Problème de virus ?

Bonjour,

Cela ressemble à un comportement d'un adware à la mode ... (logiciel publicitaire)

Pour voir :

Télécharge OTL (de Old Timer) sur ton bureau.

Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
(Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

Coche en haut la case devant "Tous les utilisateurs"

Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.

netsvcs
msconfig
drivers32
activex
/md5start
explorer.exe
wininit.exe
winlogon.exe
userinit.exe
/md5stop
%SYSTEMDRIVE%\*.exe
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system64\*.dll /lockedfiles
%systemroot%\syswow64\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system64\drivers\*.sys /lockedfiles
%systemroot%\syswow64\drivers\*.sys /lockedfiles
SAVEMBR:0
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Clique sur le bouton Analyse en haut à gauche puis patiente quelques instants.

A la fin du scan, deux rapports s'ouvriront OTL.Txt et Extras.Txt.

Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu dans ta réponse.

Note : Les rapports sont aussi enregistrés sur le bureau

D'acc! voila OTL.txt : http://pjjoint.malekal.com/files.php?id=b6r8g6k5v1510p1...

Et extras.txt : http://pjjoint.malekal.com/files.php?id=i10y11m7e15t615...


Merci de m'aider  

Re,

gagné, questscan ...

Tu as installé volontairement ce programme publicitaire en ne lisant pas les conditions d'utilisations ou les sponsors installé avec d'autres programmes !
à lire :
http://www.malekal.com/2011/07/01/questscan-programmes-...


1) Désinstalle les programmes suivant (si présent) :

- Norton Security Scan (inutile tu as déjà McAfee)
- Google Toolbar for Internet Explorer (sauf utilité)
- Bing Bar (idem)
- Ask Toolbar (idem)
- Tom's Guide France Toolbar (idem)
- SweetIM for Messenger 3.3 (contient des fonctions publicitaire)
- SweetIM Toolbar for Internet Explorer 4.0 (barre d'outil publicitaire)
- Messenger_Plus_Live_France Toolbar (idem)
- Soft-Search Toolbar (idem)
- ClickPotato (adware, logiciel publicitaire)
- Conduit Engine (régie publicitaire)
- ShopperReports (idem)
- QuestDns 1.0 build 189 powered by FIRST SEARCHBAR (logiciel publicitaire, c'est lui qui cause les soucis)
- QuestScan 1.0 build 183 powered by FIRST SEARCH BAR (idem)


2) Relance OTL.exe

Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
(Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

Copie/colle ce qui suit dans le cadre Personnalisation en bas à gauche.

:OTL
MOD - C:\Program Files (x86)\QuestScan\questscan.dll ()
IE - HKLM\..\URLSearchHook: {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1658040032-3200327538-1448552230-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT244294...
IE - HKU\S-1-5-21-1658040032-3200327538-1448552230-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-1658040032-3200327538-1448552230-1000\..\URLSearchHook: {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1658040032-3200327538-1448552230-1000\..\URLSearchHook: {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1658040032-3200327538-1448552230-1000\..\URLSearchHook: {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1658040032-3200327538-1448552230-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\firefox\extensions [2010/07/30 01:11:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files (x86)\ShopperReports3\bin\3.1.71.0\firefox\firefoxtoolbar\extensions
[2011/07/02 03:03:16 | 000,000,000 | ---D | M] (QuestDns) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}
[2011/09/02 19:16:34 | 000,000,000 | ---D | M] (QuestScan) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}
O2 - BHO: (Soft-Search Toolbar) - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)
O2 - BHO: (Tom's Guide France Toolbar) - {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll (Conduit Ltd.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Soft-Search Toolbar) - {09e55ba0-f9c6-4b81-82df-46853f6f7b3f} - C:\Program Files (x86)\Soft-Search\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live France Toolbar) - {59994074-c06d-4a75-9768-49e5a8c21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Tom's Guide France Toolbar) - {a65e491f-a436-4952-b49a-b24ed99a0f67} - C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\S-1-5-21-1658040032-3200327538-1448552230-1000\..\Toolbar\WebBrowser: (Soft-Search Toolbar) - {09E55BA0-F9C6-4B81-82DF-46853F6F7B3F} - C:\Program Files (x86)\Soft-Search\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1658040032-3200327538-1448552230-1000\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1658040032-3200327538-1448552230-1000\..\Toolbar\WebBrowser: (Messenger Plus Live France Toolbar) - {59994074-C06D-4A75-9768-49E5A8C21264} - C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1658040032-3200327538-1448552230-1000\..\Toolbar\WebBrowser: (Tom's Guide France Toolbar) - {A65E491F-A436-4952-B49A-B24ED99A0F67} - C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1658040032-3200327538-1448552230-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O9 - Extra Button: ClickPotato - {B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} - C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\ClickPotatoLiteSABHO.dll (Pinball Corporation)
[2011/09/03 16:22:06 | 000,000,504 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Matthieu.job
[2010/07/30 01:11:29 | 000,000,000 | ---D | M] -- C:\Users\Matthieu\AppData\Roaming\ClickPotatoLite
[2011/07/21 00:12:31 | 000,000,000 | ---D | M] -- C:\Users\Matthieu\AppData\Roaming\ShopperReports3

:Files
C:\Program Files (x86)\QuestScan
C:\Program Files (x86)\Soft-Search

:Commands
[emptytemp]
[emptyflash]

Puis clique sur le bouton Correction en haut à gauche

Si le pc demande à redémarrer accepte.

Poste le rapport de suppression.

Note : le rapport est enregistré sous format ".log", il convient de changer cette extension en ".txt" si tu veux le déposer sur des sites en ligne.



3) Télécharge Ad-R (de la TeamXscript) sur ton Bureau.

/!\ Désactive tes protections résidentes : antivirus, antispyware ... Déconnecte-toi et ferme toutes les applications en cours (notamment ton navigateur)/!\

Installe le programme (avec les paramètres par défaut).

Le programme se lance automatiquement à la fin de l'installation, sinon, lance-le via le raccourci Ad-R situé sur ton Bureau.
(Utilisateur de Vista/Windows 7, clique-droit sur le raccourci de Ad-R -> Exécuter en tant qu'administrateur)

Valide l'avertissement, puis, dans la fenêtre principal, choisis l'option Nettoyer, et valide avec "Oui"

A la fin, appuie sur une touche, un rapport apparaitra (sinon, il est situé ici C:\Ad-report-CLEAN[X].txt). Poste-le dans ta prochaine réponse

/!\ N'oublie pas de réactiver tes protections résidentes /!\


Ps : Process est détecté par certains antivirus (Antivir, DrWeb, Kaspersky) comme étant un programme malveillant, ce n'est pas le cas. Si tu as une alerte concernant ce fichier, n'empêche pas process de s'exécuter.
http://www.beyondlogic.org/consulting/processutil/proce...

Voila j'ai fait tout ce qui était dit!

======= RAPPORT D'AD-REMOVER 2.0.0.2,G | UNIQUEMENT XP/VISTA/7 =======

Mis à jour par TeamXscript le 12/04/11
Contact: AdRemover[DOT]contact[AT]gmail[DOT]com
Site web: http://www.teamxscript.org

C:\Program Files (x86)\Ad-Remover\main.exe (CLEAN [1]) -> Lancé à 15:31:26 le 04/09/2011, Mode normal

Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X64)
Matthieu@MATTHIEU-VAIO (Sony Corporation VPCF11M1E)

============== ACTION(S) ==============


Dossier supprimé: C:\Users\Matthieu\AppData\LocalLow\AskToolbar
Dossier supprimé: C:\Users\Matthieu\AppData\LocalLow\Conduit
Dossier supprimé: C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65
Dossier supprimé: C:\Program Files (x86)\QuestDns
Fichier supprimé: C:\Users\Public\Desktop\Everest Poker.fr.lnk

(!) -- Fichiers temporaires supprimés.


Clé supprimée: HKLM\Software\Classes\Toolbar.CT2442941
Clé supprimée: HKLM\Software\Classes\Toolbar.CT2567681
Clé supprimée: HKCU\Software\Grand Virtual
Clé supprimée: HKCU\Software\AppDataLow\Software\Conduit
Clé supprimée: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}

Valeur supprimée: HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|SRS_IT_E8790673B176555132AB90


============== SCAN ADDITIONNEL ==============

**** Mozilla Firefox Version [6.0 (fr)] ****

Searchplugins\bing.xml ( hxxp://www.bing.com/search)
Components\browsercomps.dll (Mozilla Foundation)
HKLM_Extensions|{B7082FAA-CB62-4872-9106-E42DD88EDE45} - C:\Program Files (x86)\McAfee\SiteAdvisor

-- C:\Users\Matthieu\AppData\Roaming\Mozilla\FireFox\Profiles\q4h4e01p.default --
Prefs.js - browser.startup.homepage_override.buildID, 20110811165603
Prefs.js - browser.startup.homepage_override.mstone, rv:6.0

========================================

**** Internet Explorer Version [8.0.7601.17514] ****

HKCU_Main|Default_Page_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnh...
HKCU_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU_Main|Search bar - hxxp://go.microsoft.com/fwlink/?linkid=54896
HKCU_Main|Start Page - hxxp://fr.msn.com/
HKLM_Main|Default_Page_URL - hxxp://go.microsoft.com/fwlink/?LinkId=54896
HKLM_Main|Default_Search_URL - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Search bar - hxxp://search.msn.com/spbasic.htm
HKLM_Main|Search Page - hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM_Main|Start Page - hxxp://fr.msn.com/
HKCU_SearchScopes\{0F79D2A1-0E66-46E8-BFA0-BEF7F36FB20D} - "Zinio" (hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search)
HKCU_SearchScopes\{1436FA69-C8CE-4146-A0EB-F03370423DAF} - "Shopping.com" (hxxp://fr.shopping.com/?linkin_id=8056351)
HKCU_SearchScopes\{1D6E00F9-E533-4B63-B9E4-6D5702FD4C27} - "eBay" (hxxp://rover.ebay.com/rover/1/709-42536-16445-8/4?satitle={searchTerms})
HKLM_Toolbar|{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} (c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll)
HKLM_ElevationPolicy\903e1bdb-79c8-4b4d-b874-4768761cffce - C:\Program Files (x86)\Soft-Search\Soft-SearchToolbarHelper.exe (x)
HKLM_ElevationPolicy\ae84f44a-d74b-4b00-ac98-7553a5eb7375 - C:\Program Files (x86)\Messenger_Plus_Live_France\Messenger_Plus_Live_FranceToolbarHelper.exe (x)
HKLM_ElevationPolicy\{07d873dc-b9b9-44f5-af0b-fb59fa54fb7a} - C:\Windows\SysWOW64\wpcer.exe (x)
HKLM_ElevationPolicy\{0a402d70-1f10-4ae7-bec9-286a98240695} - C:\Windows\SysWOW64\winfxdocobj.exe (x)
HKLM_ElevationPolicy\{64DA00B7-88FE-49a8-8515-68A5C8C305DB} - C:\Program Files\Sony\VAIO Personalization Manager\VpmIfBroker.exe (Sony Corporation)
HKLM_ElevationPolicy\{70f641fd-9ffc-4d5b-a4dc-962af4ed7999} - C:\Program Files (x86)\Internet Explorer\iedw.exe (x)
HKLM_ElevationPolicy\{A39C536A-A41F-492f-B784-08D5A6DCF091} - C:\Program Files (x86)\Evernote\Evernote3.5\Evernote.exe (Evernote)
HKLM_ElevationPolicy\{B43A0C1E-B63F-4691-B68F-CD807A45DA01} - C:\Windows\system32\TSWbPrxy.exe (x)
HKLM_ElevationPolicy\{DAABE21E-DB8C-49b8-9511-9E6547ECBC5F} - c:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
HKLM_ElevationPolicy\{E6856B61-272B-4e4f-AADE-1D73054BCAD1} - C:\Program Files\Sony\VAIO Personalization Manager\VpmIfBroker.exe (Sony Corporation)
HKLM_ElevationPolicy\{ED4ABFF1-2CA0-4476-98EB-E9208D434752} - C:\Program Files\Sony\VAIO Personalization Manager\VpmIfBroker.exe (Sony Corporation)
HKLM_ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe (x)
HKLM_ElevationPolicy\{F3CD2902-C553-4d6a-B139-934BED1FAADF} - C:\Program Files\Sony\VAIO Personalization Manager\VpmIfBroker.exe (Sony Corporation)
HKLM_ElevationPolicy\{F7897EF1-FE28-4f1a-9615-E45744D29F15} - C:\Program Files\Sony\VAIO Personalization Manager\VpmIfBroker.exe (Sony Corporation)
HKLM_Extensions\{CCA281CA-C863-46ef-9331-5C8D4460577F} - "Send To Bluetooth" (C:\Program Files\WIDCOMM\Bluetooth Software\bt_cold_icon.ico)
HKLM_Extensions\{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - "Add to Evernote" (C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll,1001)
BHO\{0EEDB912-C5FA-486F-8334-57288578C627} - "Shareaza Web Download Hook" (C:\Program Files (x86)\Shareaza\RazaWebHook32.dll)
BHO\{27B4851A-3207-45A2-B947-BE8AFE6163AB} - "McAfee Phishing Filter" (c:\progra~2\mcafee\msk\mskapbho.dll)
BHO\{7DB2D5A0-7241-4E79-B68D-6309F01C5231} - "scriptproxy" (c:\PROGRA~2\mcafee\VIRUSS~1\scriptsn.dll)
BHO\{B164E929-A1B6-4A06-B104-2CD0E90A88FF} - "McAfee SiteAdvisor BHO" (c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll)

========================================

C:\Program Files (x86)\Ad-Remover\Quarantine: 6 Fichier(s)
C:\Program Files (x86)\Ad-Remover\Backup: 14 Fichier(s)

C:\Ad-Report-CLEAN[1].txt - 04/09/2011 15:31:49 (5836 Octet(s))

Fin à: 15:32:44, 04/09/2011

============== E.O.F ==============

Re,

Si c’est le cas, merci de me fournir aussi le rapport de suppression d'Otl  

S'il n'est pas sur ton bureau, tu le trouveras ici :

Ordinateur -> C: -> _OTL

Le fichier est sous la forme 09042011_00000.log

Ah oui j'ai oublié!

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}\ not found.
C:\Program Files (x86)\Soft-Search\tbSoft.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{59994074-c06d-4a75-9768-49e5a8c21264} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59994074-c06d-4a75-9768-49e5a8c21264}\ not found.
C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{a65e491f-a436-4952-b49a-b24ed99a0f67} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a65e491f-a436-4952-b49a-b24ed99a0f67}\ not found.
C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll moved successfully.
HKU\S-1-5-21-1658040032-3200327538-1448552230-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1658040032-3200327538-1448552230-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
File C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1658040032-3200327538-1448552230-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}\ not found.
File C:\Program Files (x86)\Soft-Search\tbSoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-1658040032-3200327538-1448552230-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{59994074-c06d-4a75-9768-49e5a8c21264} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59994074-c06d-4a75-9768-49e5a8c21264}\ not found.
File C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll not found.
Registry value HKEY_USERS\S-1-5-21-1658040032-3200327538-1448552230-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a65e491f-a436-4952-b49a-b24ed99a0f67} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a65e491f-a436-4952-b49a-b24ed99a0f67}\ not found.
File C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll not found.
Registry value HKEY_USERS\S-1-5-21-1658040032-3200327538-1448552230-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ClickPotatoLite@ClickPotatoLite.com: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\firefox\extensions not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ShopperReports@ShopperReports.com: C:\Program Files (x86)\ShopperReports3\bin\3.1.71.0\firefox\firefoxtoolbar\extensions not found.
C:\Program Files (x86)\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\defaults\preferences folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\defaults folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97}\chrome folder moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{C91E1C68-B60A-4C9F-B53B-AAAEF0E7EF97} folder moved successfully.
Folder C:\Program Files (x86)\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}\ not found.
File C:\Program Files (x86)\Soft-Search\tbSoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59994074-c06d-4a75-9768-49e5a8c21264}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59994074-c06d-4a75-9768-49e5a8c21264}\ not found.
File C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a65e491f-a436-4952-b49a-b24ed99a0f67}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a65e491f-a436-4952-b49a-b24ed99a0f67}\ not found.
File C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09e55ba0-f9c6-4b81-82df-46853f6f7b3f}\ not found.
File Search\tbSoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{59994074-c06d-4a75-9768-49e5a8c21264} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59994074-c06d-4a75-9768-49e5a8c21264}\ not found.
File C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{a65e491f-a436-4952-b49a-b24ed99a0f67} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a65e491f-a436-4952-b49a-b24ed99a0f67}\ not found.
File C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ deleted successfully.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-1658040032-3200327538-1448552230-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{09E55BA0-F9C6-4B81-82DF-46853F6F7B3F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09E55BA0-F9C6-4B81-82DF-46853F6F7B3F}\ not found.
File Search\tbSoft.dll not found.
Registry value HKEY_USERS\S-1-5-21-1658040032-3200327538-1448552230-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_USERS\S-1-5-21-1658040032-3200327538-1448552230-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{59994074-C06D-4A75-9768-49E5A8C21264} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{59994074-C06D-4A75-9768-49E5A8C21264}\ not found.
File C:\Program Files (x86)\Messenger_Plus_Live_France\tbMess.dll not found.
Registry value HKEY_USERS\S-1-5-21-1658040032-3200327538-1448552230-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A65E491F-A436-4952-B49A-B24ED99A0F67} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A65E491F-A436-4952-B49A-B24ED99A0F67}\ not found.
File C:\Program Files (x86)\Tom's_Guide_France\tbTom'.dll not found.
Registry value HKEY_USERS\S-1-5-21-1658040032-3200327538-1448552230-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM not found.
File C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE}\ not found.
File C:\Program Files (x86)\ClickPotatoLite\bin\10.0.519.0\ClickPotatoLiteSABHO.dll not found.
File C:\Windows\tasks\Norton Security Scan for Matthieu.job not found.
Folder C:\Users\Matthieu\AppData\Roaming\ClickPotatoLite\ not found.
Folder C:\Users\Matthieu\AppData\Roaming\ShopperReports3\ not found.
========== FILES ==========
C:\Program Files (x86)\QuestScan\QuestScan_deleted_ folder moved successfully.
C:\Program Files (x86)\QuestScan folder moved successfully.
C:\Program Files (x86)\Soft-Search folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Matthieu
->Temp folder emptied: 544762127 bytes
->Temporary Internet Files folder emptied: 620248613 bytes
->Java cache emptied: 16508985 bytes
->FireFox cache emptied: 6415069 bytes
->Flash cache emptied: 3211516 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 84642124 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 74811 bytes
RecycleBin emptied: 340554394 bytes

Total Files Cleaned = 1 542,00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Matthieu
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.27.0 log created on 09042011_152012

Files\Folders moved on Reboot...
File move failed. C:\Users\Matthieu\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
File\Folder C:\Users\Matthieu\AppData\Local\Temp\~DF058FF04F91E360E4.TMP not found!
File\Folder C:\Users\Matthieu\AppData\Local\Temp\~DF21444E40D8A6D518.TMP not found!
File\Folder C:\Users\Matthieu\AppData\Local\Temp\~DF6F55FC6B736211DA.TMP not found!
File\Folder C:\Users\Matthieu\AppData\Local\Temp\~DF7DF2B6478C82C224.TMP not found!
File\Folder C:\Users\Matthieu\AppData\Local\Temp\~DF8D3F8A16D85054C1.TMP not found!
File\Folder C:\Users\Matthieu\AppData\Local\Temp\~DFA53C2DB998C20C5F.TMP not found!
File\Folder C:\Users\Matthieu\AppData\Local\Temp\~DFB7FBC93B732B9643.TMP not found!
File\Folder C:\Users\Matthieu\AppData\Local\Temp\~DFC55624EAA43FA8BC.TMP not found!
File\Folder C:\Users\Matthieu\AppData\Local\Temp\~DFC7A1C96B835BFB34.TMP not found!
File\Folder C:\Users\Matthieu\AppData\Local\Temp\~DFF6A93660D6E4E369.TMP not found!
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RNO30YUL\adsCAGRAYE3.htm moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RNO30YUL\like[7].htm moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RNO30YUL\securite-and-virus[1].txt moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\RNO30YUL\virus-securite-7[2].txt moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MBPH1PI0\afr[1].htm moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MBPH1PI0\ai[6].htm moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MBPH1PI0\ai[7].htm moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MBPH1PI0\component[1].html moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MBPH1PI0\facebook_com[3].htm moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MBPH1PI0\grooveshark_com[2].htm moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MBPH1PI0\login[1].htm moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\MBPH1PI0\sh52[1].html moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I6DNX2B3\aff_frame[2].htm moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I6DNX2B3\afr[5].htm moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I6DNX2B3\generic[2].htm moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\I6DNX2B3\likebox[2].htm moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\00DIX24H\11[3].htm moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\00DIX24H\300212-11-probleme-virus[1].txt moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\00DIX24H\ads[11].htm moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\00DIX24H\iframe[1].htm moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\00DIX24H\like[5].htm moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\00DIX24H\sidebar[8].htm moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\00DIX24H\sidebar[9].htm moved successfully.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\00DIX24H\xd_proxy[1].htm moved successfully.
File move failed. C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat scheduled to be moved on reboot.
C:\Users\Matthieu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File\Folder C:\Windows\temp\mcafee_9MCXifJnuBAHeMG not found!
File\Folder C:\Windows\temp\mcafee_LfZ18kAbv7WcRdu not found!
File\Folder C:\Windows\temp\mcmsc_hpvUpYLINeuAgwu not found!
File\Folder C:\Windows\temp\mcmsc_x9v00bEefFUdaJc not found!
File\Folder C:\Windows\temp\sqlite_5p9p4CO9TAGKNMw not found!
File\Folder C:\Windows\temp\sqlite_jonj4bodyoYljDP not found!
File\Folder C:\Windows\temp\sqlite_nEyuwCDuMXJlPVw not found!
File\Folder C:\Windows\temp\sqlite_xGtkcpqXMYDYiZN not found!

Registry entries deleted on Reboot...

Re,

Bien.

Comment se comporte le PC à présent ?
Y'a-t-il encore des problèmes ?

Tout remarche comme avant! Merci beaucoup!!  
Et au niveau des antivirus, vous me conseillez lequel? Faut il que je garde McAFree? est-il payant après la version d'essai que j'ai eu directement avec le PC?  

Re,

Ok on nettoie les outils alors.


1) Relance OTL.exe
(Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")

Clique sur "Purge d'outils"

Valide l'avertissement par "ok" et laisse le pc redémarrer.


2) Désinstalle AD-R

Relance-le via le raccourci Ad-R situé sur ton Bureau.
(Utilisateur de Vista/Windows 7, clique-droit sur le raccourci de Ad-R -> Exécuter en tant qu'administrateur)

Valide l'avertissement, puis, dans la fenêtre principal, choisis l'option Désinstaller, et valide avec "Oui"


3) Purge de la restauration système :

Elle contient des restes de l'infection, suis ce tuto pour la purger :

Vista/7 :
http://www.inforumatique.fr/forum/post82670.html#p82670


b]4) Mise à jour des logiciels :


Met à jour les programmes suivants :

- Adobe reader vers X (10.x) (vérifie que les anciennes versions sont supprimée)



Pour aller plus loin dans ta protection et éviter de te faire réinfecter voici quelques conseils supplémentaires :

Attention lors de l'installation de logiciel :
Veiller à toujours lire les conditions d'utilisation (CLUF), afin de déceler la gestion des données personnelles, l'installation de sponsors publicitaires ou tout autre atteintes à la vie privée. Refuser les toolbars et autres addons proposés.

Utiliser un navigateur alternatif pour surfer de manière plus sécurisée :
Firefox offre une meilleure sécurité par rapport à Internet Explorer, surtout si on le complète de quelques plugins très intéressant : Noscript et WOT par exemple.

Maintenir ses logiciels et son système à jour :
De nombreuses infections sont dû à des failles de windows, mais aussi de logiciel tiers, comme Sun Java, Adobe Acrobat Reader, etc
Tu peux faire un scan de vulnérabilité pour connaitre tes logiciels présentant des failles non corrigées ou à mettre à jour.

Enfin, le plus important reste ton comportement sur ton PC, tu restes la plus importante protection : Évites les comportement à risque : P2P, cracks, téléchargements et installations douteux via des pubs, les messageries instantanées, ou des sites inconnu, sites pornographiques.
A lire !



Concernant les antivirus :

- Mcafee n'est pas celui que je conseillerais en payant, mais bon ... Donc une fois l'essai terminé à dégager.

En payant :
- Kasperky, Eset Nod32, Antivir premium ...

En gratuit :
- Avast!, Microsoft security essentials, Antivir personal

[/b]