


▶ Clique sur RunFix pour lancer la suppression.


▶ Poste le rapport.

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== SERVICES/DRIVERS ==========

Service\Driver abp480n5 deleted successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\"1900:UDP"|"1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\"2869:TCP"|"2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008" /E : value set successfully!
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Clemence
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes

User: Manu
->Temp folder emptied: 4244766 bytes
->Temporary Internet Files folder emptied: 6096207 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28642252 bytes
->Google Chrome cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 42166 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 37,22 mb


OTL by OldTimer - Version 3.0.10.7 log created on 08192009_145913

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

▶ Télécharge Superantispyware (SAS)

▶ Choisis "enregistrer" et enregistre-le sur ton bureau.

▶ Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

▶ Créé une icône sur le bureau.

▶ Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

▶- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
▶- Sous Configuration and Preferences, clique sur le bouton "Preferences"
▶- Clique sur l'onglet "Scanning Control "
▶- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

▶Close browsers before scanning
▶Scan for tracking cookies
▶Terminate memory threats before quarantining

▶ Laisse les autres lignes décochées.

▶ Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

▶ Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

▶ Dans la colonne de gauche, coche C:\Fixed Drive.

▶ Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"

▶ Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

▶ A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

▶ Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

▶ Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

Pour recopier les informations sur le forum, fais ceci :

▶ - après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
▶ - Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
▶- Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.

▶ - Le rapport va s'ouvrir dans ton éditeur de texte par défaut.

▶ - Copie son contenu dans ta réponse.


Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.

Pour info, si tu utilises ton conseil précédent à d'autres endroits :

http://www.superantispyware.com/superantispywarefreevspro.ht%C2%ADml

Il y a un tiret dans ht-ml dans ton raccourci.

Et sinon j'ai pu mettre l'interface de SuperAntiSpyware en français.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/20/2009 at 10:33 AM

Application Version : 4.27.1002

Core Rules Database Version : 4064
Trace Rules Database Version: 2004

Scan type : Complete Scan
Total Scan Time : 01:21:59

Memory items scanned : 765
Memory threats detected : 0
Registry items scanned : 5630
Registry threats detected : 0
File items scanned : 59766
File threats detected : 14

Trojan.Agent/Gen-ImageDocFake
I:\AUTRE UTILISATEUR\1331104084[1].JPG
I:\AUTRE UTILISATEUR\1437307[1].JPG
I:\AUTRE UTILISATEUR\E5D01B0DDE[1].JPG
I:\AUTRE UTILISATEUR\FEMME4[1].GIF
I:\AUTRE UTILISATEUR\IC_MODELS[1].GIF
I:\BRAD-PITT-2721025APMSW_1409[1].JPG
I:\FOOTER.CENTRALE[1].GIF
I:\MES FICHIERS REçUS\ARTON2302-319X180[1].JPG
I:\MES FICHIERS REçUS\ARTON2394-70X70[1].JPG
I:\MES FICHIERS REçUS\ARTON264-60X40[1].JPG
I:\MES FICHIERS REçUS\FLE_PRE_LV[1].PNG
I:\MES FICHIERS REçUS\SA8-EXELGREEN-2647657_1395[1].GIF
I:\MES FICHIERS REçUS\SA8-HOPPE-2650041_1395[1].GIF
I:\MES FICHIERS REçUS\SA8-PHILLIPS-2647670_1395[1].GIF