Besoin d'aide SVP [Résolu]

[lance_yien]

Bonjour,

 

Désinstaller ce programme (en gras) depuis "Ajout/ suppression de programmes": C:\Program Files\PRMT8 (car barre d'outil inutile et risque de spyware)

Ton "ZoneAlarm Security" inclut tous les modules de protection (antivirus, pare-feu et antispyware), je te suggère de désinstaller Spybot S&D pour éviter tout risque de conflit et faire de la place sur ton disque.

--

 

Lancer OTL et copier la liste suivante (commençant par :OTL) et la coller dans l'espace sous "Personnalisation" (les : au début et le ] à la fin sont très important, merci de vérifier).

 

:OTL

DRV - [2009-10-12 18:15:30 | 000,317,072 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)

DRV - [2009-10-12 18:15:26 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\kl1.sys -- (kl1)

[2011-05-03 18:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Kaspersky SDK

[2011-05-03 10:45:20 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\LOCAL SETTINGS\APPLICATION DATA\{E37D0722-A3C5-4874-AEEB-718E1BE6100D}

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKLM\..\Toolbar: (no name) - {33973600-925A-11D9-A1F6-9234C84D2622} - No CLSID value found.

O3 - HKLM\..\Toolbar: (PROMT) - {892E81F6-EC63-4d13-8422-835A7A05D6EB} - C:\Program Files\PRMT8\PRMTIE\prmtie.dll (PROMT Ltd.)

O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..\Run: [] File not found

O4 - HKCU..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O8 - Extra context menu item: Automatically Determine Topic Template - C:\Program Files\PRMT8\PRMTIE\aot.htm ()

O8 - Extra context menu item: Customize Translation Options - C:\Program Files\PRMT8\PRMTIE\options.HTM ()

O8 - Extra context menu item: Open Entry - C:\Program Files\PRMT8\PRMTIE\addentry.HTM ()

O8 - Extra context menu item: Search the Web - C:\Program Files\PRMT8\PRMTIE\search.HTM ()

O8 - Extra context menu item: Translate - C:\Program Files\PRMT8\PRMTIE\translat.HTM ()

O8 - Extra context menu item: Translate Page - C:\Program Files\PRMT8\PRMTIE\page.HTM ()

O8 - Extra context menu item: Unknown Words - C:\Program Files\PRMT8\PRMTIE\infopanel.HTM ()

O9 - Extra 'Tools' menuitem : Customize Translation Options - {4034D172-4C52-49de-A6A1-E75F8F591FEC} - C:\Program Files\PRMT8\PRMTIE\options.HTM ()

O9 - Extra 'Tools' menuitem : Translate - {A2DA13D5-AC77-43b7-963B-40445EBCB8E0} - C:\Program Files\PRMT8\PRMTIE\Prmtie5.htm ()

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O15 - HKCU\..Trusted Domains: google.com ([picasaweb] https in Sites de confiance)

O15 - HKCU\..Trusted Domains: google.fr ([picasaweb] https in Sites de confiance)

O15 - HKCU\..Trusted Ranges: Range78 ([https] in Sites de confiance)

[2011-04-30 16:07:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\BitTorrent

[2011-05-03 10:45:21 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Pjomabadebiri.dat

[2011-05-03 10:45:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Xselihajilesoqa.bin

@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B8131DF5

@Alternate Data Stream - 215 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C

@Alternate Data Stream - 195 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B1FCBEB0

@Alternate Data Stream - 155 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22741C1F

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7631EA83

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D0E56AC

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:61AF2B29

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1AFC2166

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F7F48F12

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:55818279

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F

@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4AD2C54D

 

:Services

 

:Reg

 

:Files

ipconfig /flushdns /c

C:\WINDOWS\tasks\*.job

C:\*.sqm

C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\LOCAL SETTINGS\APPLICATION DATA\{E37D0722-A3C5-4874-AEEB-718E1BE6100D}

C:\Program Files\PRMT8

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

C:\Documents and Settings\All Users\Application Data\Kaspersky SDK

C:\WINDOWS\system32\drivers\klif.sys

C:\WINDOWS\System32\DRIVERS\kl1.sys -- (kl1)

C:\Documents and Settings\Administrateur\Application Data\BitTorrent

 

:Commands

[EMPTYTEMP]

[EMPTYFLASH]

[RESETHOSTS]

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme demandera de redémarrer la machine pour finir le processus, cliquer sur Oui.

A la fin un rapport s'ouvre dans le bloc-note. Copier son contenu et le coller dans une nouvelle réponse. Fermer le rapport et OTL.

 

 

Rapports demandés:

• OTL.txt

Que reste-t-il comme symptômes à vérifier?

[Dancamelonat]

Il y a très très longtemps que j'ai PRMT8 et ce sans problèmes. J'ai besoin de ce logiciel pour des traductions. Je vais le désinstaller pour le moment mais j'ai besoin de continuer à utiliser un logiciel du genre quand PC sera en ordre.

 

Je tiens aussi à vous dire que qq fois mon navigateur refuse de s'ouvrir ou encore les hyperliens dans mes messages outlook refusent de s'ouvrir dans le navigateur et je dois alors les copier/coller.

 

Je reçois également souvent le message suivant : Generic host process for Win 32 services a rencontré un problème et ensuite tout mon affichage change

 

Bon, je vais faire ce que vous avez demandé....@+

[Dancamelonat]

Pendant le nettoyage j'ai reçu le message " Generic Host win 32 services a rencontré un problème"

Après OTL M'a demandé un reboot mais encore une fois explorer n'a pas booté, j'ai refermé et ensuite il a loadé OK (il me fait ce trucs au moins une fois sur deux reboots)

Le rapport suivant est ensuite apparu

 

All processes killed

========== OTL ==========

Error: Unable to stop service KLIF!

Unable to delete service\driver key KLIF.

File move failed. C:\WINDOWS\system32\drivers\klif.sys scheduled to be moved on reboot.

Error: Unable to stop service kl1!

Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kl1 deleted successfully.

File move failed. C:\WINDOWS\system32\drivers\kl1.sys scheduled to be moved on reboot.

C:\Documents and Settings\All Users\Application Data\Kaspersky SDK folder moved successfully.

C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\LOCAL SETTINGS\APPLICATION DATA\{E37D0722-A3C5-4874-AEEB-718E1BE6100D}\chrome\content folder moved successfully.

C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\LOCAL SETTINGS\APPLICATION DATA\{E37D0722-A3C5-4874-AEEB-718E1BE6100D}\chrome folder moved successfully.

C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\LOCAL SETTINGS\APPLICATION DATA\{E37D0722-A3C5-4874-AEEB-718E1BE6100D} folder moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ not found.

File C:\Program Files\Spybot - Search & Destroy\SDHelper.dll not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.

C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{33973600-925A-11D9-A1F6-9234C84D2622} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33973600-925A-11D9-A1F6-9234C84D2622}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{892E81F6-EC63-4d13-8422-835A7A05D6EB} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{892E81F6-EC63-4d13-8422-835A7A05D6EB}\ not found.

File C:\Program Files\PRMT8\PRMTIE\prmtie.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ deleted successfully.

File C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll not found.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.

File C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer not found.

File C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Automatically Determine Topic Template\ not found.

File C:\Program Files\PRMT8\PRMTIE\aot.htm not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Customize Translation Options\ not found.

File C:\Program Files\PRMT8\PRMTIE\options.HTM not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Open Entry\ not found.

File C:\Program Files\PRMT8\PRMTIE\addentry.HTM not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Search the Web\ not found.

File C:\Program Files\PRMT8\PRMTIE\search.HTM not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate\ not found.

File C:\Program Files\PRMT8\PRMTIE\translat.HTM not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Translate Page\ not found.

File C:\Program Files\PRMT8\PRMTIE\page.HTM not found.

Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Unknown Words\ not found.

File C:\Program Files\PRMT8\PRMTIE\infopanel.HTM not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4034D172-4C52-49de-A6A1-E75F8F591FEC}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4034D172-4C52-49de-A6A1-E75F8F591FEC}\ not found.

File C:\Program Files\PRMT8\PRMTIE\options.HTM not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{A2DA13D5-AC77-43b7-963B-40445EBCB8E0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A2DA13D5-AC77-43b7-963B-40445EBCB8E0}\ not found.

File C:\Program Files\PRMT8\PRMTIE\Prmtie5.htm not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}\ not found.

File C:\Program Files\Spybot - Search & Destroy\SDHelper.dll not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.com\picasaweb\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google.fr\picasaweb\ deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range78\\https deleted successfully.

C:\Documents and Settings\Administrateur\Application Data\BitTorrent\dlimagecache folder moved successfully.

C:\Documents and Settings\Administrateur\Application Data\BitTorrent\apps folder moved successfully.

C:\Documents and Settings\Administrateur\Application Data\BitTorrent folder moved successfully.

C:\WINDOWS\Pjomabadebiri.dat moved successfully.

C:\WINDOWS\Xselihajilesoqa.bin moved successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:B8131DF5 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3B8F70C deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:B1FCBEB0 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:0CE7F3C9 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:22741C1F deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:7631EA83 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:3D0E56AC deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:61AF2B29 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:1AFC2166 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:F7F48F12 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:C22674B6 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:55818279 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:6BF0805F deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:4AD2C54D deleted successfully.

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

< ipconfig /flushdns /c >

Configuration IP de Windows

Cache de résolution DNS vidé.

C:\Documents and Settings\Administrateur\Bureau\cmd.bat deleted successfully.

C:\Documents and Settings\Administrateur\Bureau\cmd.txt deleted successfully.

C:\WINDOWS\tasks\afse.job moved successfully.

C:\WINDOWS\tasks\AppleSoftwareUpdate.job moved successfully.

C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp officejet 4100 series#1302729346.job moved successfully.

C:\WINDOWS\tasks\Google Software Updater.job moved successfully.

C:\WINDOWS\tasks\Maintenance en 1 clic.job moved successfully.

C:\sqmdata00.sqm moved successfully.

C:\sqmdata01.sqm moved successfully.

C:\sqmdata02.sqm moved successfully.

C:\sqmdata03.sqm moved successfully.

C:\sqmdata04.sqm moved successfully.

C:\sqmdata05.sqm moved successfully.

C:\sqmdata06.sqm moved successfully.

C:\sqmdata07.sqm moved successfully.

C:\sqmdata08.sqm moved successfully.

C:\sqmdata09.sqm moved successfully.

C:\sqmdata10.sqm moved successfully.

C:\sqmdata11.sqm moved successfully.

C:\sqmdata12.sqm moved successfully.

C:\sqmdata13.sqm moved successfully.

C:\sqmdata14.sqm moved successfully.

C:\sqmdata15.sqm moved successfully.

C:\sqmdata16.sqm moved successfully.

C:\sqmdata17.sqm moved successfully.

C:\sqmdata18.sqm moved successfully.

C:\sqmdata19.sqm moved successfully.

C:\sqmnoopt00.sqm moved successfully.

C:\sqmnoopt01.sqm moved successfully.

C:\sqmnoopt02.sqm moved successfully.

C:\sqmnoopt03.sqm moved successfully.

C:\sqmnoopt04.sqm moved successfully.

C:\sqmnoopt05.sqm moved successfully.

C:\sqmnoopt06.sqm moved successfully.

C:\sqmnoopt07.sqm moved successfully.

C:\sqmnoopt08.sqm moved successfully.

C:\sqmnoopt09.sqm moved successfully.

C:\sqmnoopt10.sqm moved successfully.

C:\sqmnoopt11.sqm moved successfully.

C:\sqmnoopt12.sqm moved successfully.

C:\sqmnoopt13.sqm moved successfully.

C:\sqmnoopt14.sqm moved successfully.

C:\sqmnoopt15.sqm moved successfully.

C:\sqmnoopt16.sqm moved successfully.

C:\sqmnoopt17.sqm moved successfully.

C:\sqmnoopt18.sqm moved successfully.

C:\sqmnoopt19.sqm moved successfully.

File\Folder C:\DOCUMENTS AND SETTINGS\ADMINISTRATEUR\LOCAL SETTINGS\APPLICATION DATA\{E37D0722-A3C5-4874-AEEB-718E1BE6100D} not found.

C:\Program Files\PRMT8 folder moved successfully.

File\Folder C:\Program Files\Spybot - Search & Destroy\SDHelper.dll not found.

File\Folder C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll not found.

File\Folder C:\Documents and Settings\All Users\Application Data\Kaspersky SDK not found.

File move failed. C:\WINDOWS\system32\drivers\klif.sys scheduled to be moved on reboot.

File\Folder C:\WINDOWS\System32\DRIVERS\kl1.sys -- (kl1) not found.

File\Folder C:\Documents and Settings\Administrateur\Application Data\BitTorrent not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 4500054 bytes

->Temporary Internet Files folder emptied: 1070998506 bytes

->Java cache emptied: 10264 bytes

->FireFox cache emptied: 55300306 bytes

->Flash cache emptied: 497100 bytes

 

User: All Users

 

User: Camille

->Temp folder emptied: 1670106 bytes

->Temporary Internet Files folder emptied: 1112223 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32983 bytes

->Flash cache emptied: 41620 bytes

 

User: Isabelle

->Temp folder emptied: 1530748 bytes

->Temporary Internet Files folder emptied: 290658 bytes

->FireFox cache emptied: 45332 bytes

->Flash cache emptied: 41620 bytes

 

User: LocalService

->Temp folder emptied: 2175824 bytes

->Temporary Internet Files folder emptied: 160214702 bytes

->Flash cache emptied: 9135 bytes

 

User: NetworkService

->Temp folder emptied: 2116304 bytes

->Temporary Internet Files folder emptied: 325379119 bytes

->Flash cache emptied: 6348 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 2134506 bytes

%systemroot%\System32 .tmp files removed: 3072 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1780279 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 65408204 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 2195846558 bytes

 

Total Files Cleaned = 3 711,00 mb

 

 

[EMPTYFLASH]

 

User: Administrateur

->Flash cache emptied: 0 bytes

 

User: All Users

 

User: Camille

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: Isabelle

->Flash cache emptied: 0 bytes

 

User: LocalService

->Flash cache emptied: 0 bytes

 

User: NetworkService

->Flash cache emptied: 0 bytes

 

Total Flash Files Cleaned = 0,00 mb

 

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.22.3 log created on 05092011_082555

 

Files\Folders moved on Reboot...

File move failed. C:\WINDOWS\system32\drivers\klif.sys scheduled to be moved on reboot.

File move failed. C:\WINDOWS\system32\drivers\kl1.sys scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

[lance_yien]

Pas de problème pour ton programme lui-même, quand tu le réinstalle refuse l'installation de la barre d'outil proposée.

Concernant le message "Generic Host win 32 services a rencontré un problème", patience on l'aura (ça peut bien venir aussi bien d'une infection que d'un problème avec un logiciel OU de Windows lui-même.

 

>>> ESET Online Scanner: Brancher tous les médias amovibles disponibles (DD externe, clés USB etc) et désactiver antivirus/ parefeu et antispyware.

 

Utiliser Internet Explorer pour aller ICI.

• Cliquer sur le bouton vert ESET Online Scanner, cocher la case "YES, I accept the Terms of Use" et cliquer sur Start.
  
• Accepter l'installation de l'ActiveX.
  
• Cocher "Scan archives", DEcocher "Remove found threats" et cliquer Start.
  
• Eset téléchargera la base de données et commencera le scan. Le laisser finir son scan.
  
• Ensuite, cliquer sur "List of found threats"
  
• Cliquer sur "Export to text file..." et sauvegarder les résultats sur le Bureau en le nommant "scan-results" pour les copier/coller ici.
  
• Cliquer sur et cocher la case Uninstall application on close pour supprimer ESET Online Scanner de la machine.

Cliquer sur et poster le rapport.

[Dancamelonat]

J'ai entièrement confiance et vous remercie sincèrement pour votre aide. Je continue et vous reviens. Je voulais aussi vous informer que de tant à autre lorsque je clique sur des hyperliens qui sont sur des sites de confiances une page de pub s'ouvre également avant. C'est un forum ou je vais depuis des années et il n'y a aucune pub de ce genre sur le fofo

 

OK au boulot....je fais ce que vous m'avez demandé et reviens...

[Dancamelonat]

Bon, j'utilise habituellement firefox mais comme vous m'avez demande j'ai ouvert internet explorer......houlà!!! Première tentative, je ne vois rien dans la fenêtre ouverte. Je ferme et réouvre et là malheur!!!! J'ai des fenêtres que je venais de fermer sur lesquelles je travaillais sur ma clé usb qui se réouvrent toutes seules!!!! J'ai fermé tout de suite internet explorer. Au moment ou je tape ces lignes, j'utilise mozilla firefox et une fenêtre publicitaire s'ouvre toute seule dans un autre onglet!!! J'ai seulement la page de votre réponse d'ouverte...Je tente de faire la manip mentionné en accédant au site avec Mozilla firefox? Je dois faire autre chose?

Modifié le 9 mai 2011 par Dancamelonat

[lance_yien]

Vas-y avec Mozilla firefox, on verra bien.

[Dancamelonat]

Voilà

 

C:\Documents and Settings\Administrateur\Application Data\6D7CC288E1638A8C8FE27B6EB5C10E89\enemies-names.txt Win32/Adware.AntimalwareDoctor.AE.Gen application

C:\Documents and Settings\Administrateur\Application Data\6D7CC288E1638A8C8FE27B6EB5C10E89\local.ini Win32/Adware.AntimalwareDoctor.AE.Gen application

 

je pensais avoir tout éradiqué de cette m***e au début de mes problèmes, mais il semble que non.....c'est vraiment difficile de s'en défaire

[lance_yien]

On supprime ça avec OTL et on fait une analyse plus approfondie avec ComboFix (CF),

 

Imprimer ces instructions ou les enregistrer dans un fichier texte sur le Bureau pour les consulter facilement à tout moment et lancer OTL et copier la liste suivante (commençant par :OTL) et la coller dans l'espace sous "Personnalisation" (les : au début et le ] à la fin sont très important, merci de vérifier).

 

:OTL

 

 

:Services

 

:Reg

 

:Files

ipconfig /flushdns /c

C:\WINDOWS\tasks\*.job

C:\*.sqm

C:\Documents and Settings\Administrateur\Application Data\6D7CC288E1638A8C8FE27B6EB5C10E89\enemies-names.txt

C:\Documents and Settings\Administrateur\Application Data\6D7CC288E1638A8C8FE27B6EB5C10E89\local.ini

 

:Commands

[EMPTYTEMP]

[reboot]

Cliquer sur le bouton rouge Correction et laisser faire.

Si un ou plusieurs fichiers ne peuvent pas être supprimés normalement, le programme demandera de redémarrer la machine pour finir le processus, cliquer sur Oui.

A la fin un rapport s'ouvre dans le bloc-note. Copier son contenu et le coller dans une nouvelle réponse. Fermer le rapport et OTL.

 

 

Ensuite,

Télécharger, sur le Bureau:

• ComboFix© (par sUBs) depuis ici ou ici
• DeFogger (par jpshortstuff) depuis ici

 

>>> Désactiver les drivers d'émulation CD pour éviter toute interférence avec nos outils: Fermer toutes le fenêtres et applications ouvertes et double-cliquer sur Defogger.exe (Vista/W7 cliquer-droi => "Exécuter en tant qu'administrateur").

Cliquer sur le bouton Disable.

Cliquer sur Yes pour continuer puis, au message "Finished!", cliquer sur OK

Si le programme demande de redémarrer la machine, cliquer sur OK

Ne pas réactiver ces drivers sans y être invité.

 

 

>>> Utiliser ComboFix: Fermer toutes les applications et fenêtres ouvertes, désactiver antivirus/ pare-feu/ antispyware et cliquer ComboFix.exe. Suivre les instructions.

Accepter l'Agrément de la licence et l'installation de la Console de Récupération (proposée sous XP si pas installée).

NE PAS TOUCHER la machine avant la fin (même si les choses semblent ne pas avancer).

 

Quand c'est fini, un rapport (ComboFix.txt) s'affiche. Il est sauvegardé, automatiquement, à la racine de la partition système (généralement C:\)

Poster son contenu.

 

 

Rapports demandés:

• OTL.txt
• ComboFix.txt

[Dancamelonat]

Voilà pour OTL

 

All processes killed

========== OTL ==========

========== SERVICES/DRIVERS ==========

========== REGISTRY ==========

========== FILES ==========

< ipconfig /flushdns /c >

Configuration IP de Windows

Cache de résolution DNS vidé.

C:\Documents and Settings\Administrateur\Bureau\cmd.bat deleted successfully.

C:\Documents and Settings\Administrateur\Bureau\cmd.txt deleted successfully.

C:\WINDOWS\tasks\Google Software Updater.job moved successfully.

File\Folder C:\*.sqm not found.

C:\Documents and Settings\Administrateur\Application Data\6D7CC288E1638A8C8FE27B6EB5C10E89\enemies-names.txt moved successfully.

C:\Documents and Settings\Administrateur\Application Data\6D7CC288E1638A8C8FE27B6EB5C10E89\local.ini moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrateur

->Temp folder emptied: 1195355 bytes

->Temporary Internet Files folder emptied: 337140 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 89334837 bytes

->Flash cache emptied: 456 bytes

 

User: All Users

 

User: Camille

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Isabelle

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 1055088 bytes

->Temporary Internet Files folder emptied: 97570577 bytes

->Flash cache emptied: 6427 bytes

 

User: NetworkService

->Temp folder emptied: 2113152 bytes

->Temporary Internet Files folder emptied: 25728337 bytes

->Flash cache emptied: 3036 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1589654 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 209,00 mb

 

 

OTL by OldTimer - Version 3.2.22.3 log created on 05092011_145241

 

Files\Folders moved on Reboot...

File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NJJZCBV0\ads[2].txt not found!

File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NJJZCBV0\linkexchange[1].aspx not found!

File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\NJJZCBV0\pictures_contentdetail_160x600[1].htm not found!

File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DIFK632U\blank[1].htm not found!

File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\DIFK632U\gemma-norse-goddess-2053993[1].txt not found!

File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\58KQ2UAS\like[3].php not found!

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\58KQ2UAS\search[3].txt moved successfully.

File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\58KQ2UAS\sharethis[1].js not found!

File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\58KQ2UAS\xd_proxy[1].php not found!

File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3UMG0D7Q\provider[2].htm not found!

File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3UMG0D7Q\technet_ameriquebec_net[1].txt not found!

File\Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\3UMG0D7Q\track-pics-gallery[1].htm not found!

 

Registry entries deleted on Reboot...