Log hijackthis - pc qui plante

roni034 Messages postés 145 Statut Membre -  
 danac -
Bonjour,

Mon pc tourne sur vista il a tendance à ramer et planter quelques secondes tout les temps en temps je pense qu'il faut surement le nettoyer un peu , je vous poste un log hijack this , merci pour votre précieuse aide.
roni

LOG HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:46:03, on 22/11/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\PDF-XChange 3 Pro\pdfSaver\pdfSaver3.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ww12.cherche.us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ww12.cherche.us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.cherche.us/keyword/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://ww12.cherche.us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\PDF-XChange 3 Pro\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Ajouter la cible du lien à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Ajouter à un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir au format PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien au format Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
O16 - DPF: {D79B6F43-F214-4E7A-9ECB-CCC8771F2416} (LauncherV1 Class) - http://www.tapuz.co.il/irc/main/launcher.cab
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} - https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:

21 réponses

  • 1
  • 2
Réponse 1 / 21
Utilisateur anonyme
 
salut :

Télécharge OTL de OLDTimer

enregistre le sur ton Bureau.

▶ Double clic ( pour vista => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur all

ne modifie pas ceci :

"files created whithin" et "files modified whithin"

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

▶▶ Tu feras la meme chose avec le "Extra.txt".
0
Réponse 2 / 21
roni034 Messages postés 145 Statut Membre 8
 
MERCI gen-hackman

voici le premier lien :
http://www.cijoint.fr/cjlink.php?file=cj200911/cijQET8Lzo.txt

et le deuxieme :
http://www.cijoint.fr/cjlink.php?file=cj200911/cijtiyIvOu.txt

merci et a plus

roni
0
Réponse 3 / 21
Utilisateur anonyme
 
Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge List&Kill'em et enregistre le sur ton bureau

▶ dezippe-le , (clic droit/ extraire.....)

Il ne necessite pas d'installation

▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶laisse travailler l'outil

▶Poste le contenu du rapport qui s'ouvre

0
roni034 Messages postés 145 Statut Membre 8
 
je n'arrive pas à extraire le zip , il pretend que le fichier est endommagé sais-tu à quoi cela peut etre du ?
merci
0
Réponse 4 / 21
roni034 Messages postés 145 Statut Membre 8
 
c'est bon j'ai réussi
a tt de suite
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 21
roni034 Messages postés 145 Statut Membre 8
 
LE SCAN SEMBLE terminé mais aucun rapport ne s'est ouvert.... le programme reste ouvert sur "tests rootkits"
faut il attendre ?
0
Réponse 6 / 21
Utilisateur anonyme
 
oui
0
Réponse 7 / 21
roni034 Messages postés 145 Statut Membre 8
 
combien de temps environ? , j'ai l'impression que c'est bloqué dessus car cela fait un moment déjà mais c'est peut etre normal...
0
Réponse 8 / 21
roni034 Messages postés 145 Statut Membre 8
 
combien de temps environ? , j'ai l'impression que c'est bloqué dessus car cela fait un moment déjà mais c'est peut etre normal...
0
Réponse 9 / 21
Utilisateur anonyme
 
tu as desactivé l antivirus ?

ca depend de ton pc ^^ ...quand c est fini le rapport s ouvre seul
0
Réponse 10 / 21
roni034 Messages postés 145 Statut Membre 8
 
List'em by g3n-h@ckm@n 1.0.5.5

Thx to Chiquitine29.....

User : Aharon (Administrateurs) # AHARONBLOCH
Update on 21/11/2009 by g3n-h@ckm@n ::::: 20:13
Start at: 20:09:51 | 22/11/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 111,69 Go (27,96 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 108,19 Go (108,09 Go free) [DATA] | NTFS
F:\ -> Disque CD-ROM

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus en cours

C:\Windows\System32\smss.exe 520
C:\Windows\system32\csrss.exe 600
C:\Windows\system32\wininit.exe 652
C:\Windows\system32\csrss.exe 664
C:\Windows\system32\services.exe 700
C:\Windows\system32\lsass.exe 716
C:\Windows\system32\lsm.exe 724
C:\Windows\system32\winlogon.exe 800
C:\Windows\system32\svchost.exe 916
C:\Windows\system32\svchost.exe 984
C:\Windows\System32\svchost.exe 1024
C:\Windows\System32\svchost.exe 1084
C:\Windows\System32\svchost.exe 1116
C:\Windows\system32\svchost.exe 1136
C:\Windows\system32\svchost.exe 1296
C:\Windows\system32\SLsvc.exe 1312
C:\Windows\system32\svchost.exe 1364
C:\Windows\system32\svchost.exe 1540
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe 1712
C:\Program Files\Alwil Software\Avast4\ashServ.exe 1728
C:\Windows\system32\WLANExt.exe 1764
C:\Windows\system32\Dwm.exe 1892
C:\Windows\Explorer.EXE 1936
C:\Windows\System32\spoolsv.exe 512
C:\Windows\system32\taskeng.exe 1032
C:\Windows\system32\svchost.exe 1220
C:\Acer\ALaunch\ALaunchSvc.exe 2156
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 2204
C:\Program Files\Bonjour\mDNSResponder.exe 2216
C:\Windows\system32\svchost.exe 2228
C:\Program Files\Intel\WiFi\bin\EvtEng.exe 2280
C:\Windows\system32\svchost.exe 2440
C:\Program Files\Common Files\LightScribe\LSSrvc.exe 2576
C:\Acer\Mobility Center\MobilityService.exe 2596
C:\Windows\System32\svchost.exe 2628
C:\Program Files\CDBurnerXP\NMSAccessU.exe 2660
C:\Windows\System32\svchost.exe 2720
C:\Windows\system32\svchost.exe 2732
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 2752
C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2796
C:\Windows\system32\svchost.exe 2860
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe 2928
C:\Windows\System32\svchost.exe 2976
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 3016
C:\Windows\system32\SearchIndexer.exe 3056
C:\Windows\system32\DRIVERS\xaudio.exe 3340
C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe 3360
C:\Windows\system32\wbem\wmiprvse.exe 3812
C:\Windows\system32\wbem\wmiprvse.exe 1344
C:\Program Files\Windows Defender\MSASCui.exe 2408
C:\Program Files\Synaptics\SynTP\SynTPStart.exe 2300
C:\Windows\RtHDVCpl.exe 2108
C:\Program Files\Launch Manager\QtZgAcer.EXE 1880
C:\Program Files\Alwil Software\Avast4\ashDisp.exe 2872
C:\Program Files\Java\jre6\bin\jusched.exe 2880
C:\Program Files\Common Files\Real\Update_OB\realsched.exe 2912
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe 3220
C:\Program Files\iTunes\iTunesHelper.exe 3404
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 3444
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 3576
C:\Windows\ehome\ehtray.exe 3620
C:\Program Files\PDF-XChange 3 Pro\pdfSaver\pdfSaver3.exe 2536
C:\Program Files\Windows Media Player\wmpnscfg.exe 1708
C:\Windows\System32\rundll32.exe 3276
C:\Program Files\Windows Media Player\wmpnetwk.exe 3156
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE 4124
C:\Windows\ehome\ehmsas.exe 4136
C:\Windows\system32\taskeng.exe 4440
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe 4464
C:\Windows\ehome\ehsched.exe 4496
C:\Windows\system32\WerCon.exe 4784
C:\Windows\ehome\ehRecvr.exe 5748
C:\Program Files\iPod\bin\iPodService.exe 5996
C:\Program Files\Internet Explorer\iexplore.exe 4356
C:\Program Files\Internet Explorer\iexplore.exe 4164
C:\Windows\system32\wbem\unsecapp.exe 5276
C:\Windows\system32\svchost.exe 4228
C:\Program Files\Davka Corp\DavkaWriter\davwrite.exe 4364
C:\Program Files\Internet Explorer\iexplore.exe 1320
C:\Windows\system32\conime.exe 5640
C:\Program Files\Adobe\Adobe Photoshop CS4\Photoshop.exe 2372
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 5476
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE 5512
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe 2152
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE 5760
C:\Program Files\Internet Explorer\iexplore.exe 3848
C:\Program Files\WinRAR\WinRAR.exe 5588
C:\Users\Aharon\AppData\Local\Temp\Rar$EX00.304\List_Kill'em.exe 3908
C:\Windows\system32\cmd.exe 2396
C:\Users\Aharon\AppData\Local\Temp\49BD.tmp\pv.exe 4008

======================
Cles de demarrage "Run"
======================

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
swg REG_SZ "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ehTray.exe REG_SZ C:\Windows\ehome\ehTray.exe
pdfSaver3 REG_SZ "C:\Program Files\PDF-XChange 3 Pro\pdfSaver\pdfSaver3.exe"
AdobeBridge REG_SZ
WMPNSCFG REG_SZ C:\Program Files\Windows Media Player\WMPNSCFG.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdater

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Windows Defender REG_EXPAND_SZ %ProgramFiles%\Windows Defender\MSASCui.exe -hide
SynTPStart REG_SZ C:\Program Files\Synaptics\SynTP\SynTPStart.exe
Acer Tour REG_SZ
RtHDVCpl REG_SZ RtHDVCpl.exe
LManager REG_SZ C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
PLFSet REG_SZ rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
eRecoveryService REG_SZ
Acer Tour Reminder REG_SZ C:\Acer\AcerTour\Reminder.exe
WarReg_PopUp REG_SZ C:\Acer\WR_PopUp\WarReg_PopUp.exe
NvSvc REG_SZ RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
NvCplDaemon REG_SZ RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
NvMediaCenter REG_SZ RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
TkBellExe REG_SZ "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Google Quick Search Box REG_SZ "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
pdfSaver3 REG_SZ
QuickTime Task REG_SZ "C:\Program Files\QuickTime\QTTask.exe" -atboottime
AdobeCS4ServiceManager REG_SZ "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
Adobe Acrobat Speed Launcher REG_SZ "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
<SANS NOM> REG_SZ
Acrobat Assistant 8.0 REG_SZ "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
Adobe ARM REG_SZ "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
=====================
cles additionnelles
=====================

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System
ConsentPromptBehaviorAdmin REG_DWORD 0x2
ConsentPromptBehaviorUser REG_DWORD 0x1
EnableInstallerDetection REG_DWORD 0x1
EnableLUA REG_DWORD 0x0
EnableSecureUIAPaths REG_DWORD 0x1
EnableVirtualization REG_DWORD 0x1
PromptOnSecureDesktop REG_DWORD 0x1
ValidateAdminCodeSignatures REG_DWORD 0x0
dontdisplaylastusername REG_DWORD 0x0
legalnoticecaption REG_SZ
legalnoticetext REG_SZ
scforceoption REG_DWORD 0x0
shutdownwithoutlogon REG_DWORD 0x1
undockwithoutlogon REG_DWORD 0x1
FilterAdministratorToken REG_DWORD 0x1
EnableUIADesktopToggle REG_DWORD 0x0
UacDisableNotify REG_DWORD 0x0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\UIPI
===============
===============
BHO :
======

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

Ndisuio : 0x3
EapHost : 0x2
Wlansvc : 0x2
SharedAccess : 0x2
windefend : 0x2
wuauserv : 0x2
=========

=========================
Environnement variables :
=========================

ALLUSERSPROFILE=C:\ProgramData
APPDATA=C:\Users\Aharon\AppData\Roaming
choix=1
CLASSPATH=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=AHARONBLOCH
ComSpec=C:\Windows\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Users\Aharon
LOCALAPPDATA=C:\Users\Aharon\AppData\Local
LOGONSERVER=\\AHARONBLOCH
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\WinRAR;C:\Program Files\Internet Explorer;;C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Microsoft Shared\Windows Live
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 13, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0d
ProgramData=C:\ProgramData
ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
QTJAVA=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
RNLOG_BASEKEY=Software\RealNetworks\RealPlayer\6.0\Preferences\BrowserRecordPluginLog
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\Windows
TEMP=C:\Users\Aharon\AppData\Local\Temp
TMP=C:\Users\Aharon\AppData\Local\Temp
USERDOMAIN=AharonBloch
USERNAME=Aharon
USERPROFILE=C:\Users\Aharon
windir=C:\Windows


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
C:\Program Files\pdfforge Toolbar\SearchSettings.dll
C:\Windows\System32\ACER.exe
C:\Windows\System32\ACTSKN43.ocx
C:\Windows\System32\drivers\etc\hosts.msn
C:\Users\Aharon\LOCAL Settings\Temp\jre-6u15-windows-i586-iftw.exe
C:\Users\Aharon\LOCAL Settings\Temp\RtkBtMnt.exe
C:\Users\Aharon\LOCAL Settings\Temp\Update_a290.exe
C:\Users\Aharon\LOCAL Settings\Temp\wlsetup-cvr.exe

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :

HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{B922D405-6D13-4A2B-AE89-08A030DA4402}"
"HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings"
"HKLM\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}"
HKCU\Software\AppDataLow\Software\pdfforge
HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
HKLM\Software\pdfforge

=====================
Verification Rootkits
=====================

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-22 20:12:39
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch :

ACROBAT.EXE-F186FC64.pf
ACROBATINFO.EXE-59042AD8.pf
ACRODIST.EXE-1C2D8F2D.pf
ADOBEARM.EXE-719325FF.pf
AgAppLaunch.db
AgCx_S1_S-1-5-21-4186420219-1466379675-1655055312-1000.snp.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgCx_SC2.db
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-4186420219-1466379675-1655055312-1000.db
AgGlUAD_P_S-1-5-21-4186420219-1466379675-1655055312-1001.db
AgGlUAD_P_S-1-5-21-4186420219-1466379675-1655055312-501.db
AgGlUAD_S-1-5-21-4186420219-1466379675-1655055312-1000.db
AgGlUAD_S-1-5-21-4186420219-1466379675-1655055312-1001.db
AgGlUAD_S-1-5-21-4186420219-1466379675-1655055312-501.db
AgRobust.db
ASW100M.EXE-B74C2F42.pf
AU_.EXE-72D04A32.pf
AVAST.SETUP-499863F4.pf
CATCHME.EXE-CF50AAC5.pf
CATCHME.EXE-F3AEC9C1.pf
CDMKR32.EXE-3BB1E0CC.pf
CMD.EXE-4A81B364.pf
CONIME.EXE-9781FD5F.pf
CONTROL.EXE-817F8F1D.pf
CSCRIPT.EXE-D1EF4768.pf
DAVWRITE.EXE-7FBCCA7B.pf
DLLHOST.EXE-5E46FA0D.pf
DLLHOST.EXE-766398D2.pf
DLLHOST.EXE-7FAA2E4C.pf
DLLHOST.EXE-B2EB1806.pf
DWM.EXE-6FFD3DA8.pf
EHMSAS.EXE-2D3B2F21.pf
EHREC.EXE-BFABB40F.pf
EHRECVR.EXE-96B31E37.pf
EHSCHED.EXE-7A86D5F8.pf
EXCEL.EXE-C6BEF51C.pf
EXPLORER.EXE-A80E4F97.pf
FIREWALLCONTROLPANEL.EXE-3F1BCAAB.pf
FIREWALLSETTINGS.EXE-26A7E14B.pf
FNPLICENSINGSERVICE.EXE-FAD19408.pf
FONTVIEW.EXE-9D7359FA.pf
GOOGLEUPDATER.EXE-39628337.pf
GOOGLEUPDATERSERVICE.EXE-09540BCD.pf
HIJACKTHIS.EXE-9FD56571.pf
HIJACKTHIS_HIJACKTHIS_2.02_AN-FF987FFD.pf
IEXPLORE.EXE-908C99F8.pf
INFOCARD.EXE-ECED8D38.pf
IPODSERVICE.EXE-37C43D64.pf
JAVA.EXE-E27B75C2.pf
Layout.ini
LIST_KILL'EM.EXE-B4AC7758.pf
LIST_KILL'EM.EXE-D978D869.pf
LOGONUI.EXE-09140401.pf
MOBSYNC.EXE-C5E2284F.pf
MODE.COM-DB34C082.pf
MPAS-FE_BD.EXE-BB62FD5E.pf
MPCMDRUN.EXE-F401FBB4.pf
MPSIGSTUB.EXE-B1569B6D.pf
MSIBCD0.TMP-33D52DF9.pf
MSIEXEC.EXE-A2D55CB6.pf
MSNMSGR.EXE-9974F251.pf
MSOHTMED.EXE-675EE324.pf
MSPAINT.EXE-76E10B24.pf
MSTORDB.EXE-A44D8926.pf
MSTORE.EXE-E9695541.pf
NOTEPAD.EXE-86E0E9B9.pf
NOTEPAD.EXE-D8414F97.pf
NTOSBOOT-B00DFAAD.pf
OFFICELIVESIGNIN.EXE-B83AEDE8.pf
OTL.EXE-D7014561.pf
PfSvPerfStats.bin
PHOTOSHOP.EXE-4545CF92.pf
POWERPNT.EXE-1404AEAA.pf
PV.EXE-7E1C6882.pf
PV.EXE-F380DB5E.pf
ReadyBoot
REALONEMESSAGECENTER.EXE-9A1F2949.pf
REALPLAY.EXE-A09C7945.pf
REALSCHED.EXE-A91B3084.pf
REG.EXE-A79E696E.pf
REG.EXE-E1742EF2.pf
RPHELPERAPP.EXE-7719CDA2.pf
RSTRUI.EXE-2D50C58D.pf
RTKBTMNT.EXE-02C940FC.pf
RUNDLL32.EXE-2AC2FF59.pf
RUNDLL32.EXE-3BDF31B9.pf
RUNDLL32.EXE-636E6A7A.pf
RUNDLL32.EXE-A25F9D14.pf
RUNDLL32.EXE-A795664B.pf
RUNDLL32.EXE-A887183C.pf
RUNDLL32.EXE-B703F955.pf
RUNDLL32.EXE-C563E358.pf
RUNDLL32.EXE-C75B8AEF.pf
RUNDLL32.EXE-E8AC3089.pf
RUNDLL32.EXE-EF0DD113.pf
RUNDLL32.EXE-FA26CFEB.pf
RUNXX.EXE-BD684DBD.pf
SEARCHFILTERHOST.EXE-77482212.pf
SEARCHPROTOCOLHOST.EXE-0CB8CADE.pf
SETUP.EXE-D7975360.pf
SSVAGENT.EXE-42E515EF.pf
SSVAGENT.EXE-D0A26E22.pf
SVCHOST.EXE-7CFEDEA3.pf
SVCHOST.EXE-DD6406E8.pf
SYNTPENH.EXE-E6DC1353.pf
TASKENG.EXE-48D4E289.pf
TASKMGR.EXE-5F5F473D.pf
TRUSTEDINSTALLER.EXE-3CC531E5.pf
UNINS000.EXE-C22CE21F.pf
UNINSTALL.EXE-32255305.pf
UNSECAPP.EXE-A02905A6.pf
UTORRENT.EXE-1070971C.pf
VERCLSID.EXE-7C52E31C.pf
VSSVC.EXE-B8AFC319.pf
WERCON.EXE-E36BD04E.pf
WERMGR.EXE-0F2AC88C.pf
WINDOWSPHOTOGALLERY.EXE-99C26518.pf
WINRAR.EXE-94E7D80C.pf
WINWORD.EXE-C91725A1.pf
WLCOMM.EXE-272FF9F7.pf
WLIDSVCM.EXE-A6EF5B2F.pf
WMIADAP.EXE-F8DFDFA2.pf
WMIPRVSE.EXE-1628051C.pf
WMPLAYER.EXE-BAD6BD53.pf
WMPNETWK.EXE-D9F2A96F.pf
WMPNSCFG.EXE-FC0D39BF.pf
WORDPAD.EXE-D7FD7414.pf
WUAUCLT.EXE-70318591.pf
_IU14D2N.TMP-ACE6F137.pf




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
voila merci
0
Réponse 11 / 21
Utilisateur anonyme
 
▶ Désactivez le contrôle des comptes utilisateurs avant utilisation de cet outil:

▶ Allez dans "Démarrer" puis Panneau de configuration.
▶ Double Cliquez sur l'icône Comptes d'utilisateurs et sur "Activer ou désactiver le contrôle des comptes d'utilisateurs".
▶ Décochez la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur.
▶ Validez par OK et redémarrez .

ensuite

▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :


▶ Déconnecte toi et ferme toutes applications en cours !

▶ clic droit sur "Ad-R.exe" en tant qu'administrateur pour lancer l'installation et laisse les paramètres d'installation par défaut .

▶ clic droit sur le raccourci Ad-remover en tant qu'administrateur qui est sur ton bureau pour lancer l'outil .

▶ Au menu principal choisis l'option "L" et tape sur [entrée] .

▶ Laisse travailler l'outil et ne touche à rien ...

▶ Poste le rapport qui apparait à la fin , sur le forum ...

( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

ensuite :

REDEMARRE EN MODE SANS ECHEC , puis :

▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil.

en fin de scan un rapport s'ouvre , ferme-le puis redemarre

▶ colle le contenu dans ta reponse apres avoir redemarré en mode normal :

C:\Kill'em.txt
0
Réponse 12 / 21
roni034 Messages postés 145 Statut Membre 8
 
tien voici deja le log ad-r

.
======= RAPPORT D'AD-REMOVER 1.1.4.5_T | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 05/09/2009 à 12:20 PM
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 21:17:21, 22/11/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows Vista™ Home Premium Service Pack 1 v6.0.6001
Nom du PC: AHARONBLOCH | Utilisateur actuel: Aharon
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.
.
.
C:\Users\Aharon\AppData\Roaming\Microsoft\Windows\Cookies\aharon@partypoker[2].txt
C:\Users\Aharon\AppData\Roaming\Microsoft\Windows\Cookies\aharon@zwinky[2].txt

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 2.0 *
.
Nom du profil: ahe19kzn.default (Aharon)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "Google");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://www.cherche.us/");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.8.1");
.
.
.
* Internet Explorer Version 8.0.6001.18828 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: Window Title
SEARCH PAGE: hxxp://www.cherche.us
Start Page_bak: hxxp://www.cherche.us
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
============== Suspect (Cracks, Serials ... ) ==============
.
C:\Users\Aharon\AppData\Roaming\uTorrent\Acrobat 3D 8.2.0 best Activation + Crack Version.exe.torrent
C:\Users\Aharon\Downloads\Adobe CS4 Activation Patch\Adobe CS4 Keygen.exe
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\C4DSetup.exe
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Cinema 4D+Plugins + keygen.part01.rar
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Cinema 4D+Plugins + keygen.part02.rar
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Cinema 4D+Plugins + keygen.part03.rar
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Cinema 4D+Plugins + keygen.part04.rar
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Cinema 4D+Plugins + keygen.part05.rar
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Cinema 4D+Plugins + keygen.part06.rar
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Cinema 4D+Plugins + keygen.part07.rar
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Cinema 4D+Plugins + keygen.part08.rar
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Cinema 4D+Plugins + keygen.part09.rar
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Cinema 4D+Plugins + keygen.part10.rar
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Cinema 4D+Plugins + keygen.part11.rar
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Cinema 4D+Plugins + keygen.part12.rar
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Maxon 9 KeyGen.exe
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Paradox.nfo
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\pdxbodyp\bp patch.EXE
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\pdxbodyp\Maxon 9 KeyGen.exe
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\pdxbodyp\Paradox.nfo
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Plugins\(3D) Cinema 4D Plugin - GlobalLightAdjustÏ.rar
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Plugins\(3D) Cinema 4D Plugin - organica2Ï.rar
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Plugins\(3D) Maxon Cinema 4D Xl Supernurbs Plugin Rare Must Have!.zip
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Plugins\(Cinema4D-Plugin) Maxon Exteriors - 3D Plants For Cinema 4D.zip
C:\Users\Aharon\Downloads\Cinema 4D+Plugins + keygen\Plugins\Installer SHAVE 25 Patch.exe
C:\Users\Aharon\Downloads\TOPAZ\TopazVivacity\Crack.rar
.
.
===================================
.
4647 Octet(s) - C:\Ad-Report-CLEAN.log
2565 Octet(s) - C:\Ad-Report-SCAN.log
.
723 Fichier(s) - C:\Users\Aharon\AppData\Local\Temp
25 Fichier(s) - C:\Windows\Temp
.
40 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
4 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 21:55:48 | 22/11/2009
.
============== E.O.F ==============
.
0
Réponse 13 / 21
roni034 Messages postés 145 Statut Membre 8
 
voici le dernier log
Kill'em by g3n-h@ckm@n 1.0.5.5

User : Aharon (Administrateurs) # AHARONBLOCH
Update on 21/11/2009 by g3n-h@ckm@n ::::: 20:13
Start at: 22:35:57 | 22/11/2009
Contact : g3n-h@ckm@n sur CCM

Intel(R) Core(TM)2 Duo CPU T5550 @ 1.83GHz
Microsoft® Windows Vista™ Édition Familiale Premium (6.0.6001 32-bit) # Service Pack 1
Internet Explorer 8.0.6001.18828
Windows Firewall Status : Enabled

C:\ -> Disque fixe local | 111,69 Go (30,53 Go free) [ACER] | NTFS
D:\ -> Disque fixe local | 108,19 Go (108,09 Go free) [DATA] | NTFS
F:\ -> Disque CD-ROM


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processus en cours


C:\Windows\System32\smss.exe 384
C:\Windows\system32\csrss.exe 508
C:\Windows\system32\csrss.exe 544
C:\Windows\system32\wininit.exe 552
C:\Windows\system32\winlogon.exe 596
C:\Windows\system32\services.exe 628
C:\Windows\system32\lsass.exe 640
C:\Windows\system32\lsm.exe 648
C:\Windows\system32\svchost.exe 788
C:\Windows\system32\svchost.exe 844
C:\Windows\System32\svchost.exe 884
C:\Windows\System32\svchost.exe 972
C:\Windows\system32\svchost.exe 1000
C:\Windows\System32\svchost.exe 1044
C:\Windows\system32\svchost.exe 1064
C:\Windows\system32\svchost.exe 1080
C:\Windows\system32\svchost.exe 1240
C:\Windows\system32\svchost.exe 1360
C:\Windows\Explorer.EXE 1600
C:\Windows\helppane.exe 1732
C:\Windows\system32\wbem\unsecapp.exe 312
C:\Windows\system32\wbem\wmiprvse.exe 644
C:\Program Files\Windows Media Player\wmpnscfg.exe 696
C:\Program Files\WinRAR\WinRAR.exe 1956
C:\Program Files\WinRAR\WinRAR.exe 1820
C:\Users\Aharon\AppData\Local\Temp\Rar$EX00.803\List_Kill'em.exe 1168
C:\Windows\system32\cmd.exe 1992
C:\Windows\system32\wbem\wmiprvse.exe 1356
C:\Users\Aharon\AppData\Local\Temp\645D.tmp\pv.exe 1156

Fichiers analysés :
=================


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}"
"C:\Program Files\pdfforge Toolbar\SearchSettings.dll"
"C:\Windows\System32\ACER.exe"
"C:\Windows\System32\ACTSKN43.ocx"
"C:\Windows\System32\drivers\etc\hosts.msn"


¤¤¤¤¤¤¤¤¤¤ Action sur les fichiers :

Quarantaine :

acer.exe.Kill'em
actskn43.ocx.Kill'em
hosts.msn.Kill'em
SearchSettings.dll.Kill'em
{B922D405-6D13-4A2B-AE89-08A030DA4402}.Kill'em

====================
Fichiers hosts nettoyés
====================
¤¤¤¤¤¤¤¤¤¤ C:\Windows\Prefetch

AgAppLaunch.db
AgCx_S1_S-1-5-21-4186420219-1466379675-1655055312-1000.snp.db
AgCx_SC1.db
AgCx_SC1.db.trx
AgCx_SC2.db
AgGlFaultHistory.db
AgGlFgAppHistory.db
AgGlGlobalHistory.db
AgGlUAD_P_S-1-5-21-4186420219-1466379675-1655055312-1000.db
AgGlUAD_P_S-1-5-21-4186420219-1466379675-1655055312-1001.db
AgGlUAD_P_S-1-5-21-4186420219-1466379675-1655055312-501.db
AgGlUAD_S-1-5-21-4186420219-1466379675-1655055312-1000.db
AgGlUAD_S-1-5-21-4186420219-1466379675-1655055312-1001.db
AgGlUAD_S-1-5-21-4186420219-1466379675-1655055312-501.db
AgRobust.db
Layout.ini
NTOSBOOT-B00DFAAD.pf
PfSvPerfStats.bin
ReadyBoot



¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
0
Réponse 14 / 21
Utilisateur anonyme
 
ok refais OTL stp
0
Réponse 15 / 21
roni034 Messages postés 145 Statut Membre 8
 
voila
http://www.cijoint.fr/cjlink.php?file=cj200911/cij9hfnLXL.txt
0
Réponse 16 / 21
roni034 Messages postés 145 Statut Membre 8
 
merci pour tout ton aide je finirai demain car je vais me coucher merci encore et à demain j'espere
bonne nuit
0
Réponse 17 / 21
Utilisateur anonyme
 
tu n'as pas coché les cases sur OTL ^^
=============================
▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
* - Coche Afficher les fichiers et dossiers cachés
* - Décoche Masquer les extensions des fichiers dont le type est connu
* - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

▶ clique sur Appliquer, puis OK.

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser le(s) fichier(s) suivants sur Virustotal :

Virus Total

* Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

C:\Windows\PLFSet.dll
C:\Windows\System32\tliadjust34.dll

* Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
* Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
* Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
* Une nouvelle fenêtre de ton navigateur va apparaître
* Clique alors sur les deux fleches
* Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
* Enfin colle le résultat dans ta prochaine réponse.

Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.

ensuite :

▶ Double clic sur OTL.exe pour le lancer.


▶Copie la liste qui se trouve en gras ci-dessous,

▶ colle-la dans la zone sous Customs Scans/Fixes :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKU\S-1-5-21-4186420219-1466379675-1655055312-1000\..\Toolbar\ShellBrowser: (no name) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Tour] File not found
O4 - HKLM..\Run: [pdfSaver3] File not found
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKU\S-1-5-21-4186420219-1466379675-1655055312-1000..\Run: [AdobeBridge] File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A} https://www.bobtv.fr/download/cfweb_www.bobtv.fr-download_instmodule.exe (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Garmin Communicator Plug-In https://my.garmin.com/mygarmin/m/GarminAxControl.CAB (Reg Error: Key error.)

:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"iTunesHelper"=-
"PLFSet"=-
"QuickTime Task"=-
"TkBellExe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[-HKEY_CURRENT_USER\Software\AppDataLow\Software\pdfforge]
[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19]
[-HKEY_LOCAL_MACHINE\Software\pdfforge]

:Files
C:\Program Files\setup_bs.exe
C:\Windows\is-2588Q.exe

:commands
[emptytemp]
[start explorer]
[reboot]


▶ Clique sur RunFix pour lancer la suppression.


▶ Poste le rapport.
0
Réponse 18 / 21
roni034 Messages postés 145 Statut Membre 8
 
Bonjour
premièrement voici les deux rapportd de total virus (je l'ai fait séparement donc 2 rapports) :

Fichier tliadjust34.dll reçu le 2009.11.23 17:59:03 (UTC)Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.11.23 -
AhnLab-V3 5.0.0.2 2009.11.20 -
AntiVir 7.9.1.70 2009.11.23 -
Antiy-AVL 2.0.3.7 2009.11.23 -
Authentium 5.2.0.5 2009.11.23 -
Avast 4.8.1351.0 2009.11.23 -
AVG 8.5.0.425 2009.11.22 -
BitDefender 7.2 2009.11.23 -
CAT-QuickHeal 10.00 2009.11.23 -
ClamAV 0.94.1 2009.11.23 -
Comodo 3010 2009.11.23 -
DrWeb 5.0.0.12182 2009.11.23 -
eSafe 7.0.17.0 2009.11.23 -
eTrust-Vet 35.1.7136 2009.11.23 -
F-Prot 4.5.1.85 2009.11.23 -
F-Secure 9.0.15370.0 2009.11.20 -
Fortinet 3.120.0.0 2009.11.23 -
GData 19 2009.11.23 -
Ikarus T3.1.1.74.0 2009.11.23 -
Jiangmin 11.0.800 2009.11.23 -
K7AntiVirus 7.10.903 2009.11.23 -
Kaspersky 7.0.0.125 2009.11.23 -
McAfee 5811 2009.11.23 -
McAfee+Artemis 5810 2009.11.22 -
McAfee-GW-Edition 6.8.5 2009.11.23 -
Microsoft 1.5302 2009.11.23 -
NOD32 4630 2009.11.23 -
Norman 6.03.02 2009.11.23 -
nProtect 2009.1.8.0 2009.11.23 -
Panda 10.0.2.2 2009.11.23 -
PCTools 7.0.3.5 2009.11.23 -
Prevx 3.0 2009.11.23 -
Rising 22.23.00.09 2009.11.23 -
Sophos 4.47.0 2009.11.23 -
Sunbelt 3.2.1858.2 2009.11.22 -
Symantec 1.4.4.12 2009.11.23 -
TheHacker 6.5.0.2.076 2009.11.23 -
TrendMicro 9.0.0.1003 2009.11.23 -
VBA32 3.12.12.0 2009.11.22 -
ViRobot 2009.11.23.2049 2009.11.23 -
VirusBuster 5.0.21.0 2009.11.23 -

Information additionnelle
File size: 9916928 bytes
MD5...: 25b1c8f590b6d9d8e4caacfefe2972e2
SHA1..: 06393881677c91035d29887375cbc7fa7bb6c9e8
SHA256: 6928f913fba03f3e07095c94fdafcdf5c95ff6546ea3ad543eed17fd68991978
ssdeep: 196608:c4r9h59pwDAkgZFUmmXqYEFDqYGKdzZ+BNSYfz0:d9h59pNF4<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x8f7c1f<BR>timedatestamp.....: 0x4ac3a907 (Wed Sep 30 18:52:55 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x90cb65 0x90cc00 6.54 fe2621a9c46f5e213e044a5218bc8887<BR>.text1 0x90e000 0x840 0xa00 4.76 43676ce66a9b78b002c759c054771e4d<BR>.rdata 0x90f000 0x35c00 0x35c00 5.40 f83e65de37c77773c935cac04a0494de<BR>.data 0x945000 0x18648 0x16600 5.84 f1a445ec21468bbcf8b29b5c458a9771<BR>.data1 0x95e000 0x1468 0x1600 2.87 d89753adc4217507564532a91ba696ab<BR>.trace 0x960000 0x2688 0x2800 6.24 8497618fe759e99e060b339aeff686b3<BR>.rsrc 0x963000 0x1b4 0x200 5.11 0a60d318a9691ba97d7e7ea2ede299b4<BR>.reloc 0x964000 0x174f4 0x17600 5.82 9ec82ac0e006c0c48cbeeea4c0595a47<BR><BR>( 2 imports ) <BR>> libiomp5md.dll: -, -, -, -, -, -, -, -, -, -, -, -<BR>> KERNEL32.dll: GetStdHandle, GetProcessHeap, SetEndOfFile, LCMapStringW, LCMapStringA, GetStringTypeW, GetStringTypeA, CreateFileA, CloseHandle, ReadFile, WriteFile, SetFilePointer, FormatMessageA, GetThreadLocale, LoadLibraryA, RaiseException, RtlUnwind, GetCurrentThreadId, GetCommandLineA, HeapAlloc, GetLastError, HeapFree, GetSystemTimeAsFileTime, EnterCriticalSection, LeaveCriticalSection, GetModuleHandleW, Sleep, GetProcAddress, ExitProcess, SetConsoleCtrlHandler, HeapReAlloc, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, InterlockedDecrement, GetModuleHandleA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetModuleFileNameA, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, HeapCreate, HeapDestroy, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetConsoleCP, GetConsoleMode, VirtualAlloc, VirtualQuery, HeapSize, FlushFileBuffers, InitializeCriticalSectionAndSpinCount, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetLocaleInfoA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, MultiByteToWideChar, SetStdHandle<BR><BR>( 11 exports ) <BR>psC1U15toU8, psC1U8toU15, setDebugTrace, tlAdjustRgb, tlAdjustRgb3, tlDeJpeg, tlDenoiseEstNoise, tlPreviewAutoLevel, tlRGB2YCbCrAutoLevel, tlSetupLib, tlYUVEdgeRGB<BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.43 2009.11.23 -
AhnLab-V3 5.0.0.2 2009.11.20 -
AntiVir 7.9.1.70 2009.11.23 -
Antiy-AVL 2.0.3.7 2009.11.23 -
Authentium 5.2.0.5 2009.11.23 -
Avast 4.8.1351.0 2009.11.23 -
AVG 8.5.0.425 2009.11.22 -
BitDefender 7.2 2009.11.23 -
CAT-QuickHeal 10.00 2009.11.23 -
ClamAV 0.94.1 2009.11.23 -
Comodo 3010 2009.11.23 -
DrWeb 5.0.0.12182 2009.11.23 -
eSafe 7.0.17.0 2009.11.23 -
eTrust-Vet 35.1.7136 2009.11.23 -
F-Prot 4.5.1.85 2009.11.23 -
F-Secure 9.0.15370.0 2009.11.20 -
Fortinet 3.120.0.0 2009.11.23 -
GData 19 2009.11.23 -
Ikarus T3.1.1.74.0 2009.11.23 -
Jiangmin 11.0.800 2009.11.23 -
K7AntiVirus 7.10.903 2009.11.23 -
Kaspersky 7.0.0.125 2009.11.23 -
McAfee 5811 2009.11.23 -
McAfee+Artemis 5810 2009.11.22 -
McAfee-GW-Edition 6.8.5 2009.11.23 -
Microsoft 1.5302 2009.11.23 -
NOD32 4630 2009.11.23 -
Norman 6.03.02 2009.11.23 -
nProtect 2009.1.8.0 2009.11.23 -
Panda 10.0.2.2 2009.11.23 -
PCTools 7.0.3.5 2009.11.23 -
Prevx 3.0 2009.11.23 -
Rising 22.23.00.09 2009.11.23 -
Sophos 4.47.0 2009.11.23 -
Sunbelt 3.2.1858.2 2009.11.22 -
Symantec 1.4.4.12 2009.11.23 -
TheHacker 6.5.0.2.076 2009.11.23 -
TrendMicro 9.0.0.1003 2009.11.23 -
VBA32 3.12.12.0 2009.11.22 -
ViRobot 2009.11.23.2049 2009.11.23 -
VirusBuster 5.0.21.0 2009.11.23 -

Information additionnelle
File size: 9916928 bytes
MD5...: 25b1c8f590b6d9d8e4caacfefe2972e2
SHA1..: 06393881677c91035d29887375cbc7fa7bb6c9e8
SHA256: 6928f913fba03f3e07095c94fdafcdf5c95ff6546ea3ad543eed17fd68991978
ssdeep: 196608:c4r9h59pwDAkgZFUmmXqYEFDqYGKdzZ+BNSYfz0:d9h59pNF4<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x8f7c1f<BR>timedatestamp.....: 0x4ac3a907 (Wed Sep 30 18:52:55 2009)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 8 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x90cb65 0x90cc00 6.54 fe2621a9c46f5e213e044a5218bc8887<BR>.text1 0x90e000 0x840 0xa00 4.76 43676ce66a9b78b002c759c054771e4d<BR>.rdata 0x90f000 0x35c00 0x35c00 5.40 f83e65de37c77773c935cac04a0494de<BR>.data 0x945000 0x18648 0x16600 5.84 f1a445ec21468bbcf8b29b5c458a9771<BR>.data1 0x95e000 0x1468 0x1600 2.87 d89753adc4217507564532a91ba696ab<BR>.trace 0x960000 0x2688 0x2800 6.24 8497618fe759e99e060b339aeff686b3<BR>.rsrc 0x963000 0x1b4 0x200 5.11 0a60d318a9691ba97d7e7ea2ede299b4<BR>.reloc 0x964000 0x174f4 0x17600 5.82 9ec82ac0e006c0c48cbeeea4c0595a47<BR><BR>( 2 imports ) <BR>> libiomp5md.dll: -, -, -, -, -, -, -, -, -, -, -, -<BR>> KERNEL32.dll: GetStdHandle, GetProcessHeap, SetEndOfFile, LCMapStringW, LCMapStringA, GetStringTypeW, GetStringTypeA, CreateFileA, CloseHandle, ReadFile, WriteFile, SetFilePointer, FormatMessageA, GetThreadLocale, LoadLibraryA, RaiseException, RtlUnwind, GetCurrentThreadId, GetCommandLineA, HeapAlloc, GetLastError, HeapFree, GetSystemTimeAsFileTime, EnterCriticalSection, LeaveCriticalSection, GetModuleHandleW, Sleep, GetProcAddress, ExitProcess, SetConsoleCtrlHandler, HeapReAlloc, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, InterlockedIncrement, SetLastError, InterlockedDecrement, GetModuleHandleA, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, GetModuleFileNameA, SetHandleCount, GetFileType, GetStartupInfoA, DeleteCriticalSection, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStringsW, HeapCreate, HeapDestroy, VirtualFree, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetConsoleCP, GetConsoleMode, VirtualAlloc, VirtualQuery, HeapSize, FlushFileBuffers, InitializeCriticalSectionAndSpinCount, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, GetLocaleInfoA, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, MultiByteToWideChar, SetStdHandle<BR><BR>( 11 exports ) <BR>psC1U15toU8, psC1U8toU15, setDebugTrace, tlAdjustRgb, tlAdjustRgb3, tlDeJpeg, tlDenoiseEstNoise, tlPreviewAutoLevel, tlRGB2YCbCrAutoLevel, tlSetupLib, tlYUVEdgeRGB<BR>
RDS...: NSRL Reference Data Set<BR>-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

le deuxième :

Fichier PLFSet.dll reçu le 2009.11.16 22:40:07 (UTC)Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.11.16 -
AhnLab-V3 5.0.0.2 2009.11.16 -
AntiVir 7.9.1.65 2009.11.16 -
Antiy-AVL 2.0.3.7 2009.11.16 -
Authentium 5.2.0.5 2009.11.16 -
Avast 4.8.1351.0 2009.11.16 -
AVG 8.5.0.425 2009.11.16 -
BitDefender 7.2 2009.11.16 -
CAT-QuickHeal 10.00 2009.11.16 -
ClamAV 0.94.1 2009.11.16 -
Comodo 2960 2009.11.16 -
DrWeb 5.0.0.12182 2009.11.16 -
eSafe 7.0.17.0 2009.11.16 -
eTrust-Vet 35.1.7123 2009.11.16 -
F-Prot 4.5.1.85 2009.11.16 -
F-Secure 9.0.15370.0 2009.11.11 -
Fortinet 3.120.0.0 2009.11.16 -
GData 19 2009.11.16 -
Ikarus T3.1.1.74.0 2009.11.16 -
Jiangmin 11.0.800 2009.11.16 -
K7AntiVirus 7.10.897 2009.11.16 -
Kaspersky 7.0.0.125 2009.11.16 -
McAfee 5804 2009.11.16 -
McAfee+Artemis 5804 2009.11.16 -
McAfee-GW-Edition 6.8.5 2009.11.16 -
Microsoft 1.5202 2009.11.16 -
NOD32 4613 2009.11.16 -
Norman 6.03.02 2009.11.16 -
nProtect 2009.1.8.0 2009.11.16 -
Panda 10.0.2.2 2009.11.16 -
PCTools 7.0.3.5 2009.11.16 -
Prevx 3.0 2009.11.16 -
Rising 22.22.00.08 2009.11.16 -
Sophos 4.47.0 2009.11.16 -
Sunbelt 3.2.1858.2 2009.11.12 -
Symantec 1.4.4.12 2009.11.16 -
TheHacker 6.5.0.2.071 2009.11.16 -
TrendMicro 9.0.0.1003 2009.11.16 -
VBA32 3.12.10.11 2009.11.15 -
ViRobot 2009.11.16.2039 2009.11.16 -
VirusBuster 4.6.5.0 2009.11.16 -

Information additionnelle
File size: 45056 bytes
MD5   : c5ef9c7a3a18199cdfacea1da7286adb
SHA1  : 738e979034cd26461b7148a566fc59a22dd1a70a
SHA256: 182426aa1bfddc7f9254de003a73c277131c8b87aebb97857bb04cd39e770d00
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x2061<BR>timedatestamp.....: 0x462D79A7 (Tue Apr 24 05:29:43 2007)<BR>machinetype.......: 0x14C (Intel I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x53EA 0x6000 6.09 1799e9307a32faed501a351513fc2ca8<BR>.rdata 0x7000 0xD2D 0x1000 4.79 3d5eeea4e8b9537e6657519412445f96<BR>.data 0x8000 0x2500 0x1000 2.30 98021c4fbcd45fb9ef6c889f774a625d<BR>.rsrc 0xB000 0x3D0 0x1000 0.99 2731004299c55799c8205aa60b791845<BR>.reloc 0xC000 0xCD8 0x1000 3.36 83c3ed74f3bdc16374b77fe69b823988<BR><BR>( 0 imports )<BR><BR><BR>( 0 exports )<BR>
TrID  : File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)
ssdeep: 384:veEkLYTwA13xHTeaSbwWqTFs3L8mfO/+FCQZCRmlE/e2AYyyJ+7BluK5/+cAwoUr:vepA3eaNWqTm342O/EZJgsBlF2woUwU
PEiD  : Armadillo v1.xx - v2.xx
CWSandbox: <A href="http://research.sunbelt-software.com/..." target=_blank>http://research.sunbelt-software.com/...
RDS   : NSRL Reference Data Set<BR>-

Antivirus Version Dernière mise à jour Résultat
a-squared 4.5.0.41 2009.11.16 -
AhnLab-V3 5.0.0.2 2009.11.16 -
AntiVir 7.9.1.65 2009.11.16 -
Antiy-AVL 2.0.3.7 2009.11.16 -
Authentium 5.2.0.5 2009.11.16 -
Avast 4.8.1351.0 2009.11.16 -
AVG 8.5.0.425 2009.11.16 -
BitDefender 7.2 2009.11.16 -
CAT-QuickHeal 10.00 2009.11.16 -
ClamAV 0.94.1 2009.11.16 -
Comodo 2960 2009.11.16 -
DrWeb 5.0.0.12182 2009.11.16 -
eSafe 7.0.17.0 2009.11.16 -
eTrust-Vet 35.1.7123 2009.11.16 -
F-Prot 4.5.1.85 2009.11.16 -
F-Secure 9.0.15370.0 2009.11.11 -
Fortinet 3.120.0.0 2009.11.16 -
GData 19 2009.11.16 -
Ikarus T3.1.1.74.0 2009.11.16 -
Jiangmin 11.0.800 2009.11.16 -
K7AntiVirus 7.10.897 2009.11.16 -
Kaspersky 7.0.0.125 2009.11.16 -
McAfee 5804 2009.11.16 -
McAfee+Artemis 5804 2009.11.16 -
McAfee-GW-Edition 6.8.5 2009.11.16 -
Microsoft 1.5202 2009.11.16 -
NOD32 4613 2009.11.16 -
Norman 6.03.02 2009.11.16 -
nProtect 2009.1.8.0 2009.11.16 -
Panda 10.0.2.2 2009.11.16 -
PCTools 7.0.3.5 2009.11.16 -
Prevx 3.0 2009.11.16 -
Rising 22.22.00.08 2009.11.16 -
Sophos 4.47.0 2009.11.16 -
Sunbelt 3.2.1858.2 2009.11.12 -
Symantec 1.4.4.12 2009.11.16 -
TheHacker 6.5.0.2.071 2009.11.16 -
TrendMicro 9.0.0.1003 2009.11.16 -
VBA32 3.12.10.11 2009.11.15 -
ViRobot 2009.11.16.2039 2009.11.16 -
VirusBuster 4.6.5.0 2009.11.16 -

Information additionnelle
File size: 45056 bytes
MD5   : c5ef9c7a3a18199cdfacea1da7286adb
SHA1  : 738e979034cd26461b7148a566fc59a22dd1a70a
SHA256: 182426aa1bfddc7f9254de003a73c277131c8b87aebb97857bb04cd39e770d00
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0x2061<BR>timedatestamp.....: 0x462D79A7 (Tue Apr 24 05:29:43 2007)<BR>machinetype.......: 0x14C (Intel I386)<BR><BR>( 5 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>.text 0x1000 0x53EA 0x6000 6.09 1799e9307a32faed501a351513fc2ca8<BR>.rdata 0x7000 0xD2D 0x1000 4.79 3d5eeea4e8b9537e6657519412445f96<BR>.data 0x8000 0x2500 0x1000 2.30 98021c4fbcd45fb9ef6c889f774a625d<BR>.rsrc 0xB000 0x3D0 0x1000 0.99 2731004299c55799c8205aa60b791845<BR>.reloc 0xC000 0xCD8 0x1000 3.36 83c3ed74f3bdc16374b77fe69b823988<BR><BR>( 0 imports )<BR><BR><BR>( 0 exports )<BR>
TrID  : File type identification<BR>Win32 Executable MS Visual C++ (generic) (65.2%)<BR>Win32 Executable Generic (14.7%)<BR>Win32 Dynamic Link Library (generic) (13.1%)<BR>Generic Win/DOS Executable (3.4%)<BR>DOS Executable Generic (3.4%)
ssdeep: 384:veEkLYTwA13xHTeaSbwWqTFs3L8mfO/+FCQZCRmlE/e2AYyyJ+7BluK5/+cAwoUr:vepA3eaNWqTm342O/EZJgsBlF2woUwU
PEiD  : Armadillo v1.xx - v2.xx
CWSandbox: <A href="http://research.sunbelt-software.com/..." target=_blank>http://research.sunbelt-software.com/...
RDS   : NSRL Reference Data Set<BR>-

ET ENFIN VOICI LE DERNIER RAPPORT OTL :

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
No active process named iexplore.exe was found!
No active process named firefox.exe was found!
No active process named msnmsgr.exe was found!
No active process named Teatimer.exe was found!
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-4186420219-1466379675-1655055312-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pdfSaver3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\eRecoveryService deleted successfully.
Registry value HKEY_USERS\S-1-5-21-4186420219-1466379675-1655055312-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFB5BCF1-06AE-4ABB-BFA8-1E228F41C50A}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Garmin Communicator Plug-In
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Garmin Communicator Plug-In\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Garmin Communicator Plug-In\ not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\PLFSet deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\TkBellExe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\pdfforge\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\pdfforge\ deleted successfully.
========== FILES ==========
C:\Program Files\setup_bs.exe moved successfully.
C:\Windows\is-2588Q.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Aharon
->Temp folder emptied: 266829319 bytes
->Temporary Internet Files folder emptied: 203430887 bytes
->Java cache emptied: 52800804 bytes
->FireFox cache emptied: 4961694 bytes
->Apple Safari cache emptied: 6950601 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Invité
->Temp folder emptied: 1677201 bytes
->Temporary Internet Files folder emptied: 45854650 bytes

User: Invité 2
->Temp folder emptied: 32723153 bytes
->Temporary Internet Files folder emptied: 199406887 bytes
->Java cache emptied: 643682 bytes
->FireFox cache emptied: 2815675 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 204366 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 780,42 mb


OTL by OldTimer - Version 3.1.6.3 log created on 11232009_190514

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\_avast4_\Webshlock.txt not found!

Registry entries deleted on Reboot...
MERCI
0
Réponse 19 / 21
Utilisateur anonyme
 
comment va le pc ?
0
Réponse 20 / 21
roni034 Messages postés 145 Statut Membre 8
 
pour le moment y a du mieux , j'en saurais un peu plus avec le temps , en travaillant dessus je te tiendrai au courant
merci mille fois

à bientot
0