Besoin d'aide : désinfection tv wizard [résolu]

[PILEFAZ]

Bonjour, )
il y a quelques semaines j'ai installé, par erreur, TV wizard sur mon pc, et je ne parviens pas à le nettoyer correctement.
J'ai scanné mon pc avec c cleaner, OTL, adaware, adware cleaner, et Rogue killer.
tv wizard a été indiqué comme supprimé, mais lorsque j'ouvre à nouveau Firefox, il réapparaît.
(une nouvelle fenêtre s'ouvre avec une pseudo enquête)
Après avoir lu différents posts, j'ai scanné mon pc avec Malwarebytes.

Visiblement, Tv wizard n'est pas le seul souci, mais je ne sais pas ce que je peux supprimer.
Ainsi , je vous joins le rapport malwarebytes...
Je peux, si besoin, vous fournir les autres rapports

Je vous remercie par avance pour votre aide
-----------------------------------------------------------------------
Malwarebytes Anti-Malware
http://www.malwarebytes.org

Scan Date: 02/01/2015
Scan Time: 14:31:25
Logfile: malewarebytes20150102.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.02.04
Rootkit Database: v2014.12.30.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Joseph

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353364
Time Elapsed: 52 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.TVWizard.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\JBpcHBogo, , [edaf5c964247b77f74e7b6f2748d8a76],
PUP.Optional.SavingsWizard.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{39B931CF-F1E2-4D04-8129-9EE8159A91C5}, , [1b812cc6503981b517dcf9ea729037c9],
PUP.Optional.SavingsWizard.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{39B931CF-F1E2-4D04-8129-9EE8159A91C5}, , [1b812cc6503981b517dcf9ea729037c9],
PUP.Optional.Fortunitas.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{c6f3fc7b-d607-44ec-9caf-2a41d547137f}, , [e5b7747eafda9c9a0887796a738fa957],
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\NCH_EN, , [07958072bacfe94d0f42c5b7669d639d],
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{125B7A09-B405-46FB-95FB-96CF6B72992D}, , [bede30c2cdbc00365b3c62e6cf34e11f],
PUP.Optional.Conduit.A, HKU\S-1-5-21-627727854-1428138464-3552972702-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{125B7A09-B405-46FB-95FB-96CF6B72992D}, , [bede30c2cdbc00365b3c62e6cf34e11f],
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{125B7A09-B405-46FB-95FB-96CF6B72992D}, , [bede30c2cdbc00365b3c62e6cf34e11f],
PUP.Optional.Conduit.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\NCH_EN Toolbar, , [bede30c2cdbc00365b3c62e6cf34e11f],

Registry Values: 2
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_fr_101, , [f1ab2bc7a2e751e5f4cb5939d330ef11],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-627727854-1428138464-3552972702-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, http://cdn1.browsersecurity.net/safe/cl ... &tid=18195, , [37652cc64d3c88ae8f5c841d7f84738d]

Registry Data: 0
(No malicious items detected)

Folders: 6
PUP.Optional.Conduit.A, C:\Users\Joseph\AppData\LocalLow\NCH_EN, , [d1cbc72b246576c041551b2dab58817f],
PUP.Optional.Conduit.A, C:\Users\Joseph\AppData\LocalLow\NCH_EN\Logs, , [d1cbc72b246576c041551b2dab58817f],
PUP.Optional.Conduit.A, C:\Program Files (x86)\NCH_EN, , [bede30c2cdbc00365b3c62e6cf34e11f],
PUP.Optional.MaintainerSvc.A, C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009, , [0d8f678bbccd8fa70757f465669d8d73],
PUP.Optional.FastPlayer.A, C:\Users\Joseph\AppData\Local\com\FastPlayer.exe_Url_ypw5ldaz5xtubzl3ykl5vaw3nmhswq1q, , [a3f947ab2168a690079aa0c07d869a66],
PUP.Optional.FastPlayer.A, C:\Users\Joseph\AppData\Local\com\FastPlayer.exe_Url_ypw5ldaz5xtubzl3ykl5vaw3nmhswq1q\1.0.0.3, , [a3f947ab2168a690079aa0c07d869a66],

Files: 35
PUP.Optional.TVWizard.A, C:\ProgramData\aCODyxbZmPN\JBpcHBogo.exe, , [edaf5c964247b77f74e7b6f2748d8a76],
PUP.Optional.TVWizard.A, C:\ProgramData\aCODyxbZmPN\dat\DbVgdt.dll, , [2c70f8fa355446f05423333f18edc33d],
PUP.Optional.TVWizard.A, C:\ProgramData\aCODyxbZmPN\dat\JxvQCZbqCQ.exe, , [7626fff3e5a4f0462b304b5d43be2ed2],
PUP.Optional.TVWizard.A, C:\ProgramData\aCODyxbZmPN\dat\uiGasmcb.exe, , [485482701079999d5a01b0f833ce38c8],
PUP.Optional.SwiftBrowse, C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.bak, , [0993d220b8d10f27bda22ec8eb168a76],
PUP.Optional.SmartSec, C:\Users\Joseph\Downloads\Player(1).exe, , [0d8fbf33fc8def47c7cc94628081f40c],
PUP.Optional.DomaIQ, C:\Users\Joseph\Downloads\Player.exe, , [3c60e9091673f93d2f5b0d4c59a72bd5],
PUP.Optional.InstallCore, C:\Users\Joseph\Downloads\ImageResizerSetup(1).exe, , [108c17db9ced9d99654eb3c0838253ad],
PUP.Optional.InstallCore, C:\Users\Joseph\Downloads\ImageResizerSetup(2).exe, , [732918da4c3d171fa40f8ee5fb0a7d83],
PUP.Optional.InstallCore, C:\Users\Joseph\Downloads\ImageResizerSetup.exe, , [f3a9e0125c2d2d09397a41328382b44c],
PUP.Optional.OpenCandy, C:\Users\Joseph\Downloads\daemon_tools_lite_daemon_tools_lite_4_47_1_fr_10729(1).exe, , [504cc32fcdbc1f17b450b4f8e223c838],
PUP.Optional.OpenCandy, C:\Users\Joseph\Downloads\daemon_tools_lite_daemon_tools_lite_4_47_1_fr_10729(2).exe, , [ddbfc62ca5e4979fce36d4d803026898],
PUP.Optional.OpenCandy, C:\Users\Joseph\Downloads\daemon_tools_lite_daemon_tools_lite_4_47_1_fr_10729(3).exe, , [7923c82a9deca294ad57dad28580a35d],
PUP.Optional.OpenCandy, C:\Users\Joseph\Downloads\daemon_tools_lite_daemon_tools_lite_4_47_1_fr_10729.exe, , [c4d8e70b3d4c340261a3baf2bb4aaf51],
PUP.Optional.Surf, C:\Users\Joseph\Downloads\utorrent.exe, , [376546ac8405a195734854d4cd3407f9],
PUP.Optional.Surf, C:\Users\Joseph\Downloads\bittorrent.exe, , [623aee04f594a591f8c39d8b9a67748c],
PUP.Optional.Installcore, C:\Users\Joseph\Downloads\ccsetup411.exe, , [fca05d95fc8dfb3bab0e9da1f90c936d],
PUP.Optional.InstallCore, C:\Users\Joseph\Downloads\DownloadManagerSetup.exe, , [b3e98e64c7c2a98d595a8fe419ec9e62],
PUP.Optional.OpenCandy, C:\Users\Joseph\Downloads\DTLite4461-0327.exe, , [a9f3f4feaadf3303dc28bcf0867fc53b],
PUP.Optional.BundleInstaller.A, C:\Users\Joseph\Downloads\Setup(2).exe, , [b0ec60927514fb3b44c775f0ea1740c0],
PUP.Optional.SmartBar, C:\Windows\Installer\MSIA554.tmp-\Smartbar.Installer.CustomActions.dll, , [7e1e777b17720d29047b1a1424dc7e82],
PUP.Optional.Conduit.A, C:\Users\Joseph\AppData\LocalLow\NCH_EN\ldrtbNCH_.dll, , [d1cbc72b246576c041551b2dab58817f],
PUP.Optional.Conduit.A, C:\Users\Joseph\AppData\LocalLow\NCH_EN\tbNCH_.dll, , [d1cbc72b246576c041551b2dab58817f],
PUP.Optional.Conduit.A, C:\Users\Joseph\AppData\LocalLow\NCH_EN\toolbar.cfg, , [d1cbc72b246576c041551b2dab58817f],
PUP.Optional.Conduit.A, C:\Program Files (x86)\NCH_EN\GottenAppsContextMenu.xml, , [bede30c2cdbc00365b3c62e6cf34e11f],
PUP.Optional.Conduit.A, C:\Program Files (x86)\NCH_EN\ldrtbNCH_.dll, , [bede30c2cdbc00365b3c62e6cf34e11f],
PUP.Optional.Conduit.A, C:\Program Files (x86)\NCH_EN\NCH_ENToolbarHelper.exe, , [bede30c2cdbc00365b3c62e6cf34e11f],
PUP.Optional.Conduit.A, C:\Program Files (x86)\NCH_EN\OtherAppsContextMenu.xml, , [bede30c2cdbc00365b3c62e6cf34e11f],
PUP.Optional.Conduit.A, C:\Program Files (x86)\NCH_EN\prxtbNCH_.dll, , [bede30c2cdbc00365b3c62e6cf34e11f],
PUP.Optional.Conduit.A, C:\Program Files (x86)\NCH_EN\SharedAppsContextMenu.xml, , [bede30c2cdbc00365b3c62e6cf34e11f],
PUP.Optional.Conduit.A, C:\Program Files (x86)\NCH_EN\tbNCH_.dll, , [bede30c2cdbc00365b3c62e6cf34e11f],
PUP.Optional.Conduit.A, C:\Program Files (x86)\NCH_EN\toolbar.cfg, , [bede30c2cdbc00365b3c62e6cf34e11f],
PUP.Optional.Conduit.A, C:\Program Files (x86)\NCH_EN\ToolbarContextMenu.xml, , [bede30c2cdbc00365b3c62e6cf34e11f],
PUP.Optional.Conduit.A, C:\Program Files (x86)\NCH_EN\uninstall.exe, , [bede30c2cdbc00365b3c62e6cf34e11f],
PUP.Optional.FastPlayer.A, C:\Users\Joseph\AppData\Local\com\FastPlayer.exe_Url_ypw5ldaz5xtubzl3ykl5vaw3nmhswq1q\1.0.0.3\user.config, , [a3f947ab2168a690079aa0c07d869a66],

Physical Sectors: 0
(No malicious items detected)


(end)

[Malekal_morte]

Salut,


Suis ce tutorial : https://www.malekal.com/tutorial-farbar ... tool-frst/
Cela va générer deux rapports FRST.
Envoie comme expliqué, ces deux rapports sur le site http://pjjoint.malekal.com et donne les trois liens pjjoint de ces rapports afin qu'ils puissent être consultés.

[PILEFAZ]

Ci-dessous les 2 liens vers les rapports :
http://pjjoint.malekal.com/files.php?id ... j13j9p1115
http://pjjoint.malekal.com/files.php?id ... 2u12j5e9u8

[angelique]

• Ouvre le bloc-notes : Menu Démarrer / Tous les programmes / Accessoires et Bloc-Notes. (ou executer---> notepad)
  Copie/colle dedans ce qui suit :
  
  

  S2 JBpcHBogo; "C:\ProgramData\aCODyxbZmPN\JBpcHBogo.exe" [X]
  C:\ProgramData\aCODyxbZmPN
  Ad-Aware Web Companion (x32 Version: 1.0.813.1538 - Lavasoft) Hidden
  AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
  AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
  GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
  CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  CHR HKU\S-1-5-21-627727854-1428138464-3552972702-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  HKU\S-1-5-21-627727854-1428138464-3552972702-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
  AutoConfigURL: [S-1-5-21-627727854-1428138464-3552972702-1000] => http://cdn1.browsersecurity.net/safe/cl ... &tid=18195
  SearchScopes: HKU\.DEFAULT -> {AF180E36-2083-45E6-B46C-5DB09D151DA9} URL = http://websearch.ask.com/redirect?clien ... 34B034C9D9
  BHO-x32: No Name -> {37483b40-c254-4a72-bda4-22ee90182c1e} -> No File
  BHO-x32: No Name -> {c6f3fc7b-d607-44ec-9caf-2a41d547137f} -> No File
  Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
  Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
  Toolbar: HKLM-x32 - No Name - {37483b40-c254-4a72-bda4-22ee90182c1e} - No File
  Toolbar: HKU\.DEFAULT -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
  EmptyTemp:
  

• Menu Fichier / Enregistrer-sous
  Place toi sur le bureau.
  Dans le champs en bas, nom du fichier mets : fixlist.txt
  Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.
• Ferme toutes les applications, y compris ton navigateur
• Double-clique sur FRST.exe
  /!\ Sous Vista, Windows 7 et 8, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  Sur le menu principal, clique une seule fois sur Fix et patiente le temps de la correction
  
  
  Un redémarrage peut être nécessaire (pas obligatoire).
• L'outil va créer un rapport de correction Fixlog.txt. Poste ce rapport dans ta réponse.
• desinstalle :
  
  Ad-Aware Antivirus
  Ad-Aware Web Companion
  AdAwareInstaller
  AdAwareUpdater
  Spybot - Search & Destroy 2
• refait un nouveau rapport frst.txt et addition.txt

[PILEFAZ]

Voici les 3 fichiers -
Fichier fixlog :
http://pjjoint.malekal.com/files.php?id ... 10t12c15s9

Fichiers FRST et addition
http://pjjoint.malekal.com/files.php?id ... 2t13m6x6c5
http://pjjoint.malekal.com/files.php?id ... t5q13u1211

[angelique]

• Ouvre le bloc-notes : Menu Démarrer / Tous les programmes / Accessoires et Bloc-Notes. (ou executer---> notepad)
  Copie/colle dedans ce qui suit :
  
  

  LavasoftTcpService (x32 Version: 2.2.9.5 - Lavasoft) Hidden
  HKLM-x32\...\Run: [fst_fr_101] => [X]
  2014-12-08 22:28 - 2014-12-08 22:28 - 01753736 _____ () C:\Users\Joseph\Downloads\Adaware_Installer.exe
  2014-12-08 22:00 - 2015-01-03 14:54 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
  2014-12-08 22:00 - 2014-12-08 22:00 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
  2014-12-08 21:59 - 2015-01-03 14:56 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
  2014-12-08 21:54 - 2014-12-08 21:58 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Joseph\Downloads\spybot-search-destroy_2-3-19-11-2014_en_10965.exe
  2014-12-07 23:35 - 2014-12-07 23:35 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Joseph\Downloads\SpyHunter-Installer.exe
  Emptytemp:
  

• Menu Fichier / Enregistrer-sous
  Place toi sur le bureau.
  Dans le champs en bas, nom du fichier mets : fixlist.txt
  Clic sur Enregistrer - cela va créer un fichier fixlist.txt sur le bureau.
• Ferme toutes les applications, y compris ton navigateur
• Double-clique sur FRST.exe
  /!\ Sous Vista, Windows 7 et 8, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  Sur le menu principal, clique une seule fois sur Fix et patiente le temps de la correction
  
  
  Un redémarrage peut être nécessaire (pas obligatoire).
• L'outil va créer un rapport de correction Fixlog.txt. Poste ce rapport dans ta réponse.
• desinstalle LavasoftTcpService

[PILEFAZ]

Fichier fixlog :
http://pjjoint.malekal.com/files.php?id ... 2e15i13o13

[angelique]

Je pense que c'est bon désormais.

➫ supprime frst.exe, ses rapports et C:\FRST


➫ supprime ce que te trouve MBAM et vide sa quarantaine


➫ relance adwcleaner et clic desinstaller

➫ Quelques conseils :


Utilise Malwarebyte's Anti-Malware : https://www.malekal.com/malwarebyte-ant ... les-virus/
Fais des scans réguliers avec, il est efficace.


Pour prévenir les sites malicieux, tu peux installer Blockulicious : http://forum.malekal.com/blockulicious- ... 46656.html


Pour ne plus te faire avoir.
A lire - Programmes parasites / PUPs : https://www.malekal.com/adwares-pup-protection/

[PILEFAZ]

Un énorme merci Angélique pour ton aide, la rapidité et la qualité de tes conseils !

Je voudrais par ailleurs signaler qu'hier j'ai reçu un appel, en anglais, d'une personne se faisant passer pour un employé Microsoft. (N° en OO 77...)
Il disait avoir reçu des alertes indiquant que mon pc était infecté et que la situation se détériorait chaque jour
Pour soit-disant prouver qu'il est de Microsoft, il donne un N° CLSID en disant que seul l'utilisateur du PC et Microsoft ont ce numéro... J'ai coupé court à la conversation, mais j'avoue que c'est plutôt stressant, et inquiétant !
Peux-tu me dire quel est le meilleur moyen de signaler cette arnaque ?

Merci encore !

[angelique]

ouai arnaque téléphonique, ça doit être ça > http://forum.malekal.com/arnaques-desin ... 48978.html

[nya]

bonjour, j'ai téléchargé TV Wizard sans m'en rendre compte.
En allant sur un forum, j'ai suivi une marche à suivre: faire un scan OTL, qui m'a généré 2 rapports OTL txt et Extras.txt après Analyse.
quand le scan a été fini, j'ai envoyé le rapport OTL.txt sur le site http://pjjoint.malekal.com/.

J'ai reçu le lien suivant:

http://pjjoint.malekal.com/files.php?id ... 15s7x129t9

Que dois-je faire maintenant. Merci de m'aider, je ne comprends pas tout ...
Merci d'avance!

[angelique]

➫ relançe OTL , Copies et colles le contenue de cette citation ci dessous (en commençant bien à :OTL , les : inclus devant OTL jusqu'à [emptytemp] inclus) dans la partie inférieure d'OTL sous "Personalisation"
et cette fois ci clic CORRECTION

:OTL
SRV - [2015/01/02 11:47:57 | 002,726,256 | ---- | M] (Small Island Development) [Auto | Running] -- C:\ProgramData\aUUiEPNcrfE\ErQOTLYk.exe -- (ErQOTLYk)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://isearch.omiga-plus.com/?type=hp& ... 4_A81E79B3
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://isearch.omiga-plus.com/web/?type ... earchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://isearch.omiga-plus.com/web/?type ... earchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.omiga-plus.com/?type=hp& ... 4_A81E79B3
IE:64bit: - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://isearch.omiga-plus.com/web/?type ... earchTerms}
IE:64bit: - HKLM\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://dts.search-results.com/sr?src=ie ... earchTerms}
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://rocket-find.com/results.php?f=4& ... 134363&ir=
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://dts.search-results.com/sr?src=ie ... earchTerms}
IE - HKU\S-1-5-21-3257648529-2543383404-4023361972-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://mixidj.delta-search.com/?q={sear ... 8&tsp=5017
IE - HKU\S-1-5-21-3257648529-2543383404-4023361972-1000\..\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}: "URL" = http://dts.search-results.com/sr?src=ie ... earchTerms}
IE - HKU\S-1-5-21-3257648529-2543383404-4023361972-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}: "URL" = http://rocket-find.com/results.php?f=4& ... 134363&ir=
IE - HKU\S-1-5-21-3257648529-2543383404-4023361972-1000\..\SearchScopes\{C39921A5-10CF-4A4F-825E-F79F1788E915}: "URL" = http://websearch.ask.com/redirect?clien ... FF712E2076
IE - HKU\S-1-5-21-3257648529-2543383404-4023361972-1000\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?sr ... 262D18209D}
[2015/01/02 11:47:45 | 000,000,563 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\omiga-plus.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [gmsd_fr_51] File not found
O4 - HKU\S-1-5-21-3257648529-2543383404-4023361972-1000..\Run: [Software updater] C:\Users\Nelly\AppData\Roaming\FreeSoftwareUpdater\updater.exe ()
[2015/01/03 15:16:37 | 000,000,000 | ---D | C] -- C:\Users\Nelly\AppData\Local\speed browser
[2015/01/03 15:09:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser
[2015/01/02 19:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\predm
[2015/01/02 11:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\1887373585
[2015/01/02 11:49:08 | 000,000,000 | ---D | C] -- C:\Users\Nelly\AppData\Local\TVWizard
[2015/01/02 11:48:02 | 000,000,000 | ---D | C] -- C:\Users\Nelly\Documents\Optimizer Pro
[2015/01/02 11:48:02 | 000,000,000 | ---D | C] -- C:\Users\Nelly\AppData\Roaming\omiga-plus
[2015/01/02 11:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\aUUiEPNcrfE
[2015/01/02 11:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TVWizard
[2013/09/18 14:05:39 | 000,000,000 | ---D | M] -- C:\Users\Nelly\AppData\Roaming\Babylon
[2015/01/02 12:37:10 | 000,000,000 | ---D | M] -- C:\Users\Nelly\AppData\Roaming\omiga-plus
[2014/06/29 10:35:19 | 000,000,000 | ---D | M] -- C:\Users\Nelly\AppData\Roaming\RocketUpdater
[2015/01/03 15:09:30 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser
[2013/06/10 21:31:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Browser Manager
[3248 C:\Users\Nelly\AppData\Local\Temp\*.tmp files -> C:\Users\Nelly\AppData\Local\Temp\*.tmp -> ]
:files
C:\ProgramData\aUUiEPNcrfE
:commands
[emptytemp]

» Un rapport texte apparrait au redemarrage du pc, poste le

[nya]

MERCi,
je viens de copier et cliquer sur Correction. OTL a eu besoin de redémarrer mon ordi. Voici le rapport que j'ai reçu. Je vous le mets en PJ.
Que dois-je faire ensuite?

[nya]

Je ne sais pas si ma PJ est lisible, alors voici le rapport texte après le redémarrage..

All processes killed
========== OTL ==========
Error: No service named ErQOTLYk was found to stop!
Service\Driver key ErQOTLYk not found.
File C:\ProgramData\aUUiEPNcrfE\ErQOTLYk.exe not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.
Registry key HKEY_USERS\S-1-5-21-3257648529-2543383404-4023361972-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3257648529-2543383404-4023361972-1000\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}\ not found.
Registry key HKEY_USERS\S-1-5-21-3257648529-2543383404-4023361972-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2101}\ not found.
Registry key HKEY_USERS\S-1-5-21-3257648529-2543383404-4023361972-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C39921A5-10CF-4A4F-825E-F79F1788E915}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C39921A5-10CF-4A4F-825E-F79F1788E915}\ not found.
Registry key HKEY_USERS\S-1-5-21-3257648529-2543383404-4023361972-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files (x86)\mozilla firefox\searchplugins\omiga-plus.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gmsd_fr_51 not found.
Registry value HKEY_USERS\S-1-5-21-3257648529-2543383404-4023361972-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Software updater not found.
File C:\Users\Nelly\AppData\Roaming\FreeSoftwareUpdater\updater.exe not found.
Folder C:\Users\Nelly\AppData\Local\speed browser\ not found.
Folder C:\ProgramData\Browser\ not found.
Folder C:\Program Files (x86)\predm\ not found.
Folder C:\ProgramData\1887373585\ not found.
C:\Users\Nelly\AppData\Local\TVWizard folder moved successfully.
Folder C:\Users\Nelly\Documents\Optimizer Pro\ not found.
Folder C:\Users\Nelly\AppData\Roaming\omiga-plus\ not found.
Folder C:\ProgramData\aUUiEPNcrfE\ not found.
Folder C:\ProgramData\TVWizard\ not found.
Folder C:\Users\Nelly\AppData\Roaming\Babylon\ not found.
Folder C:\Users\Nelly\AppData\Roaming\omiga-plus\ not found.
Folder C:\Users\Nelly\AppData\Roaming\RocketUpdater\ not found.
Folder C:\ProgramData\Browser\ not found.
Folder C:\ProgramData\Browser Manager\ not found.
File/Folder C:\Users\Nelly\AppData\Local\Temp\*.tmp not found.
========== FILES ==========
File\Folder C:\ProgramData\aUUiEPNcrfE not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Benoît
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nelly
->Temp folder emptied: 1548 bytes
->Temporary Internet Files folder emptied: 9991 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 11770688 bytes
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8540 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 11,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 01042015_181159

Files\Folders moved on Reboot...
C:\Users\Nelly\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nelly\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\_avast_\AvastLock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

[angelique]

Tu l'as fait 2 fois ? certains éléments de la correction n'apparraissent plus dans ton rapport.

ça doit être OK ?