Vous pensez être infecté, des pubs s'affichent quand vous naviguez sur internet ?
Perte de données, ralentissement système, virus USB ?
Désinfectez votre ordinateur gratuitement !
  • Avatar du membre
  • Avatar du membre
#156171
Re,

M'en douter un peu :)

Refais un scan avec OTL je te redonne le canned pour le faire correctement :
  • Télécharge OTL (by OldTimer) sur ton bureau.
  • Lance OTL, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Coche les cases suivantes :
    • Tous les utilisateurs
    • Recherche Lop
    • Recherche Purity
    • Avec Analyses 64 bit Uniquement pour les systèmes en 64 bit
  • Copie et colle le Script ci dessous dans la partie inférieure d'OTL "Personnalisation"
    Code : Tout sélectionner
    netsvcs
        msconfig
        safebootminimal
        safebootnetwork
        activex
        drivers32
        /md5start
        explorer.exe
        lsass.exe
        svchost.exe
        wininit.exe
        winlogon.exe
        userinit.exe
        volsnap.sys
        redbook.sys
        i8042prt.sys
        afd.sys
        netbt.sys
        tcpip.sys
        ipsec.sys
        hlp.dat
        /md5stop
        %APPDATA%\*.exe /s
        %APPDATA%\Adobe\Update\*.*
        %APPDATA%\Update\*.*
        %APPDATA%\Microsoft\*.*
        %ALLUSERSPROFILE%\Favorites\*.*
        %ALLUSERSPROFILE%\*.*
        %SYSTEMDRIVE%\*.*
        %PROGRAMFILES%\*.*
        %PROGRAMFILES%\Internet Explorer\*.*
        %USERPROFILE%\*.*
        %Temp%\smtmp\1\*.*
        %Temp%\smtmp\2\*.*
        %Temp%\smtmp\3\*.*
        %Temp%\smtmp\4\*.*
        %USERPROFILE%\Local Settings\Temp\*.exe
        %USERPROFILE%\Local Settings\Temp\*.dll
        %USERPROFILE%\Application Data\*.exe
        %systemroot%\system32\DBBK\*.* /s
        %systemroot%\system32\config\systemprofile\*.*
        %systemroot%\*. /mp /s
        %systemroot%\*.exe /90
        %systemroot%\system32\*.dll /lockedfiles
        %systemroot%\system32\*.dll /90
        %systemroot%\system32\drivers\*.sys /lockedfiles
        %systemroot%\system32\drivers\*.sys /90
        %systemroot%\system32\*.exe /90
        %systemroot%\system32\config\*.sav
        %systemroot%\system32\spool\prtprocs\w32x86\*.*
        %systemroot%\Tasks\*.job /lockedfiles
        %systemroot%\assembly\tmp\*.* /S /MD5
        %systemroot%\assembly\GAC_32\*.* /S /MD5
        %systemroot%\assembly\GAC_64\*.* /S /MD5
        %windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
        %windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*
        %windir%\temp*.*
        "%WinDir%\$NtUninstallKB*$." /30
        CREATERESTOREPOINT
        HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
        HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
        C:\Program Files\Common Files\ComObjects\*.* /
        %ALLUSERSPROFILE%\Application Data\*.exe /s
        
  • Clique sur Analyse

    Image
  • Une fois le scan terminé 1 ou 2 rapports vont s'ouvrir OTL.txt et Extras.txt.
  • Héberge les rapports OTL.txt et Extras.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum

    Note : Au cas oà¹, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
+
#156175
Re,

ben y a pas de raison, mais bon apparemment il existe plusieurs variantes ...
  • Lance OTL, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Colle les lignes copier au ci dessus dans la partie inférieure d'OTL "Personnalisation"
    Code : Tout sélectionner
    :processes
    killallprocesses
    
    :files
    C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
    C:\Program Files (x86)\Advanced System Protector\aspsys.dll
    C:\Program Files (x86)\Advanced System Protector\unrar.dll
    C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll
    C:\Program Files (x86)\Deeal\ScriptHost.dll (Deeal)
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
    C:\ProgramData\Systweak
    C:\Program Files (x86)\Advanced System Protector
    C:\Users\Steve\AppData\Roaming\System Speedup
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup
    C:\Users\Steve\AppData\Roaming\systweak
    C:\Program Files (x86)\System Speedup
    C:\Program Files (x86)\Deeal
    C:\Users\Steve\AppData\Roaming\betadeeal
    C:\Windows\SysNative\roboot64.exe
    C:\Users\Public\Desktop\System Speedup.lnk
    C:\Users\Steve\AppData\Roaming\~sxkveon.exe
    C:\ProgramData\uninstall_Deeal.exe
    C:\Users\Steve\AppData\Roaming\~sxkveon.exe
    C:\Users\Public\Desktop\System Speedup.lnk
    C:\Users\Public\Desktop\Advanced System Protector.lnk
    C:\ProgramData\uninstall_Deeal.exe
    C:\Users\Steve\AppData\Roaming\betadeeal
    C:\Users\Steve\AppData\Roaming\systweak
    C:\Users\Steve\AppData\Roaming\System Speedup
    C:\Users\Steve\AppData\Roaming\systweak\ssd\SSDPTstub.exe
    C:\ProgramData\uninstall_Deeal.exe
    
    :reg
    [-HKEY_LOCAL_MACHINE\Software\Deeal]
    [-HKEY_LOCAL_MACHINE\Software\System Speedup]
    [-HKEY_LOCAL_MACHINE\Software\systweak]
    [-HKEY_CURRENT_USER\Software\System Speedup]
    [-HKEY_CURRENT_USER\Software\systweak]
    [-HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1]
    [-HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Deeal]
    [-HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Speedup_is1]
    [-HKLM\Software\System Speedup]
    [-HKLM\Software\systweak]
    
    :commands
    [EMPTYTEMP]
    [REBOOT]
    
  • Clique sur Correction

    Image
  • OTL peut te demander de redémarrer, si c'est le cas fait le immédiatement !
  • Une fois le scan terminé 1 rapport va s'ouvrir ¤¤¤¤¤¤¤¤¤¤¤.log.
  • Copie et colle le contenu du rapport sur le forum.

    Note : Au cas oà¹, tu peux les retrouver dans le dossier C:\OTL ou sur ton bureau en fonction des cas rencontrés
+
#156177
Et voilà  le dernier rapport :

All processes killed
========== PROCESSES ==========
========== FILES ==========
C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe moved successfully.
C:\Program Files (x86)\Advanced System Protector\aspsys.dll moved successfully.
C:\Program Files (x86)\Advanced System Protector\unrar.dll moved successfully.
C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll moved successfully.
File\Folder C:\Program Files (x86)\Deeal\ScriptHost.dll (Deeal) not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector\updates folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector\signatures folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector\2.1.1000.12580 folder moved successfully.
C:\ProgramData\Systweak\Advanced System Protector folder moved successfully.
C:\ProgramData\Systweak folder moved successfully.
C:\Program Files (x86)\Advanced System Protector\Troubleshooter folder moved successfully.
C:\Program Files (x86)\Advanced System Protector\clamunpack folder moved successfully.
Folder move failed. C:\Program Files (x86)\Advanced System Protector scheduled to be moved on reboot.
C:\Users\Steve\AppData\Roaming\System Speedup folder moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Speedup folder moved successfully.
C:\Users\Steve\AppData\Roaming\systweak\ssd folder moved successfully.
C:\Users\Steve\AppData\Roaming\systweak\Advanced System Protector\Logs folder moved successfully.
C:\Users\Steve\AppData\Roaming\systweak\Advanced System Protector\Backup folder moved successfully.
C:\Users\Steve\AppData\Roaming\systweak\Advanced System Protector\2.1.1000.12580 folder moved successfully.
C:\Users\Steve\AppData\Roaming\systweak\Advanced System Protector folder moved successfully.
C:\Users\Steve\AppData\Roaming\systweak folder moved successfully.
C:\Program Files (x86)\System Speedup folder moved successfully.
C:\Program Files (x86)\Deeal folder moved successfully.
C:\Users\Steve\AppData\Roaming\betadeeal folder moved successfully.
C:\Windows\SysNative\roboot64.exe moved successfully.
C:\Users\Public\Desktop\System Speedup.lnk moved successfully.
C:\Users\Steve\AppData\Roaming\~sxkveon.exe moved successfully.
C:\ProgramData\uninstall_Deeal.exe moved successfully.
File\Folder C:\Users\Steve\AppData\Roaming\~sxkveon.exe not found.
File\Folder C:\Users\Public\Desktop\System Speedup.lnk not found.
C:\Users\Public\Desktop\Advanced System Protector.lnk moved successfully.
File\Folder C:\ProgramData\uninstall_Deeal.exe not found.
File\Folder C:\Users\Steve\AppData\Roaming\betadeeal not found.
File\Folder C:\Users\Steve\AppData\Roaming\systweak not found.
File\Folder C:\Users\Steve\AppData\Roaming\System Speedup not found.
File\Folder C:\Users\Steve\AppData\Roaming\systweak\ssd\SSDPTstub.exe not found.
File\Folder C:\ProgramData\uninstall_Deeal.exe not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\Software\Deeal\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\System Speedup\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\systweak\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\System Speedup\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\systweak\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Deeal\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\System Speedup_is1\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\System Speedup\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\systweak\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Steve
->Temp folder emptied: 20782293 bytes
->Temporary Internet Files folder emptied: 11423423 bytes
->Google Chrome cache emptied: 240938719 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11177382 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 271,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07032014_140057

Files\Folders moved on Reboot...
C:\Program Files (x86)\Advanced System Protector folder moved successfully.
C:\Users\Steve\AppData\Local\Temp\CVHLauncher(20140703134346C04).log moved successfully.
C:\Users\Steve\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
#156182
Re,

Pour tester au cas oà¹; il se servirait de la quarantaine des outils, et temp , fais ce qui suit:
  • Télécharges Delfix sur ton Bureau.
  • Lance Delfix,
  • /!\ Sous Vista, Windows 7 et 8, il faut lancer le fichier par clic-droit -> Exécuter en tant qu'administrateur
  • Coche la case suivantes :
    • Réactiver l'UAC
    • Supprimer les outils de désinfection
    • Effectuer une sauvegarde du registre
    • Purger la restauration système
    • Réinitialisation des paramètres système

      Image
  • Télécharge SFTGC (de Pierre13) sur ton Bureau et pas ailleurs !.
  • Lance SFTGC, exécuter en tant qu'administrateur sous Windows : 7/8 et Vista
  • Clique sur GO

    Image

    Note : A la fin un rapport va s'ouvrir
  • Une fois le scan terminé rends toi sur le bureau, le fichier SFTGC.txt à  été créé.
  • Héberge le rapport SFTGC.txt sur SosUpload, puis copie/colle le lien fourni dans ta prochaine réponse sur le forum
+

bonsoir oki pour la fermeture je m'en charge car[…]

how to clean junk files

Hello don't use this program , it's a bullshit :)

Bonjour https://www.aht.li/3213847/AdsFix.exe b[…]

De rien Bon WE :)