Virus ou pas ?

Réponse 41 / 62

Romaric Simon Messages postés 1025 Date d'inscription Statut Membre Dernière intervention 616

Bonjour,
Oui je pense, mais est-ce que je peux réessayer ?

Réponse 42 / 62

Utilisateur anonyme

tu dois avoir un rapport ici :

C:\_OTL\Moved Files\la_date_et_l'heure_de_la_suppression

Réponse 43 / 62

Romaric Simon Messages postés 1025 Date d'inscription Statut Membre Dernière intervention 616

Oui : C:\_OTL\MovedFiles\02202010_071437.log

Files\Folders moved on Reboot...
C:\Users\Romaric\AppData\Local\Temp\rad4E1C4.tmp\bin\Gadget.Interop.dll moved successfully.
C:\Users\Romaric\AppData\Local\Temp\rad0A9FC.tmp\bin\x86\sharpwrapi_Win32.dll moved successfully.

Registry entries deleted on Reboot...

C'est tout.

Réponse 44 / 62

Utilisateur anonyme

refais ceci en mode sans echec stp :

https://forums.commentcamarche.net/forum/affich-16648298-virus-ou-pas?page=3#47

en mettant bien tout ce qui est en gras

Réponse 45 / 62

Romaric Simon Messages postés 1025 Date d'inscription Statut Membre Dernière intervention 616

Voila le rapport en mode sans échec :

All processes killed
Error: Unable to interpret <:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
O4 - HKU\S-1-5-21-3277981741-1346631462-3197687755-1000..\Run: [PCHand Screen Capture] C:\Program Files\PCHand\Screen Capture\ScreenCapture.exe File not found
O4 - HKU\S-1-5-21-3277981741-1346631462-3197687755-1000..\Run: [Power2GoExpress] File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll File not found
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream > in the current context!
Error: Unable to interpret <- 368 bytes -> C:\Users\Romaric\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:EEDA5B17
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:B0D4D817

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"HP Software Update"=-
"iTunesHelper"=-
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=1
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"$INSTDIR\FlvDetector.exe"=-
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"=-

:commands
[emptytemp]
[start explorer]
[reboot] > in the current context!

OTL by OldTimer - Version 3.1.30.1 log created on 02202010_132820

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Réponse 46 / 62

Utilisateur anonyme

??????????

Romaric Simon Messages postés 1025 Date d'inscription Statut Membre Dernière intervention 616

J'ai fait https://forums.commentcamarche.net/forum/affich-16648298-virus-ou-pasu-pas?page=3#47 en mode sans echec et au redémarrage il m'a affiché :

All processes killed
Error: Unable to interpret <:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
O4 - HKU\S-1-5-21-3277981741-1346631462-3197687755-1000..\Run: [PCHand Screen Capture] C:\Program Files\PCHand\Screen Capture\ScreenCapture.exe File not found
O4 - HKU\S-1-5-21-3277981741-1346631462-3197687755-1000..\Run: [Power2GoExpress] File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll File not found
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream > in the current context!
Error: Unable to interpret <- 368 bytes -> C:\Users\Romaric\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:EEDA5B17
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:B0D4D817

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"HP Software Update"=-
"iTunesHelper"=-
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=1
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"$INSTDIR\FlvDetector.exe"=-
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"=-

:commands
[emptytemp]
[start explorer]
[reboot] > in the current context!

OTL by OldTimer - Version 3.1.30.1 log created on 02202010_132820

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Voila.

Réponse 47 / 62

Utilisateur anonyme

tu l'executes bien avec le clic droit "executer en tant qu'administrateur" ?

Réponse 48 / 62

Romaric Simon Messages postés 1025 Date d'inscription Statut Membre Dernière intervention 616

Oui ! Ce que je fais : clic droit sur OLT.exe puis Exécuter en tant qu'administrateur ensuite je colle dans la zone sous Customs Scans/Fixes :

:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
O4 - HKU\S-1-5-21-3277981741-1346631462-3197687755-1000..\Run: [PCHand Screen Capture] C:\Program Files\PCHand\Screen Capture\ScreenCapture.exe File not found
O4 - HKU\S-1-5-21-3277981741-1346631462-3197687755-1000..\Run: [Power2GoExpress] File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll File not found
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream - 368 bytes -> C:\Users\Romaric\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:EEDA5B17
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:B0D4D817

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"HP Software Update"=-
"iTunesHelper"=-
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=1
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"$INSTDIR\FlvDetector.exe"=-
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"=-

:commands
[emptytemp]
[start explorer]
[reboot]

Puis je clic sur RunFix, il me met que l'ordi va redémarrer je met OK, il redémarre et m'affiche :

All processes killed
Error: Unable to interpret <:processes
explorer.exe
iexplore.exe
firefox.exe
msnmsgr.exe
Teatimer.exe

:OTL
O4 - HKU\S-1-5-21-3277981741-1346631462-3197687755-1000..\Run: [PCHand Screen Capture] C:\Program Files\PCHand\Screen Capture\ScreenCapture.exe File not found
O4 - HKU\S-1-5-21-3277981741-1346631462-3197687755-1000..\Run: [Power2GoExpress] File not found
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll File not found
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
@Alternate Data Stream > in the current context!
Error: Unable to interpret <- 368 bytes -> C:\Users\Romaric\AppData\Local\desktop.ini:722b2b1c349a06abf0e866180e5a7e63
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:EEDA5B17
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:B0D4D817

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"HP Software Update"=-
"iTunesHelper"=-
"QuickTime Task"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride"=1
"FirewallOverride"=1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"$INSTDIR\FlvDetector.exe"=-
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe"=-

:commands
[emptytemp]
[start explorer]
[reboot]> in the current context!

OTL by OldTimer - Version 3.1.30.1 log created on 02202010_153731

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Voila, c'est tout, et OTL.exe ne se raffiche pas quand l'ordi a redémarré.

Romaric Simon Messages postés 1025 Date d'inscription Statut Membre Dernière intervention 616

Mais faut-il que je modifie les option de OLT.exe comme pour le scan quand je fait RunFix ?

Réponse 49 / 62

Romaric Simon Messages postés 1025 Date d'inscription Statut Membre Dernière intervention 616

Réponse 50 / 62

Utilisateur anonyme

▶ Télécharge DAFT !

▶ Sauvegarde-le sur ton Bureau.
▶ Dézippe le dossier le contenant (clic droit , extraire ici)
▶ Double-clique sur l'icône de DAFT se trouvant dans son dossier dézippé, présent sur ton bureau.
▶ Clique sur le bouton Scan.
▶ Sélectionne tout ce qui apparaît.
▶ Clique sur le bouton Fix.
▶ Ensuite relance DAFT. Si tout est OK, un message du type "All associations are OK" devrait apparaître.
▶ Ferme DAFT.

Romaric Simon Messages postés 1025 Date d'inscription Statut Membre Dernière intervention 616

C'est fait, tout a bien marché.

Réponse 51 / 62

Utilisateur anonyme

ok

▶ Télécharge ZHPDiag (de Nicolas Coolman)

ou :ZHPDiag

▶ Enregistre le sur ton Bureau.

Une fois le téléchargement achevé,

▶ lance ZHPDiag.exe et clique sur Unzip dans la fenêtre qui s'ouvre.

▶ Clique sur le tournevis puis sur Tous pour cocher toutes les cases des options.

▶ Clique sur la loupe pour lancer l'analyse.

A la fin de l'analyse,

▶ clique sur l'appareil photo et enregistre le rapport sur ton Bureau.

Pour me le transmettre clique sur ce lien :

http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier C:\Documents and settings\le_nom_de_ta_session\.ZHPDiag.txt

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cj200905/cib7SU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

Réponse 52 / 62

Romaric Simon Messages postés 1025 Date d'inscription Statut Membre Dernière intervention 616

Et voila : http://www.cijoint.fr/cjlink.php?file=cj201002/cijPvCwsAy.txt

Réponse 53 / 62

Utilisateur anonyme

c'est bon ca a fonctionné.......il reste des soucis ?

Romaric Simon Messages postés 1025 Date d'inscription Statut Membre Dernière intervention 616

Je ne sais pas... L'ordinateur est déjà bien plus rapide...

Mais peux-on savoir si je suis complètement désinfecté ?

Et faut-il que je fasse quelque chose pour ne plus attraper de virus ?

Merci. :)

Réponse 54 / 62

Utilisateur anonyme

fais recherche avec ceci :

http://sd-1.archive-host.com/membres/up/829108531491024/Kill_Tool.exe

Réponse 55 / 62

Romaric Simon Messages postés 1025 Date d'inscription Statut Membre Dernière intervention 616

Ce qui m'affiche :

List_Tool by g3n-@ckm@n 1.0.0.0

¤¤¤¤¤¤¤¤¤¤ Files | Folders

Present : C:\Ad-Remover
Present : C:\Kill'em
Present : C:\Kill'em.txt
Present : C:\_OTL
Present : C:\Ad-Remover\1
Present : C:\Ad-Remover\ADR_00.bat
Present : C:\Ad-Remover\ADR_01.bat
Present : C:\Ad-Remover\BACKUP
Present : C:\Ad-Remover\DelKeys.bat
Present : C:\Ad-Remover\DelValues.bat
Present : C:\Ad-Remover\Display.bat
Present : C:\Ad-Remover\EgwReg.com
Present : C:\Ad-Remover\ERUNT
Present : C:\Ad-Remover\Find.bat
Present : C:\Ad-Remover\FindKeys.bat
Present : C:\Ad-Remover\FindValues.bat
Present : C:\Ad-Remover\GREP.com
Present : C:\Ad-Remover\isadmin.com
Present : C:\Ad-Remover\MFFC.bat
Present : C:\Ad-Remover\Move.bat
Present : C:\Ad-Remover\nircmd.com
Present : C:\Ad-Remover\pv.com
Present : C:\Ad-Remover\QUARANTINE
Present : C:\Ad-Remover\SED.com
Present : C:\Ad-Remover\setpath.com
Present : C:\Ad-Remover\SWREG.com
Present : C:\Ad-Remover\SWSC.com
Present : C:\Ad-Remover\swxcacls.com
Present : C:\Ad-Remover\Un-ADR.exe
Present : C:\Ad-Remover\uniq.com
Present : C:\Ad-Remover\1\AdL.dat
Present : C:\Ad-Remover\1\AdLB.dat
Present : C:\Ad-Remover\1\CLSID.dat
Present : C:\Ad-Remover\1\Components.dat
Present : C:\Ad-Remover\1\Data.dat
Present : C:\Ad-Remover\1\Data2.dat
Present : C:\Ad-Remover\1\Data3.dat
Present : C:\Ad-Remover\1\DisplayIcon.ico
Present : C:\Ad-Remover\1\FF-JsParams.dat
Present : C:\Ad-Remover\1\FF-JsStrings-W.dat
Present : C:\Ad-Remover\1\FF-JsStrings.dat
Present : C:\Ad-Remover\1\FF-MV.sed
Present : C:\Ad-Remover\1\Folders-W.dat
Present : C:\Ad-Remover\1\Folders.dat
Present : C:\Ad-Remover\1\LEGACY_Svcs.dat
Present : C:\Ad-Remover\1\List.dat
Present : C:\Ad-Remover\1\R-AppID.dat
Present : C:\Ad-Remover\1\R-Classes.dat
Present : C:\Ad-Remover\1\R-soft.dat
Present : C:\Ad-Remover\1\R-Uninstall.dat
Present : C:\Ad-Remover\1\Regmod.dat
Present : C:\Ad-Remover\1\Reg_MEF.sed
Present : C:\Ad-Remover\1\Run_values.dat
Present : C:\Ad-Remover\1\SearchScopes.dat
Present : C:\Ad-Remover\1\Services.dat
Present : C:\Ad-Remover\1\Specreg.dat
Present : C:\Ad-Remover\1\Toolbar.dat
Present : C:\Ad-Remover\1\UAC.dat
Present : C:\Ad-Remover\1\UnReadables.dat
Present : C:\Ad-Remover\1\URLsHs.dat
Present : C:\Ad-Remover\BACKUP\Ad-Report-CLEAN[1].log
Present : C:\Ad-Remover\BACKUP\Registry 19-02-2010
Present : C:\Ad-Remover\BACKUP\Romaric_prefs.js.Backup
Present : C:\Ad-Remover\BACKUP\Registry 19-02-2010\bcd
Present : C:\Ad-Remover\BACKUP\Registry 19-02-2010\COMPON~2
Present : C:\Ad-Remover\BACKUP\Registry 19-02-2010\DEFAULT
Present : C:\Ad-Remover\BACKUP\Registry 19-02-2010\ERDNT.CON
Present : C:\Ad-Remover\BACKUP\Registry 19-02-2010\ERDNT.EXE
Present : C:\Ad-Remover\BACKUP\Registry 19-02-2010\ERDNT.INF
Present : C:\Ad-Remover\BACKUP\Registry 19-02-2010\ERDNTDOS.LOC
Present : C:\Ad-Remover\BACKUP\Registry 19-02-2010\ERDNTWIN.LOC
Present : C:\Ad-Remover\BACKUP\Registry 19-02-2010\SAM
Present : C:\Ad-Remover\BACKUP\Registry 19-02-2010\SECURITY
Present : C:\Ad-Remover\BACKUP\Registry 19-02-2010\SOFTWARE
Present : C:\Ad-Remover\BACKUP\Registry 19-02-2010\SYSTEM
Present : C:\Ad-Remover\BACKUP\Registry 19-02-2010\Users
Present : C:\Ad-Remover\BACKUP\Registry 19-02-2010\Users\00000001
Present : C:\Ad-Remover\BACKUP\Registry 19-02-2010\Users\00000002
Present : C:\Ad-Remover\BACKUP\Registry 19-02-2010\Users\00000001\ntuser.dat
Present : C:\Ad-Remover\BACKUP\Registry 19-02-2010\Users\00000002\UsrClass.dat
Present : C:\Ad-Remover\ERUNT\ERDNT.E_E
Present : C:\Ad-Remover\ERUNT\ERDNTDOS.LOC
Present : C:\Ad-Remover\ERUNT\ERDNTWIN.LOC
Present : C:\Ad-Remover\ERUNT\ERUNT.com
Present : C:\Ad-Remover\ERUNT\ERUNT.LOC
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1
Present : C:\Ad-Remover\QUARANTINE\PROGRA~2
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\AxMetaStream.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\ClassIDs.ini.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\ComponentMgr.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\MetaStreamID.ini.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\MtsAxInstaller.exe.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\npViewpoint.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\npViewpoint.xpt.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\AOLArt.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\AOLShell.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\AOLUserShell.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\Cursors.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\DataTracking.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\GifReader.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\JpegReader.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\LensFlares.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\Mts3Reader.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\ObjectMovie.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\SceneComponent.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\ServiceComponent.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\SreeDMMX.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\SWFView.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\VectorView.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\VMPAudio.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\VMPExtras.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\VMPSpeech.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\VMPVideo.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\WaveletReader.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~1\VIEWPO~1\VIEWPO~1\NEWCOM~1\ZoomView.dll.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~2\VIEWPO~1
Present : C:\Ad-Remover\QUARANTINE\PROGRA~2\VIEWPO~1\VIEWPO~1
Present : C:\Ad-Remover\QUARANTINE\PROGRA~2\VIEWPO~1\VIEWPO~1\MetaStreamConfig.ini.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~2\VIEWPO~1\VIEWPO~1\MetaStreamID.ini.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~2\VIEWPO~1\VIEWPO~1\USERSH~1
Present : C:\Ad-Remover\QUARANTINE\PROGRA~2\VIEWPO~1\VIEWPO~1\USERSH~1\AOL9
Present : C:\Ad-Remover\QUARANTINE\PROGRA~2\VIEWPO~1\VIEWPO~1\USERSH~1\AOL9Plus
Present : C:\Ad-Remover\QUARANTINE\PROGRA~2\VIEWPO~1\VIEWPO~1\USERSH~1\AOL9\FLFBootStrap.mtx.vir
Present : C:\Ad-Remover\QUARANTINE\PROGRA~2\VIEWPO~1\VIEWPO~1\USERSH~1\AOL9Plus\FLFBootStrap.mtx.vir
Present : C:\Kill'em\Quarantine
Present : C:\Kill'em\Save
Present : C:\Kill'em\Quarantine\fgsetup-1.9.1b.exe.Kill'em
Present : C:\Kill'em\Quarantine\FlashPlayerUpdate.exe.Kill'em
Present : C:\Kill'em\Quarantine\FlashPlayerUpdate01.exe.Kill'em
Present : C:\Kill'em\Quarantine\GoogleUpdateSetup.exe83e6c35.Kill'em
Present : C:\Kill'em\Quarantine\jre-6u17-windows-i586-iftw-rv.exe.Kill'em
Present : C:\Kill'em\Quarantine\jre-6u18-windows-i586-iftw-rv.exe.Kill'em
Present : C:\Kill'em\Quarantine\MsgPlusUninstall.exe.Kill'em
Present : C:\Kill'em\Quarantine\Paint.NET.3.5.1.Update.exe.Kill'em
Present : C:\Kill'em\Quarantine\RL2.doc.Kill'em
Present : C:\Kill'em\Quarantine\SearchWithGoogleUpdate.exe.Kill'em
Present : C:\Kill'em\Quarantine\SET42A1.tmp.Kill'em
Present : C:\Kill'em\Quarantine\SETC346.tmp.Kill'em
Present : C:\Kill'em\Quarantine\SETDBF3.tmp.Kill'em
Present : C:\Kill'em\Quarantine\tmp.xpi.Kill'em
Present : C:\Kill'em\Quarantine\UnInstallCoinsHifi.exe.Kill'em
Present : C:\Kill'em\Quarantine\WD120CPL.DLL.Kill'em
Present : C:\Kill'em\Quarantine\WD120IMG.DLL.Kill'em
Present : C:\Kill'em\Quarantine\WD120IMG2.DLL.Kill'em
Present : C:\Kill'em\Quarantine\WD120MAT.DLL.Kill'em
Present : C:\Kill'em\Quarantine\WD120OBJ.DLL.Kill'em
Present : C:\Kill'em\Quarantine\WD120STD.DLL.Kill'em
Present : C:\Kill'em\Quarantine\WD120TEST.DLL.Kill'em
Present : C:\Kill'em\Quarantine\WD120VM.DLL.Kill'em
Present : C:\Kill'em\Quarantine\_biuidel.exe.Kill'em
Present : C:\Kill'em\Save\bcd
Present : C:\Kill'em\Save\COMPON~2
Present : C:\Kill'em\Save\DEFAULT
Present : C:\Kill'em\Save\ERDNT.CON
Present : C:\Kill'em\Save\ERDNT.EXE
Present : C:\Kill'em\Save\ERDNT.INF
Present : C:\Kill'em\Save\ERDNTDOS.LOC
Present : C:\Kill'em\Save\ERDNTWIN.LOC
Present : C:\Kill'em\Save\SAM
Present : C:\Kill'em\Save\SECURITY
Present : C:\Kill'em\Save\SOFTWARE
Present : C:\Kill'em\Save\SYSTEM
Present : C:\Kill'em\Save\Users
Present : C:\Kill'em\Save\Users\00000001
Present : C:\Kill'em\Save\Users\00000002
Present : C:\Kill'em\Save\Users\00000001\ntuser.dat
Present : C:\Kill'em\Save\Users\00000002\UsrClass.dat
Present : C:\Program Files\List_Kill'em
Present : C:\Program Files\CyberLink\PowerDirector\skin\1024x768\MiscDlg\DDSC.PNG
Present : C:\Program Files\CyberLink\YouCam\skin\1024x768\MiscDlg\DDSC.PNG
Present : C:\Program Files\List_Kill'em\List_Kill'em.scr
Present : C:\Program Files\List_Kill'em\unins000.dat
Present : C:\Program Files\List_Kill'em\unins000.exe
Present : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\List_Kill'em
Present : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\List_Kill'em\D‚sinstaller List_Kill'em.lnk
Present : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\List_Kill'em\List_Kill'em.lnk
Present : C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\List_Kill'em
Present : C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\List_Kill'em\D‚sinstaller List_Kill'em.lnk
Present : C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\List_Kill'em\List_Kill'em.lnk
Present : C:\Users\Public\Desktop\List_Kill'em.lnk
Present : C:\Users\Romaric\AppData\Roaming\Microsoft\Windows\Recent\Ad-Report-CLEAN[1].log.lnk
Present : C:\Users\Romaric\AppData\Roaming\Microsoft\Windows\Recent\OTL.Txt.lnk
Present : C:\Users\Romaric\AppData\Roaming\Microsoft\Windows\Recent\ZHPDiag.Txt.lnk
Present : C:\Users\Romaric\AppData\Roaming\Microsoft\Windows\Recent\ZHPDiag.zip.lnk
Present : C:\Users\Romaric\Downloads\OTL.Txt
Present : C:\Users\Romaric\Downloads\ZHPDiag.zip
Present : C:\Users\Romaric\Pictures\Desktop\OTL.exe
Present : C:\Users\Romaric\Pictures\Desktop\RSIT.exe
Present : C:\Users\Romaric\Pictures\Desktop\ZHPDiag
Present : C:\Users\Romaric\Pictures\Desktop\ZHPDiag\ConfigDiag.ini
Present : C:\Users\Romaric\Pictures\Desktop\ZHPDiag\LanguesDiag.ini
Present : C:\Users\Romaric\Pictures\Desktop\ZHPDiag\ZHPDiag.exe
Present : C:\Users\Romaric\Pictures\Desktop\ZHPDiag\ZHPDiag.Txt
Present : C:\Users\Romaric\Pictures\Desktop\ZHPDiag\ZHPRootkit.txt
Present : C:\Windows\Prefetch\OTL.EXE-02D3A52D.pf
Present : C:\_OTL\MovedFiles
Present : C:\_OTL\MovedFiles\02202010_071437
Present : C:\_OTL\MovedFiles\02202010_071437.log
Present : C:\_OTL\MovedFiles\02202010_132820
Present : C:\_OTL\MovedFiles\02202010_132820.log
Present : C:\_OTL\MovedFiles\02202010_153731
Present : C:\_OTL\MovedFiles\02202010_153731.log
Present : C:\_OTL\MovedFiles\02202010_071437\C_Users
Present : C:\_OTL\MovedFiles\02202010_071437\C_Users\Romaric
Present : C:\_OTL\MovedFiles\02202010_071437\C_Users\Romaric\AppData
Present : C:\_OTL\MovedFiles\02202010_071437\C_Users\Romaric\AppData\Local
Present : C:\_OTL\MovedFiles\02202010_071437\C_Users\Romaric\AppData\Local\Temp
Present : C:\_OTL\MovedFiles\02202010_071437\C_Users\Romaric\AppData\Local\Temp\rad0A9FC.tmp
Present : C:\_OTL\MovedFiles\02202010_071437\C_Users\Romaric\AppData\Local\Temp\rad4E1C4.tmp
Present : C:\_OTL\MovedFiles\02202010_071437\C_Users\Romaric\AppData\Local\Temp\rad0A9FC.tmp\bin
Present : C:\_OTL\MovedFiles\02202010_071437\C_Users\Romaric\AppData\Local\Temp\rad0A9FC.tmp\bin\x86
Present : C:\_OTL\MovedFiles\02202010_071437\C_Users\Romaric\AppData\Local\Temp\rad0A9FC.tmp\bin\x86\sharpwrapi_Win32.dll
Present : C:\_OTL\MovedFiles\02202010_071437\C_Users\Romaric\AppData\Local\Temp\rad4E1C4.tmp\bin
Present : C:\_OTL\MovedFiles\02202010_071437\C_Users\Romaric\AppData\Local\Temp\rad4E1C4.tmp\bin\Gadget.Interop.dll

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 56 / 62

Utilisateur anonyme

relance List_Kill'em , option desinstaller et ensuite suppression avec Kill_Tool

Réponse 57 / 62

Romaric Simon Messages postés 1025 Date d'inscription Statut Membre Dernière intervention 616

C'est fait. Voila :

Kill_Tool by g3n-@ckm@n 1.0.0.0

¤¤¤¤¤¤¤¤¤¤ Files | Folders

Deleted : C:\Ad-Remover
Deleted : C:\_OTL
Deleted : C:\Ad-Remover\1
Deleted : C:\Ad-Remover\ADR_00.bat
Deleted : C:\Ad-Remover\ADR_01.bat
Deleted : C:\Ad-Remover\BACKUP
Deleted : C:\Ad-Remover\DelKeys.bat
Deleted : C:\Ad-Remover\DelValues.bat
Deleted : C:\Ad-Remover\Display.bat
Deleted : C:\Ad-Remover\EgwReg.com
Deleted : C:\Ad-Remover\ERUNT
Deleted : C:\Ad-Remover\Find.bat
Deleted : C:\Ad-Remover\FindKeys.bat
Deleted : C:\Ad-Remover\FindValues.bat
Deleted : C:\Ad-Remover\GREP.com
Deleted : C:\Ad-Remover\isadmin.com
Deleted : C:\Ad-Remover\MFFC.bat
Deleted : C:\Ad-Remover\Move.bat
Deleted : C:\Ad-Remover\nircmd.com
Deleted : C:\Ad-Remover\pv.com
Deleted : C:\Ad-Remover\QUARANTINE
Deleted : C:\Ad-Remover\SED.com
Deleted : C:\Ad-Remover\setpath.com
Deleted : C:\Ad-Remover\SWREG.com
Deleted : C:\Ad-Remover\SWSC.com
Deleted : C:\Ad-Remover\swxcacls.com
Deleted : C:\Ad-Remover\Un-ADR.exe
Deleted : C:\Ad-Remover\uniq.com
Deleted : C:\Ad-Remover\1\AdL.dat
Deleted : C:\Ad-Remover\1\AdLB.dat
Deleted : C:\Ad-Remover\1\CLSID.dat
Deleted : C:\Ad-Remover\1\Components.dat
Deleted : C:\Ad-Remover\1\Data.dat
Deleted : C:\Ad-Remover\1\Data2.dat
Deleted : C:\Ad-Remover\1\Data3.dat
Deleted : C:\Ad-Remover\1\DisplayIcon.ico
Deleted : C:\Ad-Remover\1\FF-JsParams.dat
Deleted : C:\Ad-Remover\1\FF-JsStrings-W.dat
Deleted : C:\Ad-Remover\1\FF-JsStrings.dat
Deleted : C:\Ad-Remover\1\FF-MV.sed
Deleted : C:\Ad-Remover\1\Folders-W.dat
Deleted : C:\Ad-Remover\1\Folders.dat
Deleted : C:\Ad-Remover\1\LEGACY_Svcs.dat
Deleted : C:\Ad-Remover\1\List.dat
Deleted : C:\Ad-Remover\1\R-AppID.dat
Deleted : C:\Ad-Remover\1\R-Classes.dat
Deleted : C:\Ad-Remover\1\R-soft.dat
Deleted : C:\Ad-Remover\1\R-Uninstall.dat
Deleted : C:\Ad-Remover\1\Regmod.dat
Kill_Tool by g3n-@ckm@n 1.0.0.0

¤¤¤¤¤¤¤¤¤¤ Files | Folders

Deleted : C:\Program Files\List_Kill'em
Deleted : C:\Program Files\CyberLink\PowerDirector\skin\1024x768\MiscDlg\DDSC.PNG
Deleted : C:\Program Files\CyberLink\YouCam\skin\1024x768\MiscDlg\DDSC.PNG
Deleted : C:\Program Files\List_Kill'em\List_Kill'em.scr
Deleted : C:\Users\Romaric\AppData\Roaming\Microsoft\Windows\Recent\Ad-Report-CLEAN[1].log.lnk
Deleted : C:\Users\Romaric\AppData\Roaming\Microsoft\Windows\Recent\OTL.Txt.lnk
Deleted : C:\Users\Romaric\AppData\Roaming\Microsoft\Windows\Recent\ZHPDiag.Txt.lnk
Deleted : C:\Users\Romaric\AppData\Roaming\Microsoft\Windows\Recent\ZHPDiag.zip.lnk
Deleted : C:\Users\Romaric\Downloads\OTL.Txt
Deleted : C:\Users\Romaric\Downloads\ZHPDiag.zip
Deleted : C:\Users\Romaric\Pictures\Desktop\OTL.exe
Deleted : C:\Users\Romaric\Pictures\Desktop\RSIT.exe
Deleted : C:\Users\Romaric\Pictures\Desktop\ZHPDiag
Deleted : C:\Users\Romaric\Pictures\Desktop\ZHPDiag\ConfigDiag.ini
Deleted : C:\Users\Romaric\Pictures\Desktop\ZHPDiag\LanguesDiag.ini
Deleted : C:\Users\Romaric\Pictures\Desktop\ZHPDiag\ZHPDiag.exe
Deleted : C:\Users\Romaric\Pictures\Desktop\ZHPDiag\ZHPDiag.Txt
Deleted : C:\Users\Romaric\Pictures\Desktop\ZHPDiag\ZHPRootkit.txt
Deleted : C:\Windows\Prefetch\OTL.EXE-02D3A52D.pf

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Réponse 58 / 62

Romaric Simon Messages postés 1025 Date d'inscription Statut Membre Dernière intervention 616

Voila, c'est fait... et je suis a jour...

Merci pour votre aide. :)

Et vaux-t-il mieux que j'installe un pare feux gratuit ou que je garde celui de Vista ?

Réponse 59 / 62

Romaric Simon Messages postés 1025 Date d'inscription Statut Membre Dernière intervention 616

Oui, mais le quel choisir ? Comodo ?

Réponse 60 / 62

Utilisateur anonyme

j'utilise Online Armor que je trouve tres bien

Virus ou pas ?

62 réponses

Votre réponse

Discussions similaires