Your computer is infected, spyware

marie -  
 gen-hackman -
Bonjour,
J'ai un gros problème avec mon PC, je ne peux plus toucher à mes paramètres de bureau pour mon fond d'écran, à la place j'ai un fond d'écran tout vert avec un grand cadre noir qui affiche: your system is infected,system has been stopped due to a serious malfunction, Spyware activity has been detected.
Je reçois plein de messages d'alertes de windows me disant que je me fais attaquer par d'autres PC, etx...
je ne sais pas quoi faire, je ne suis pas une spécialiste en informatique loin de là! j'ai télécharger un autre antivirus, j'avais avast que j'ai gardé, mais maintenant j'ai aussi Avira Antivirus; j'ai aussi téléchargé Hijack This, en voici le résumé:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:29:51, on 13/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Elantech\ETDDect.exe
C:\Program Files\EeePC\ACPI\AsTray.exe
C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
C:\Program Files\EeePC\ACPI\AsEPCMon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\InternetSecurity2010\IS2010.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Avira\AntiVir Desktop\avwsc.exe

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [ETDWareDetect] C:\Program Files\Elantech\ETDDect.exe
O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [smss32.exe] C:\WINDOWS\system32\smss32.exe
O4 - HKLM\..\Run: [Tlohonulohufaj] rundll32.exe "C:\WINDOWS\alujaxak.dll",Startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: SuperHybridEngine.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Envoyer à Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 8014 bytes

Voilà je ne sais plus quoi faire maintenant, aidez moi SVP!
Merci beaucoup d'avance!
Configuration: Windows XP
Firefox 3.0.15

29 réponses

  • 1
  • 2
  1. gen-hackman
     
    salut :

    desinstalle Avast

    ensuite :

    Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection)

    ▶ Télécharge et installe List&Kill'em et enregistre le sur ton bureau

    ▶ Branche clés usb , disques durs externes , mp3 , mp4 , etc..

    double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

    coche la case "creer une icone sur le bureau"

    une fois terminée , clic sur "terminer" et le programme se lancera seul

    choisis la langue puis choisis l'option 1 = Mode Recherche

    ▶ laisse travailler l'outil

    à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

    un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini.

    ▶ Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

    tu peux supprimer le rapport catchme.log de ton bureau maintenant.

    0
  2. marie
     
    Tout d'abord merci beaucoup pour ton aide! J'ai supprimé avast et téléchargé List & Kill'Them, voila le rapport ci-dessous:
    List'em by g3n-h@ckm@n 1.1.8.2

    Thx to El Desaparecido.....& CCM team

    User : Marie LEPORT (Administrateurs) # MARIE_LEPORT
    Update on 14/01/2010 by g3n-h@ckm@n ::::: 02:50
    Start at: 10:19:30 | 14/01/2010
    Contact : g3n-h@ckm@n sur CCM

    Intel(R) Atom(TM) CPU N270 @ 1.60GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 6.0.2900.5512
    Windows Firewall Status : Enabled
    AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | Updated ]

    C:\ -> Disque fixe local | 80,02 Go (22,82 Go free) | NTFS
    D:\ -> Disque fixe local | 69 Go (68,77 Go free) | NTFS
    E:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\Elantech\ETDDect.exe
    C:\Program Files\EeePC\ACPI\AsTray.exe
    C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\InternetSecurity2010\IS2010.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\List_Kill'em\List_Kill'em.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\Marie LEPORT\Local Settings\Temp\15.tmp\pv.exe

    ======================
    Keys "Run"
    ======================
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
    msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
    DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    Internet Security 2010 REG_SZ C:\Program Files\InternetSecurity2010\IS2010.exe

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
    Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
    ETDWare REG_SZ C:\Program Files\Elantech\ETDCtrl.exe
    ETDWareDetect REG_SZ C:\Program Files\Elantech\ETDDect.exe
    AsusTray REG_SZ C:\Program Files\EeePC\ACPI\AsTray.exe
    AsusACPIServer REG_SZ C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    AsusEPCMonitor REG_SZ C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    SearchSettings REG_SZ C:\Program Files\pdfforge Toolbar\SearchSettings.exe
    RTHDCPL REG_SZ RTHDCPL.EXE
    Alcmtr REG_SZ ALCMTR.EXE
    QuickTime Task REG_SZ "C:\Program Files\QuickTime\qttask.exe" -atboottime
    iTunesHelper REG_SZ "C:\Program Files\iTunes\iTunesHelper.exe"
    SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    smss32.exe REG_SZ C:\WINDOWS\system32\smss32.exe
    Tlohonulohufaj REG_SZ rundll32.exe "C:\WINDOWS\alujaxak.dll",Startup
    avgnt REG_SZ "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

    =====================
    Other Keys
    =====================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
    dontdisplaylastusername REG_DWORD 0 (0x0)
    legalnoticecaption REG_SZ
    legalnoticetext REG_SZ
    shutdownwithoutlogon REG_DWORD 1 (0x1)
    undockwithoutlogon REG_DWORD 1 (0x1)

    ===============
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    NoDriveTypeAutoRun REG_DWORD 145 (0x91)
    NoSetActiveDesktop REG_DWORD 1 (0x1)
    NoActiveDesktopChanges REG_DWORD 1 (0x1)

    ===============
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
    HonorAutoRunSetting REG_DWORD 1 (0x1)
    NoSetActiveDesktop REG_DWORD 1 (0x1)
    NoActiveDesktopChanges REG_DWORD 1 (0x1)

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    AppInit_DLLS REG_SZ

    ===============
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\igfxcui]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon]

    ===============
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    {AEB6717E-7E19-11d0-97EE-00C04FD91972} REG_SZ

    ===============
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE REG_SZ C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
    C:\Program Files\Messenger\msmsgs.exe REG_SZ C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
    C:\Program Files\uTorrent\uTorrent.exe REG_SZ C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
    C:\Program Files\Bonjour\mDNSResponder.exe REG_SZ C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
    C:\Program Files\eMule\emule.exe REG_SZ C:\Program Files\eMule\emule.exe:*:Enabled:eMule
    C:\Program Files\iTunes\iTunes.exe REG_SZ C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare
    C:\Program Files\Skype\Phone\Skype.exe REG_SZ C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    %windir%\Network Diagnostic\xpnetdiag.exe REG_SZ %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
    %windir%\system32\sessmgr.exe REG_SZ %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe REG_SZ C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
    C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe REG_SZ C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live FolderShare

    ===============
    ActivX controls
    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8100D56A-5661-482C-BEE8-AFECE305D968}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{8AD9C840-044E-11D1-B3E9-00805F499D93}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}

    ===============
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{26923b43-4d38-484f-9b9e-de460746276c}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10072CEC-8CC1-11D1-986E-00A0C955B42F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2179C5D3-EBFF-11CF-B6FD-00AA00B4E220}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{283807B5-2C60-11D0-A31D-00AA00B92C03}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{36f8ec70-c29a-11d1-b5c7-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3af36230-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{3bf42070-b3b1-11d1-b5c5-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{411EDCF7-755D-414E-A74B-3DCD6583F589}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4278c270-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA848-CC51-11CF-AAFA-00AA00B6015C}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA855-CC51-11CF-AAFA-00AA00B6015F}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{45ea75a0-a269-11d1-b5bf-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f216970-c90c-11d1-b5c7-0000f8051515}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{4f645220-306d-11d2-995d-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5056b317-8d4c-43ee-8543-b9d1e234b8f4}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5945c046-1e7d-11d1-bc44-00c04fd912be}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5A8D6EE0-3E18-11D0-821E-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{5fd399c0-a70a-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{630b1da0-b465-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6fab99d0-bab8-11d1-994a-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{73fa19d0-2d75-11d2-995d-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4340}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89820200-ECBD-11cf-8B85-00AA005B4383}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9381D8F2-0288-11D0-9501-00AA00B911A5}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{ACC563BC-4266-43f0-B6ED-9D38C4202C7E}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C9E9A340-D1F1-11D0-821E-444553540600}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CC2A9BA0-3BDD-11D0-821E-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{CDD7975E-60F8-41d5-8149-19E51D6F71D0}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D27CDB6E-AE6D-11cf-96B8-444553540000}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{de5aed00-a4bf-11d1-9948-00c04f98bbc9}
    HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E92B03AB-B707-11d2-9CBD-0000F87A369E}

    ==============
    BHO :
    ======
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]

    ================
    Internet Explorer :
    ================
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    Start Page REG_SZ https://www.msn.com/fr-fr/

    ========
    Services
    ========
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

    Ndisuio : 0x3
    EapHost : 0x3
    SharedAccess : 0x2
    wuauserv : 0x2

    =========

    =======
    Drive :
    =======

    D‚fragmenteur de disque Windows
    Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

    Rapport d'analyse
    80,02 Go total, 22,84 Go libre (28%), 14% fragment‚ (fragmentation du fichier 29%)

    Vous devriez d‚fragmenter ce volume.

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    C:\Program Files\AskBarDis
    C:\Program Files\DAEMON Tools Toolbar
    C:\Program Files\InternetSecurity2010
    C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}
    C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
    C:\Program Files\pdfforge Toolbar\SearchSettings.dll
    C:\WINDOWS\System32\SET3B.tmp
    C:\WINDOWS\System32\SET3F.tmp
    C:\WINDOWS\System32\SET40.tmp
    C:\WINDOWS\System32\SET47.tmp
    C:\Documents and Settings\Marie LEPORT\Application Data\Search Settings
    C:\Documents and Settings\Marie LEPORT\LOCAL Settings\Temp\ose00000.exe

    ¤¤¤¤¤¤¤¤¤¤ Keys :

    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"
    HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoActiveDesktopChanges"
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoSetActiveDesktop"
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoSetActiveDesktop"
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
    "HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings"
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"
    "HKLM\Software\Search Settings"
    HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
    HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKCU\Software\AppDataLow\AskBarDis
    HKLM\Software\Classes\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    HKLM\Software\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
    HKLM\Software\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
    HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
    HKLM\Software\pdfforge

    ================
    Other infections
    ================

    catchme 0.3.1398.3 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-14 10:23:21
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:2df9c43f
    "s2"=dword:110480d0
    "h0"=dword:00000002

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000001
    "hdf12"=hex:80,40,23,11,87,c3,25,9f,e8,2b,dc,79,3d,d6,ae,38,90,b3,01,39,e4,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
    "a0"=hex:20,01,00,00,a1,da,f8,1e,48,2b,ff,05,49,38,74,9a,bf,0b,48,1a,27,..
    "hdf12"=hex:55,65,8c,f1,6d,61,54,cd,30,62,37,41,5c,3f,bf,df,40,2d,56,bb,ff,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
    "hdf12"=hex:8c,76,66,76,a9,69,d0,47,fe,a0,1b,b7,dd,6f,36,19,a1,4b,2c,c5,10,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:ce,6c,4b,95,28,13,13,aa,ff,de,9d,61,ea,9a,6c,4c,0f,3b,b2,a1,bd,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC]
    "p0"="C:\Program Files\DAEMON Tools Lite\"
    "h0"=dword:00000001
    "hdf12"=hex:80,40,23,11,87,c3,25,9f,e8,2b,dc,79,3d,d6,ae,38,90,b3,01,39,e4,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001]
    "a0"=hex:20,01,00,00,a1,da,f8,1e,48,2b,ff,05,49,38,74,9a,bf,0b,48,1a,27,..
    "hdf12"=hex:55,65,8c,f1,6d,61,54,cd,30,62,37,41,5c,3f,bf,df,40,2d,56,bb,ff,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0]
    "hdf12"=hex:8c,76,66,76,a9,69,d0,47,fe,a0,1b,b7,dd,6f,36,19,a1,4b,2c,c5,10,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:ce,6c,4b,95,28,13,13,aa,ff,de,9d,61,ea,9a,6c,4c,0f,3b,b2,a1,bd,..

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    kernel: MBR read successfully
    user & kernel MBR OK

    ==========
    Programs
    ==========

    Adobe
    Alwil Software
    Apple Software Update
    AskBarDis
    Asus
    Avira
    Bonjour
    ComPlus Applications
    DAEMON Tools Lite
    DAEMON Tools Toolbar
    EeePC
    Elantech
    eMule
    Fichiers communs
    InstallShield Installation Information
    Intel
    Internet Explorer
    InternetSecurity2010
    iPod
    iTunes
    Java
    List_Kill'em
    Messenger
    Microsoft
    microsoft frontpage
    Microsoft Office
    Microsoft Visual Studio
    Microsoft Works
    Microsoft.NET
    Movie Maker
    Mozilla Firefox
    MSBuild
    MSN Gaming Zone
    NetMeeting
    NOS
    Orange
    Outlook Express
    PDFCreator
    pdfforge Toolbar
    QuickTime
    RALINK
    Realtek
    Services en ligne
    Skype
    Sun
    Trend Micro
    U1 Setup.exe
    Uninstall Information
    uTorrent
    VideoLAN
    VLC
    WIDCOMM
    Windows Live
    Windows Live SkyDrive
    Windows Live Toolbar
    Windows Media Connect 2
    Windows Media Player
    Windows NT
    WindowsUpdate
    xerox

    ============
    Lecteur C:
    ============

    adabas
    AsusUpdate.log
    AUTOEXEC.BAT
    boot.ini
    Bootfont.bin
    CONFIG.SYS
    Documents and Settings
    Intel
    IO.SYS
    Kill'em
    List'em.txt
    MSDOS.SYS
    MSOCache
    NTDETECT.COM
    ntldr
    pagefile.sys
    Program Files
    RECYCLER
    RHDSetup.log
    sqmdata00.sqm
    sqmnoopt00.sqm
    System Volume Information
    WINDOWS

    ¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    Et maintenant que dois-je faire????
    Merci vraiment de ton aide!
    0
  3. gen-hackman
     
    ▶ Relance List&Kill'em(soit en clic droit pour vista),avec le raccourci sur ton bureau.
    mais cette fois-ci :

    ▶ choisis l'option 2 = Mode Suppression

    laisse travailler l'outil.

    en fin de scan un rapport s'ouvre

    ▶ colle le contenu dans ta reponse
    0
  4. marie
     
    Ok boss! alors voilà le contenu:
    Kill'em by g3n-h@ckm@n 1.1.8.2

    User : Marie LEPORT (Administrateurs) # MARIE_LEPORT
    Update on 14/01/2010 by g3n-h@ckm@n ::::: 02:50
    Start at: 14:02:39 | 14/01/2010
    Contact : g3n-h@ckm@n sur CCM

    Intel(R) Atom(TM) CPU N270 @ 1.60GHz
    Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
    Internet Explorer 6.0.2900.5512
    Windows Firewall Status : Enabled
    AV : AntiVir Desktop 9.0.1.32 [ Enabled | Updated ]

    C:\ -> Disque fixe local | 80,02 Go (22,94 Go free) | NTFS
    D:\ -> Disque fixe local | 69 Go (68,77 Go free) | NTFS
    E:\ -> Disque CD-ROM

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\Elantech\ETDDect.exe
    C:\Program Files\EeePC\ACPI\AsTray.exe
    C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\InternetSecurity2010\IS2010.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\List_Kill'em\List_Kill'em.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\Marie LEPORT\Local Settings\Temp\B.tmp\pv.exe

    Detections :
    ==========

    ¤¤¤¤¤¤¤¤¤¤ Files/folders :

    "C:\Program Files\AskBarDis"
    "C:\Program Files\DAEMON Tools Toolbar"
    "C:\Program Files\InternetSecurity2010"
    "C:\Program Files\Mozilla Firefox\extensions\{B922D405-6D13-4A2B-AE89-08A030DA4402}"
    "C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com"
    "C:\Program Files\pdfforge Toolbar\SearchSettings.dll"
    C:\WINDOWS\System32\SET3B.tmp
    C:\WINDOWS\System32\SET3F.tmp
    C:\WINDOWS\System32\SET40.tmp
    C:\WINDOWS\System32\SET47.tmp
    "C:\Documents and Settings\Marie LEPORT\Application Data\Search Settings"
    C:\Documents and Settings\Marie LEPORT\LOCAL Settings\Temp\ose00000.exe

    ¤¤¤¤¤¤¤¤¤¤ Files/folders deleted :

    Quarantine :

    AskBarDis.Kill'em
    DAEMON Tools Toolbar.Kill'em
    ose00000.exe.Kill'em
    Search Settings.Kill'em
    search@searchsettings.com.Kill'em
    SearchSettings.dll.Kill'em
    SET3B.tmp.Kill'em
    SET3F.tmp.Kill'em
    SET40.tmp.Kill'em
    SET47.tmp.Kill'em
    {B922D405-6D13-4A2B-AE89-08A030DA4402}.Kill'em

    ==============
    host file OK !
    ==============

    ========
    Registry
    ========
    Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges
    Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop
    Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop
    Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr
    Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
    Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe
    Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe
    Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Deleted : HKLM\Software\Search Settings
    Deleted : HKCR\CLSID\{0702a2b6-13aa-4090-9e01-bcdc85dd933f}
    Deleted : HKCR\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
    Deleted : HKCR\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179}
    Deleted : HKCR\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
    Deleted : HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    Deleted : HKCU\Software\AppDataLow\AskBarDis
    Deleted : HKLM\Software\Classes\CLSID\{622fd888-4e91-4d68-84d4-7262fd0811bf}
    Deleted : HKLM\Software\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6
    Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19
    Deleted : HKLM\Software\pdfforge

    ============
    Disk Cleaned
    ============

    ================
    Prefetch cleaned
    ================

    ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

    et maintenant?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. gen-hackman
     
    desinstalle List_Kill'em puis :

    ▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :

    ▶ Déconnecte toi et ferme toutes applications en cours !

    ▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

    ▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

    ▶ Au menu principal choisis l'option "L" et tape sur [entrée] .

    ▶ Laisse travailler l'outil et ne touche à rien ...

    ▶ Poste le rapport qui apparait à la fin , sur le forum ...

    ( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    ▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
  7. marie
     
    .
    ======= RAPPORT D'AD-REMOVER 1.1.4.6_H | UNIQUEMENT XP/VISTA/7 =======
    .
    Mis à jour par C_XX le 14.01.2010 à 18:48
    Contact: AdRemover.contact@gmail.com
    Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
    .
    Lancé à: 17:18:21, 14/01/2010 | Mode Normal | Option: CLEAN
    Exécuté de: C:\Ad-Remover\
    Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
    Nom du PC: MARIE_LEPORT | Utilisateur actuel: Marie LEPORT

    .
    ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
    .
    Service: ASKUpgrade - ... [b]ERREUR SUPPRESSION !![/b]

    C:\DOCUME~1\MARIEL~1\APPLIC~1\Mozilla\FireFox\Profiles\60k11mrp.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    C:\Program Files\pdfforge Toolbar
    C:\DOCUME~1\MARIEL~1\APPLIC~1\pdfforge
    C:\Windows\Installer\f3891.msi

    (!) -- Fichiers temporaires supprimés.

    .
    HKCU\software\AskBarDis
    HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
    HKCU\software\pdfforge
    HKCU\software\Search Settings
    HKLM\software\appdatalow\AskBarDis
    HKLM\software\AskBarDis
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings
    .
    ============== Scan additionnel ==============
    .
    .
    * Mozilla FireFox Version 3.0.17 [fr] *
    .
    Nom du profil: 60k11mrp.default (Marie LEPORT)
    .
    (MARIEL~1, prefs.js) Browser.download.lastDir, C:\Documents and Settings\Marie LEPORT\Mes documents\Dossiers Professionnels
    (MARIEL~1, prefs.js) Browser.search.selectedEngine, Yahoo
    (MARIEL~1, prefs.js) Browser.startup.homepage, www.google.fr
    (MARIEL~1, prefs.js) Extensions.enabledItems, {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1,6,2,44,{E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{01D32D7B-B85C-4CD5-AAAA-FF8C77E837E5}:1.9.1,{635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.17
    (MARIEL~1, prefs.js) Keyword.URL, hxxp://fr.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
    .
    .
    .
    * Internet Explorer Version 6.0.2900.5512 *
    .
    [HKEY_CURRENT_USER\..\Internet Explorer\Main]
    .
    Do404Search: 01000000
    Local Page: C:\WINDOWS\system32\blank.htm
    Show_ToolBar: yes
    Start Page: hxxp://fr.msn.com/
    Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
    .
    Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    Delete_Temp_Files_On_Exit: yes
    Local Page: %SystemRoot%\system32\blank.htm
    Start Page: hxxp://fr.msn.com/
    Search bar: hxxp://search.msn.com/spbasic.htm
    .
    [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
    .
    Tabs: res://ieframe.dll/tabswelcome.htm
    .
    ============== Suspect (Cracks, Serials, ...) ==============
    .
    C:\Documents and Settings\Marie LEPORT\Application Data\uTorrent\The Sims 3 v1.27 patch crack + store items [Hirya].torrent
    .
    ===================================
    .
    3248 Octet(s) - C:\Ad-Report-CLEAN[1].log
    .
    66 Fichier(s) - C:\DOCUME~1\MARIEL~1\LOCALS~1\Temp
    30 Fichier(s) - C:\WINDOWS\Temp
    7 Fichier(s) - C:\WINDOWS\Prefetch
    .
    19 Fichier(s) - C:\Ad-Remover\BACKUP
    36 Fichier(s) - C:\Ad-Remover\QUARANTINE
    .
    Fin à: 17:22:15 | 14/01/2010 - CLEAN[1]
    .
    ============== E.O.F ==============
    .
    voilà j'ai fait le nettoyage, et maintenant?
    merci encore pour tout d'avance!
    0
  8. gen-hackman
     
    bonjour

    desinstalle ad-remover

    Télécharge OTL de OLDTimer

    enregistre le sur ton Bureau.

    ▶ Double clic ( pour vista / 7 => clic droit "executer en tant qu'administrateur") sur OTL.exe pour le lancer.

    ▶ Coche les 2 cases Lop et Purity

    ▶ Coche la case devant scan all users

    ▶ règle-le sur "60 Days"

    ▶ dans la colonne de gauche , mets tout sur all

    ne modifie pas ceci :

    "files created whithin" et "files modified whithin"


    ▶Clic sur Run Scan.

    A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

    Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

    ▶▶▶ NE LE POSTE PAS SUR LE FORUM

    Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

    ▶ Clique sur Parcourir et cherche le fichier ci-dessus.

    ▶ Clique sur Ouvrir.

    ▶ Clique sur "Cliquez ici pour déposer le fichier".

    Un lien de cette forme :

    http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

    est ajouté dans la page.

    ▶ Copie ce lien dans ta réponse.

    ▶▶ Tu feras la meme chose avec le "Extra.txt".
    0
  9. marie
     
    Bonjour!
    J'ai suivi à la lettre tes recommandations, alors voilà les liens:

    http://www.cijoint.fr/cjlink.php?file=cj201001/cijN3oznQy.txt

    http://www.cijoint.fr/cjlink.php?file=cj201001/cij0YHaaD6.txt

    et maintenant?
    Merci encore pour toute ton aide d'avance!
    0
  10. gen-hackman
     
    ▶ Double clic sur OTL.exe pour le lancer.

    ▶Copie la liste qui se trouve en gras ci-dessous,

    ▶ colle-la dans la zone sous Customs Scans/Fixes :


    :processes
    explorer.exe
    iexplore.exe
    firefox.exe
    msnmsgr.exe
    Teatimer.exe
    IS2010.exe

    :OTL
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11
    O4 - HKLM..\Run: [smss32.exe] C:\WINDOWS\System32\smss32.exe File not found
    O4 - HKU\S-1-5-21-3858180786-1096807416-71719086-1006..\Run: [Internet Security 2010] C:\Program Files\InternetSecurity2010\IS2010.exe (Internet Security)
    O7 - HKU\S-1-5-21-3858180786-1096807416-71719086-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
    O33 - MountPoints2\{190a9445-ed0a-11dd-8bcb-0015afdae197}\Shell - "" = AutoRun
    O33 - MountPoints2\{190a9445-ed0a-11dd-8bcb-0015afdae197}\Shell\AutoRun\command - "" = E:\Memorybar.exe -- File not found

    :reg
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"=-
    "Alcmtr"=-
    "iTunesHelper"=-
    "QuickTime Task"=-
    "RTHDCPL"=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Ask Toolbar_is1"=-

    :files
    C:\WINDOWS\Fqohewotehokof.dat
    C:\WINDOWS\Onocejoguxabok.bin
    C:\Program Files\InternetSecurity2010
    C:\WINDOWS\System32\warning.html
    C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}

    :commands
    [emptytemp]
    [start explorer]
    [reboot]


    ▶ Clique sur RunFix pour lancer la suppression.

    ▶ Poste le rapport.

    ensuite :

    ▶ Clique sur le menu Demarrer /Panneau de configuration/Options des dossiers/ puis dans l'onglet Affichage
    * - Coche Afficher les fichiers et dossiers cachés
    * - Décoche Masquer les extensions des fichiers dont le type est connu
    * - Décoche Masquer les fichiers protégés du système d'exploitation (recommandé)

    ▶ clique sur Appliquer, puis OK.

    N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

    Fais analyser le(s) fichier(s) suivants sur Virustotal :

    Virus Total

    * Clique sur Parcourir en haut, choisis Poste de travail et cherche ces fichiers :

    C:\WINDOWS\alujaxak.dll
    C:\WINDOWS\System32\igfxCoIn_v4906.dll
    C:\WINDOWS\AsAcpiSvrLang.ini
    C:\WINDOWS\AsTrayLang.ini
    C:\WINDOWS\System32\BTNeighborhood.dll.manifest
    C:\WINDOWS\System32\btcss.dll.manifest
    C:\WINDOWS\System32\lcppn21.dll


    * Clique maintenant sur Envoyer le fichier. et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
    * Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
    * Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
    * Une nouvelle fenêtre de ton navigateur va apparaître
    * Clique alors sur les deux fleches
    * Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
    * Enfin colle le résultat dans ta prochaine réponse.

    Note : Pour analyser un autre fichier, clique en bas sur Autre fichier.
    0
  11. marie
     
    Voilà tout d'abord le premier rapport de OTL:

    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    No active process named iexplore.exe was found!
    Process firefox.exe killed successfully!
    Process msnmsgr.exe killed successfully!
    No active process named Teatimer.exe was found!
    No active process named IS2010.exe was found!
    ========== OTL ==========
    Prefs.js: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11 removed from extensions.enabledItems
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\smss32.exe deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-3858180786-1096807416-71719086-1006\Software\Microsoft\Windows\CurrentVersion\Run\\Internet Security 2010 deleted successfully.
    C:\Program Files\InternetSecurity2010\IS2010.exe moved successfully.
    Registry value HKEY_USERS\S-1-5-21-3858180786-1096807416-71719086-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
    Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
    Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{190a9445-ed0a-11dd-8bcb-0015afdae197}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{190a9445-ed0a-11dd-8bcb-0015afdae197}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{190a9445-ed0a-11dd-8bcb-0015afdae197}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{190a9445-ed0a-11dd-8bcb-0015afdae197}\ not found.
    File E:\Memorybar.exe not found.
    ========== REGISTRY ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Alcmtr deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\iTunesHelper deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RTHDCPL deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\\Ask Toolbar_is1 not found.
    ========== FILES ==========
    C:\WINDOWS\Fqohewotehokof.dat moved successfully.
    C:\WINDOWS\Onocejoguxabok.bin moved successfully.
    C:\Program Files\InternetSecurity2010 folder moved successfully.
    C:\WINDOWS\System32\warning.html moved successfully.
    C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86\x86 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}\x86 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: LocalService
    ->Temp folder emptied: 65716 bytes
    ->Temporary Internet Files folder emptied: 32902 bytes

    User: Marie LEPORT
    ->Temp folder emptied: 8001887 bytes
    ->Temporary Internet Files folder emptied: 412547 bytes
    ->Java cache emptied: 51482276 bytes
    ->FireFox cache emptied: 106003307 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 104386971 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 3072 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 3402909 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
    RecycleBin emptied: 1215690 bytes

    Total Files Cleaned = 262,00 mb

    OTL by OldTimer - Version 3.1.24.1 log created on 01152010_115217

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
    0
  12. gen-hackman
     
    refais OTL et runfix , mais avec juste ceci à copier :

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1]
    0
  13. marie
     
    Fichier alujaxak.dll reçu le 2010.01.15 17:03:29 (UTC)
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.50 2010.01.15 -
    AhnLab-V3 5.0.0.2 2010.01.15 -
    AntiVir 7.9.1.142 2010.01.15 -
    Antiy-AVL 2.0.3.7 2010.01.12 -
    Authentium 5.2.0.5 2010.01.15 -
    Avast 4.8.1351.0 2010.01.15 -
    AVG 9.0.0.730 2010.01.15 -
    BitDefender 7.2 2010.01.15 Gen:Trojan.Heur.kq8@yWHDdwii
    CAT-QuickHeal 10.00 2010.01.15 -
    ClamAV 0.94.1 2010.01.15 -
    Comodo 3594 2010.01.15 -
    DrWeb 5.0.1.12222 2010.01.15 -
    eSafe 7.0.17.0 2010.01.14 -
    eTrust-Vet 35.2.7239 2010.01.15 -
    F-Prot 4.5.1.85 2010.01.15 -
    F-Secure 9.0.15370.0 2010.01.15 Trojan:W32/Hiloti.gen!C
    Fortinet 4.0.14.0 2010.01.15 -
    GData 19 2010.01.15 Gen:Trojan.Heur.kq8@yWHDdwii
    Ikarus T3.1.1.80.0 2010.01.15 -
    Jiangmin 13.0.900 2010.01.15 -
    K7AntiVirus 7.10.948 2010.01.15 -
    Kaspersky 7.0.0.125 2010.01.15 -
    McAfee 5861 2010.01.14 -
    McAfee+Artemis 5861 2010.01.14 -
    McAfee-GW-Edition 6.8.5 2010.01.15 -
    Microsoft 1.5302 2010.01.15 Trojan:Win32/Hiloti.gen!D
    NOD32 4775 2010.01.15 -
    Norman 6.04.03 2010.01.14 -
    nProtect 2009.1.8.0 2010.01.15 -
    Panda 10.0.2.2 2010.01.15 -
    PCTools 7.0.3.5 2010.01.15 -
    Prevx 3.0 2010.01.15 -
    Rising 22.30.04.04 2010.01.15 -
    Sophos 4.49.0 2010.01.15 Mal/Hiloti-A
    Sunbelt 3.2.1858.2 2010.01.15 -
    Symantec 20091.2.0.41 2010.01.15 -
    TheHacker 6.5.0.4.151 2010.01.15 -
    TrendMicro 9.120.0.1004 2010.01.15 -
    VBA32 3.12.12.1 2010.01.15 BScope.Trojan.Hiloti
    ViRobot 2010.1.15.2138 2010.01.15 -
    VirusBuster 5.0.21.0 2010.01.15 -
    Information additionnelle
    File size: 172544 bytes
    MD5...: 7c4b66668305249e3fb0969c39126b1b
    SHA1..: 47cc1d512f7307c6a80b7215613da327408030f2
    SHA256: 2a7114bcf8da2387eb1d0440715ab3ad44c701c3eb08fdb71e2983fffe4d5ce7
    ssdeep: 3072:CFDCCJ6jq3ndWCS473CA1/verdNyqXJiBFH+lBS+S+:KCqu7nEvK3yq5iBF<br>H+lB<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x449c<br>timedatestamp.....: 0x4a2bcd8c (Sun Jun 07 14:24:12 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x2e000 0x16000 7.96 e5f959fad885ff3f62ae9d7cf2e88c51<br>.data 0x2f000 0x14000 0x13600 4.65 6e03f59b9b7c9afb54dfed3b72c40102<br>.rsrc 0x43000 0x1000 0x600 2.87 aef05787db2cac886b7b1699bee6c681<br>.reloc 0x44000 0x1000 0x200 1.72 5018b8e296fb7da2fd2e43a34423df02<br><br>( 4 imports ) <br>> KERNEL32.dll: CloseHandle, ExitProcess, FileTimeToSystemTime, FindFirstFileA, FindResourceA, GetACP, GetCommandLineA, GetModuleHandleA, GetNumberFormatA, GetOEMCP, GetStartupInfoA, HeapAlloc, HeapCreate, HeapFree, HeapReAlloc, MapViewOfFile, MultiByteToWideChar, OpenProcess, ReadProcessMemory, RtlUnwind, SetEndOfFile, SetFilePointer, SetHandleCount, SetLastError, SetUnhandledExceptionFilter, TerminateThread, TlsGetValue, UnmapViewOfFile, VirtualAlloc, VirtualFree, WideCharToMultiByte, lstrlenW<br>> msvcrt.dll: __p__commode, __set_app_type, exit, fwprintf, printf, __getmainargs<br>> user32.dll: SetUserObjectSecurity, RegisterClassExA, IntersectRect, GetWindowTextA, GetClientRect, OpenClipboard, TranslateMessage<br>> ole32.dll: CreateBindCtx, CoTaskMemRealloc, CoFileTimeNow, CoCreateInstance, CLSIDFromString<br><br>( 11 exports ) <br>ActivatorUpdateForIsRouterChanges, D3DRealloc, GetUpdateCount, NxGetCookingInterface, NxPlatformMismatch, OpenComponentLibraryEx, SetSetupOpen, TextOutWCP_ME, UpdateFromAppChange, UpdateFromComponentChange, W32N_IsWindows2000<br>
    RDS...: NSRL Reference Data Set<br>-
    sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) 1988-2000 Microsoft Corp. All rights reserved.<br>product......: Microsoft Soap SDK<br>description..: Microsoft Soap SDK<br>original name: MSSOAP1.DLL<br>internal name: MSSOAP1<br>file version.: 1.02.814.0<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    pdfid.: -
    trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.50 2010.01.15 -
    AhnLab-V3 5.0.0.2 2010.01.15 -
    AntiVir 7.9.1.142 2010.01.15 -
    Antiy-AVL 2.0.3.7 2010.01.12 -
    Authentium 5.2.0.5 2010.01.15 -
    Avast 4.8.1351.0 2010.01.15 -
    AVG 9.0.0.730 2010.01.15 -
    BitDefender 7.2 2010.01.15 Gen:Trojan.Heur.kq8@yWHDdwii
    CAT-QuickHeal 10.00 2010.01.15 -
    ClamAV 0.94.1 2010.01.15 -
    Comodo 3594 2010.01.15 -
    DrWeb 5.0.1.12222 2010.01.15 -
    eSafe 7.0.17.0 2010.01.14 -
    eTrust-Vet 35.2.7239 2010.01.15 -
    F-Prot 4.5.1.85 2010.01.15 -
    F-Secure 9.0.15370.0 2010.01.15 Trojan:W32/Hiloti.gen!C
    Fortinet 4.0.14.0 2010.01.15 -
    GData 19 2010.01.15 Gen:Trojan.Heur.kq8@yWHDdwii
    Ikarus T3.1.1.80.0 2010.01.15 -
    Jiangmin 13.0.900 2010.01.15 -
    K7AntiVirus 7.10.948 2010.01.15 -
    Kaspersky 7.0.0.125 2010.01.15 -
    McAfee 5861 2010.01.14 -
    McAfee+Artemis 5861 2010.01.14 -
    McAfee-GW-Edition 6.8.5 2010.01.15 -
    Microsoft 1.5302 2010.01.15 Trojan:Win32/Hiloti.gen!D
    NOD32 4775 2010.01.15 -
    Norman 6.04.03 2010.01.14 -
    nProtect 2009.1.8.0 2010.01.15 -
    Panda 10.0.2.2 2010.01.15 -
    PCTools 7.0.3.5 2010.01.15 -
    Prevx 3.0 2010.01.15 -
    Rising 22.30.04.04 2010.01.15 -
    Sophos 4.49.0 2010.01.15 Mal/Hiloti-A
    Sunbelt 3.2.1858.2 2010.01.15 -
    Symantec 20091.2.0.41 2010.01.15 -
    TheHacker 6.5.0.4.151 2010.01.15 -
    TrendMicro 9.120.0.1004 2010.01.15 -
    VBA32 3.12.12.1 2010.01.15 BScope.Trojan.Hiloti
    ViRobot 2010.1.15.2138 2010.01.15 -
    VirusBuster 5.0.21.0 2010.01.15 -

    Information additionnelle
    File size: 172544 bytes
    MD5...: 7c4b66668305249e3fb0969c39126b1b
    SHA1..: 47cc1d512f7307c6a80b7215613da327408030f2
    SHA256: 2a7114bcf8da2387eb1d0440715ab3ad44c701c3eb08fdb71e2983fffe4d5ce7
    ssdeep: 3072:CFDCCJ6jq3ndWCS473CA1/verdNyqXJiBFH+lBS+S+:KCqu7nEvK3yq5iBF<br>H+lB<br>
    PEiD..: -
    PEInfo: PE Structure information<br><br>( base data )<br>entrypointaddress.: 0x449c<br>timedatestamp.....: 0x4a2bcd8c (Sun Jun 07 14:24:12 2009)<br>machinetype.......: 0x14c (I386)<br><br>( 4 sections )<br>name viradd virsiz rawdsiz ntrpy md5<br>.text 0x1000 0x2e000 0x16000 7.96 e5f959fad885ff3f62ae9d7cf2e88c51<br>.data 0x2f000 0x14000 0x13600 4.65 6e03f59b9b7c9afb54dfed3b72c40102<br>.rsrc 0x43000 0x1000 0x600 2.87 aef05787db2cac886b7b1699bee6c681<br>.reloc 0x44000 0x1000 0x200 1.72 5018b8e296fb7da2fd2e43a34423df02<br><br>( 4 imports ) <br>> KERNEL32.dll: CloseHandle, ExitProcess, FileTimeToSystemTime, FindFirstFileA, FindResourceA, GetACP, GetCommandLineA, GetModuleHandleA, GetNumberFormatA, GetOEMCP, GetStartupInfoA, HeapAlloc, HeapCreate, HeapFree, HeapReAlloc, MapViewOfFile, MultiByteToWideChar, OpenProcess, ReadProcessMemory, RtlUnwind, SetEndOfFile, SetFilePointer, SetHandleCount, SetLastError, SetUnhandledExceptionFilter, TerminateThread, TlsGetValue, UnmapViewOfFile, VirtualAlloc, VirtualFree, WideCharToMultiByte, lstrlenW<br>> msvcrt.dll: __p__commode, __set_app_type, exit, fwprintf, printf, __getmainargs<br>> user32.dll: SetUserObjectSecurity, RegisterClassExA, IntersectRect, GetWindowTextA, GetClientRect, OpenClipboard, TranslateMessage<br>> ole32.dll: CreateBindCtx, CoTaskMemRealloc, CoFileTimeNow, CoCreateInstance, CLSIDFromString<br><br>( 11 exports ) <br>ActivatorUpdateForIsRouterChanges, D3DRealloc, GetUpdateCount, NxGetCookingInterface, NxPlatformMismatch, OpenComponentLibraryEx, SetSetupOpen, TextOutWCP_ME, UpdateFromAppChange, UpdateFromComponentChange, W32N_IsWindows2000<br>
    RDS...: NSRL Reference Data Set<br>-
    sigcheck:<br>publisher....: Microsoft Corporation<br>copyright....: (c) 1988-2000 Microsoft Corp. All rights reserved.<br>product......: Microsoft Soap SDK<br>description..: Microsoft Soap SDK<br>original name: MSSOAP1.DLL<br>internal name: MSSOAP1<br>file version.: 1.02.814.0<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    pdfid.: -
    trid..: Win32 Executable Generic (42.3%)<br>Win32 Dynamic Link Library (generic) (37.6%)<br>Generic Win/DOS Executable (9.9%)<br>DOS Executable Generic (9.9%)<br>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    0
  14. marie
     
    Fichier AsAcpiSvrLang.ini reçu le 2010.01.15 17:08:57 (UTC)
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.50 2010.01.15 -
    AhnLab-V3 5.0.0.2 2010.01.15 -
    AntiVir 7.9.1.142 2010.01.15 -
    Antiy-AVL 2.0.3.7 2010.01.12 -
    Authentium 5.2.0.5 2010.01.15 -
    Avast 4.8.1351.0 2010.01.15 -
    AVG 9.0.0.730 2010.01.15 -
    BitDefender 7.2 2010.01.15 -
    CAT-QuickHeal 10.00 2010.01.15 -
    ClamAV 0.94.1 2010.01.15 -
    Comodo 3594 2010.01.15 -
    DrWeb 5.0.1.12222 2010.01.15 -
    eSafe 7.0.17.0 2010.01.14 -
    eTrust-Vet 35.2.7239 2010.01.15 -
    F-Prot 4.5.1.85 2010.01.15 -
    F-Secure 9.0.15370.0 2010.01.15 -
    Fortinet 4.0.14.0 2010.01.15 -
    GData 19 2010.01.15 -
    Ikarus T3.1.1.80.0 2010.01.15 -
    Jiangmin 13.0.900 2010.01.15 -
    K7AntiVirus 7.10.948 2010.01.15 -
    Kaspersky 7.0.0.125 2010.01.15 -
    McAfee 5861 2010.01.14 -
    McAfee+Artemis 5861 2010.01.14 -
    McAfee-GW-Edition 6.8.5 2010.01.15 -
    Microsoft 1.5302 2010.01.15 -
    NOD32 4775 2010.01.15 -
    Norman 6.04.03 2010.01.14 -
    nProtect 2009.1.8.0 2010.01.15 -
    Panda 10.0.2.2 2010.01.15 -
    PCTools 7.0.3.5 2010.01.15 -
    Prevx 3.0 2010.01.15 -
    Rising 22.30.04.04 2010.01.15 -
    Sophos 4.49.0 2010.01.15 -
    Sunbelt 3.2.1858.2 2010.01.15 -
    Symantec 20091.2.0.41 2010.01.15 -
    TheHacker 6.5.0.4.151 2010.01.15 -
    TrendMicro 9.120.0.1004 2010.01.15 -
    VBA32 3.12.12.1 2010.01.15 -
    ViRobot 2010.1.15.2138 2010.01.15 -
    VirusBuster 5.0.21.0 2010.01.15 -
    Information additionnelle
    File size: 21864 bytes
    MD5...: 38489f463ab7ff6bfa1e0a68cdf5d636
    SHA1..: 0e11a785e40666198308fcd6274fd6e7f5b854e0
    SHA256: 3101413975122d541c74ae917ec6ab0b4a955824c52da56a5791cf934db0cf61
    ssdeep: 192:FTZM6riWZW5u5gOEA3jCl0IPX0KLividoiZwU9KQO7/qN2kBDrDF0CDjEt+2<br>5:FTZMwCXXe6doiZwxF7/sDrDx25<br>
    PEiD..: -
    PEInfo: -
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Text - UTF-16 (LE) encoded (66.6%)<br>MP3 audio (33.3%)
    sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    packers (F-Prot): Unicode

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.50 2010.01.15 -
    AhnLab-V3 5.0.0.2 2010.01.15 -
    AntiVir 7.9.1.142 2010.01.15 -
    Antiy-AVL 2.0.3.7 2010.01.12 -
    Authentium 5.2.0.5 2010.01.15 -
    Avast 4.8.1351.0 2010.01.15 -
    AVG 9.0.0.730 2010.01.15 -
    BitDefender 7.2 2010.01.15 -
    CAT-QuickHeal 10.00 2010.01.15 -
    ClamAV 0.94.1 2010.01.15 -
    Comodo 3594 2010.01.15 -
    DrWeb 5.0.1.12222 2010.01.15 -
    eSafe 7.0.17.0 2010.01.14 -
    eTrust-Vet 35.2.7239 2010.01.15 -
    F-Prot 4.5.1.85 2010.01.15 -
    F-Secure 9.0.15370.0 2010.01.15 -
    Fortinet 4.0.14.0 2010.01.15 -
    GData 19 2010.01.15 -
    Ikarus T3.1.1.80.0 2010.01.15 -
    Jiangmin 13.0.900 2010.01.15 -
    K7AntiVirus 7.10.948 2010.01.15 -
    Kaspersky 7.0.0.125 2010.01.15 -
    McAfee 5861 2010.01.14 -
    McAfee+Artemis 5861 2010.01.14 -
    McAfee-GW-Edition 6.8.5 2010.01.15 -
    Microsoft 1.5302 2010.01.15 -
    NOD32 4775 2010.01.15 -
    Norman 6.04.03 2010.01.14 -
    nProtect 2009.1.8.0 2010.01.15 -
    Panda 10.0.2.2 2010.01.15 -
    PCTools 7.0.3.5 2010.01.15 -
    Prevx 3.0 2010.01.15 -
    Rising 22.30.04.04 2010.01.15 -
    Sophos 4.49.0 2010.01.15 -
    Sunbelt 3.2.1858.2 2010.01.15 -
    Symantec 20091.2.0.41 2010.01.15 -
    TheHacker 6.5.0.4.151 2010.01.15 -
    TrendMicro 9.120.0.1004 2010.01.15 -
    VBA32 3.12.12.1 2010.01.15 -
    ViRobot 2010.1.15.2138 2010.01.15 -
    VirusBuster 5.0.21.0 2010.01.15 -

    Information additionnelle
    File size: 21864 bytes
    MD5...: 38489f463ab7ff6bfa1e0a68cdf5d636
    SHA1..: 0e11a785e40666198308fcd6274fd6e7f5b854e0
    SHA256: 3101413975122d541c74ae917ec6ab0b4a955824c52da56a5791cf934db0cf61
    ssdeep: 192:FTZM6riWZW5u5gOEA3jCl0IPX0KLividoiZwU9KQO7/qN2kBDrDF0CDjEt+2<br>5:FTZMwCXXe6doiZwxF7/sDrDx25<br>
    PEiD..: -
    PEInfo: -
    RDS...: NSRL Reference Data Set<br>-
    pdfid.: -
    trid..: Text - UTF-16 (LE) encoded (66.6%)<br>MP3 audio (33.3%)
    sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    packers (F-Prot): Unicode
    0
  15. marie
     
    Fichier btcss.dll.manifest reçu le 2010.01.15 17:12:19 (UTC)
    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.50 2010.01.15 -
    AhnLab-V3 5.0.0.2 2010.01.15 -
    AntiVir 7.9.1.142 2010.01.15 -
    Antiy-AVL 2.0.3.7 2010.01.12 -
    Authentium 5.2.0.5 2010.01.15 -
    Avast 4.8.1351.0 2010.01.15 -
    AVG 9.0.0.730 2010.01.15 -
    BitDefender 7.2 2010.01.15 -
    CAT-QuickHeal 10.00 2010.01.15 -
    ClamAV 0.94.1 2010.01.15 -
    Comodo 3594 2010.01.15 -
    DrWeb 5.0.1.12222 2010.01.15 -
    eSafe 7.0.17.0 2010.01.14 -
    eTrust-Vet 35.2.7239 2010.01.15 -
    F-Prot 4.5.1.85 2010.01.15 -
    F-Secure 9.0.15370.0 2010.01.15 -
    Fortinet 4.0.14.0 2010.01.15 -
    GData 19 2010.01.15 -
    Ikarus T3.1.1.80.0 2010.01.15 -
    Jiangmin 13.0.900 2010.01.15 -
    K7AntiVirus 7.10.948 2010.01.15 -
    Kaspersky 7.0.0.125 2010.01.15 -
    McAfee 5861 2010.01.14 -
    McAfee+Artemis 5861 2010.01.14 -
    McAfee-GW-Edition 6.8.5 2010.01.15 -
    Microsoft 1.5302 2010.01.15 -
    NOD32 4775 2010.01.15 -
    Norman 6.04.03 2010.01.14 -
    nProtect 2009.1.8.0 2010.01.15 -
    Panda 10.0.2.2 2010.01.15 -
    PCTools 7.0.3.5 2010.01.15 -
    Prevx 3.0 2010.01.15 -
    Rising 22.30.04.04 2010.01.15 -
    Sophos 4.49.0 2010.01.15 -
    Sunbelt 3.2.1858.2 2010.01.15 -
    Symantec 20091.2.0.41 2010.01.15 -
    TheHacker 6.5.0.4.151 2010.01.15 -
    TrendMicro 9.120.0.1004 2010.01.15 -
    VBA32 3.12.12.1 2010.01.15 -
    ViRobot 2010.1.15.2138 2010.01.15 -
    VirusBuster 5.0.21.0 2010.01.15 -
    Information additionnelle
    File size: 593 bytes
    MD5...: 1b5da2956493091472d9dbc88420c2f4
    SHA1..: 45fdea792d6acc2a5781b0b436e482e6d4f29847
    SHA256: a9a8e01416df57eaf766e4a636f2016c21cc62a366fae4184c4089e06de0e114
    ssdeep: 12:TMHdtYJ5BgVNWpSNTMOA453SNK+bJM+gVNsJ3LRU2K:2dtYbBgHNSgiNK+bu+<br>gME<br>
    PEiD..: -
    PEInfo: -
    RDS...: NSRL Reference Data Set<br>-
    sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    pdfid.: -
    trid..: Windows Manifest - Visual Stylesheet XML file (95.0%)<br>Generic XML (ASCII) (4.9%)

    Antivirus Version Dernière mise à jour Résultat
    a-squared 4.5.0.50 2010.01.15 -
    AhnLab-V3 5.0.0.2 2010.01.15 -
    AntiVir 7.9.1.142 2010.01.15 -
    Antiy-AVL 2.0.3.7 2010.01.12 -
    Authentium 5.2.0.5 2010.01.15 -
    Avast 4.8.1351.0 2010.01.15 -
    AVG 9.0.0.730 2010.01.15 -
    BitDefender 7.2 2010.01.15 -
    CAT-QuickHeal 10.00 2010.01.15 -
    ClamAV 0.94.1 2010.01.15 -
    Comodo 3594 2010.01.15 -
    DrWeb 5.0.1.12222 2010.01.15 -
    eSafe 7.0.17.0 2010.01.14 -
    eTrust-Vet 35.2.7239 2010.01.15 -
    F-Prot 4.5.1.85 2010.01.15 -
    F-Secure 9.0.15370.0 2010.01.15 -
    Fortinet 4.0.14.0 2010.01.15 -
    GData 19 2010.01.15 -
    Ikarus T3.1.1.80.0 2010.01.15 -
    Jiangmin 13.0.900 2010.01.15 -
    K7AntiVirus 7.10.948 2010.01.15 -
    Kaspersky 7.0.0.125 2010.01.15 -
    McAfee 5861 2010.01.14 -
    McAfee+Artemis 5861 2010.01.14 -
    McAfee-GW-Edition 6.8.5 2010.01.15 -
    Microsoft 1.5302 2010.01.15 -
    NOD32 4775 2010.01.15 -
    Norman 6.04.03 2010.01.14 -
    nProtect 2009.1.8.0 2010.01.15 -
    Panda 10.0.2.2 2010.01.15 -
    PCTools 7.0.3.5 2010.01.15 -
    Prevx 3.0 2010.01.15 -
    Rising 22.30.04.04 2010.01.15 -
    Sophos 4.49.0 2010.01.15 -
    Sunbelt 3.2.1858.2 2010.01.15 -
    Symantec 20091.2.0.41 2010.01.15 -
    TheHacker 6.5.0.4.151 2010.01.15 -
    TrendMicro 9.120.0.1004 2010.01.15 -
    VBA32 3.12.12.1 2010.01.15 -
    ViRobot 2010.1.15.2138 2010.01.15 -
    VirusBuster 5.0.21.0 2010.01.15 -

    Information additionnelle
    File size: 593 bytes
    MD5...: 1b5da2956493091472d9dbc88420c2f4
    SHA1..: 45fdea792d6acc2a5781b0b436e482e6d4f29847
    SHA256: a9a8e01416df57eaf766e4a636f2016c21cc62a366fae4184c4089e06de0e114
    ssdeep: 12:TMHdtYJ5BgVNWpSNTMOA453SNK+bJM+gVNsJ3LRU2K:2dtYbBgHNSgiNK+bu+<br>gME<br>
    PEiD..: -
    PEInfo: -
    RDS...: NSRL Reference Data Set<br>-
    sigcheck:<br>publisher....: n/a<br>copyright....: n/a<br>product......: n/a<br>description..: n/a<br>original name: n/a<br>internal name: n/a<br>file version.: n/a<br>comments.....: n/a<br>signers......: -<br>signing date.: -<br>verified.....: Unsigned<br>
    pdfid.: -
    trid..: Windows Manifest - Visual Stylesheet XML file (95.0%)<br>Generic XML (ASCII) (4.9%)
    0
  16. marie
     
    Je viens de refaire OTL et voilà ce que ça me dit:
    ========== REGISTRY ==========
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersi­on\Uninstall\Ask Toolbar_is1\ not found.

    OTL by OldTimer - Version 3.1.24.1 log created on 01152010_122054

    Sinon je n'arrive pas à supprimer C:\WINDOWS\alujaxak.dll , le pc me dit que l'écriture est protégé.
    J'espère que j'ai tout bien suivi tes instructions autrement, dis moi ce qu'il me reste à faire.
    0
  17. gen-hackman
     
    ok execute ceci et remets le rapport

    http://sd-1.archive-host.com/membres/up/829108531491024/Remove_File.exe
    0
  18. marie
     
    Je l'ai installé mais je ne peux rien faire, il y une fenêtre de bloc note qui s'affiche, avec File:
    j'ai donc mis le nom du fichier en face des deux points C:\WINDOWS\alujaxak.dll puis entrée mais rien de rien ne se passe
    0
  19. gen-hackman
     
    regarde si tu as toujours le fichier dans windows ..
    0
  • 1
  • 2