Virus Svschost fichier temp
Dernière réponse : dans Sécurité
Bonsoir,
Depuis peu, je recois de la part d'antivir un message de Virus Trojan de svschost.exe, porovenant de mes fichiers temp
Celui ci change sans cesse de nom...
J'ai beau faire des analyses spyware, ca ne fonctionne pas...
Que faire pour me debarrasser de cette bête??
merci de votre réponse et bonne soirée
Depuis peu, je recois de la part d'antivir un message de Virus Trojan de svschost.exe, porovenant de mes fichiers temp
Celui ci change sans cesse de nom...
J'ai beau faire des analyses spyware, ca ne fonctionne pas...
Que faire pour me debarrasser de cette bête??
merci de votre réponse et bonne soirée
Autres pages sur : virus svschost fichier temp
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge OTL (de OldTimer) sur ton Bureau.
Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
Une fenêtre apparaît. Dans la section Rapport en haut de cette fenêtre, coche Rapport minimal.
Coche également les cases à côté de Recherche Lop et Recherche Purity.
Enfin, clique sur le bouton Analyse. Le scan ne prendra pas beaucoup de temps.
Une fois l'analyse terminée, deux fenêtres vont s'ouvrir dans le Bloc-notes : OTL.txt et Extras.txt. Ils se trouvent au même endroit que OTL (donc par défaut sur le Bureau).
Pour me transmettre les rapports :
Clique sur ce lien : http://www.cijoint.fr/
Clique sur Parcourir... et cherche le fichier du rapport que tu souhaites me transmettre.
Clique sur Ouvrir.
Clique sur Cliquez ici pour déposer le fichier.
Un lien de cette forme, hxxp://www.cijoint.fr/cjlink.php?file=cj200905/cijSKAP5fU.txt, est ajouté dans la page.
Copie-colle ce lien dans ta réponse.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
Pour me transmettre les rapports :
voici mes liens
http://www.cijoint.fr/cjlink.php?file=cj201004/cij2QIBD...
http://www.cijoint.fr/cjlink.php?file=cj201004/cijk5QW6...
Merci pour votre aide...
http://www.cijoint.fr/cjlink.php?file=cj201004/cij2QIBD...
http://www.cijoint.fr/cjlink.php?file=cj201004/cijk5QW6...
Merci pour votre aide...
Citation :
L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org
Version de la base de données: 3982
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
12/04/2010 19:37:57
mbam-log-2010-04-12 (19-37-57).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 123267
Temps écoulé: 24 minute(s), 50 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 10
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec cherche.us (Redir.ChercheUs) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page_bak (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://www.cherche.us/keyword/) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
www.malwarebytes.org
Version de la base de données: 3982
Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702
12/04/2010 19:37:57
mbam-log-2010-04-12 (19-37-57).txt
Type d'examen: Examen rapide
Elément(s) analysé(s): 123267
Temps écoulé: 24 minute(s), 50 seconde(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 10
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Recherche avec cherche.us (Redir.ChercheUs) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Page_URL (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page_bak (Hijack.StartPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Default_Search_URL (Hijack.SearchPage) -> Bad: (http://www.cherche.us/keyword/) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Page (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.SearchPage) -> Bad: (http://www.cherche.us) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.cherche.us/Result.php?cx=partner-pub-0420647... - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-wind... (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-wind... (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-wind... (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-wind... (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-wind... (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-wind... (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-wind... (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-wind... (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-wind... (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-wind... (Java Plug-in 1.6.0_16)
[2010/03/25 22:16:06 | 000,168,960 | ---- | C] (Internet) -- C:\Documents and Settings\Stéphane LEMBRE\binternet.exe
:commands
[emptytemp]
[reboot]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = cherche.us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.cherche.us/Result.php?cx=partner-pub-0420647... - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-wind... (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-wind... (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-wind... (Java Plug-in 1.5.0_09)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-wind... (Java Plug-in 1.5.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-wind... (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-wind... (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-wind... (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-wind... (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-wind... (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-wind... (Java Plug-in 1.6.0_16)
[2010/03/25 22:16:06 | 000,168,960 | ---- | C] (Internet) -- C:\Documents and Settings\Stéphane LEMBRE\binternet.exe
:commands
[emptytemp]
[reboot]
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Stéphane LEMBRE\binternet.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 1428 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 75 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 75 bytes
User: LocalService
->Temp folder emptied: 115348 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 14556873 bytes
->Flash cache emptied: 806 bytes
User: Stéphane LEMBRE
->Temp folder emptied: 32311538 bytes
->Temporary Internet Files folder emptied: 28677595 bytes
->Java cache emptied: 201504466 bytes
->FireFox cache emptied: 37019928 bytes
->Flash cache emptied: 3983665 bytes
User: StÚphane LEMBRE
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 13964288 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14647745 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 57116618 bytes
Total Files Cleaned = 385,00 mb
OTL by OldTimer - Version 3.2.1.1 log created on 04122010_202836
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF19A4.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF2E86.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF3129.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF3894.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF39B0.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF3CED.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF3E9D.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF4FD.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF5178.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFE20B.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFFB61.tmp not found!
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\BXYQ34Q3\google_fr[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\7Q2Q9ZF2\ads[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\7Q2Q9ZF2\enchere[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\7Q2Q9ZF2\nwshp[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\22C83NAS\292885-11-virus-svschost-fichier-temp[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\22C83NAS\MsgrConfig[1].asmx moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\01234567\ads[3].htm moved successfully.
File\Folder C:\WINDOWS\temp\ZLT01352.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT01355.TMP not found!
Registry entries deleted on Reboot...
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
C:\Documents and Settings\Stéphane LEMBRE\binternet.exe moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 1428 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 75 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 75 bytes
User: LocalService
->Temp folder emptied: 115348 bytes
->Temporary Internet Files folder emptied: 32902 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 14556873 bytes
->Flash cache emptied: 806 bytes
User: Stéphane LEMBRE
->Temp folder emptied: 32311538 bytes
->Temporary Internet Files folder emptied: 28677595 bytes
->Java cache emptied: 201504466 bytes
->FireFox cache emptied: 37019928 bytes
->Flash cache emptied: 3983665 bytes
User: StÚphane LEMBRE
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 13964288 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14647745 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 57116618 bytes
Total Files Cleaned = 385,00 mb
OTL by OldTimer - Version 3.2.1.1 log created on 04122010_202836
Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF19A4.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF2E86.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF3129.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF3894.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF39B0.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF3CED.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF3E9D.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF4FD.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF5178.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFE20B.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFFB61.tmp not found!
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\BXYQ34Q3\google_fr[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\7Q2Q9ZF2\ads[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\7Q2Q9ZF2\enchere[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\7Q2Q9ZF2\nwshp[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\22C83NAS\292885-11-virus-svschost-fichier-temp[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\22C83NAS\MsgrConfig[1].asmx moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\01234567\ads[3].htm moved successfully.
File\Folder C:\WINDOWS\temp\ZLT01352.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT01355.TMP not found!
Registry entries deleted on Reboot...
Plus de souci ?
Double-clique sur OTL pour le lancer.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
Sous l'onglet Personnalisation en bas de la fenêtre, copie-colle le texte suivant (entre les deux espaces) :
Puis clique sur le bouton Correction en haut de la fenêtre.
Laisse le programme travailler, redémarre une fois le fix terminé.
Poste le rapport qui s'affichera après redémarrage.
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
:OTL
O20 - Winlogon\Notify\cbssreg: DllName - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll ()
[2010/04/12 20:44:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
[2010/03/27 18:50:21 | 000,000,451 | ---- | M] () -- C:\Documents and Settings\Stéphane LEMBRE\scriptjava.html
:commands
[emptytemp]
[reboot]
O20 - Winlogon\Notify\cbssreg: DllName - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll ()
[2010/04/12 20:44:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
[2010/03/27 18:50:21 | 000,000,451 | ---- | M] () -- C:\Documents and Settings\Stéphane LEMBRE\scriptjava.html
:commands
[emptytemp]
[reboot]
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg\ deleted successfully.
File move failed. C:\Documents and Settings\All Users\Documents\Settings\cbss.dll scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Documents\Settings scheduled to be moved on reboot.
C:\Documents and Settings\Stéphane LEMBRE\scriptjava.html moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 214056 bytes
->Flash cache emptied: 0 bytes
User: Stéphane LEMBRE
->Temp folder emptied: 6143385 bytes
->Temporary Internet Files folder emptied: 23581985 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 2545 bytes
User: StÚphane LEMBRE
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 411368 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31232 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 29,00 mb
OTL by OldTimer - Version 3.2.1.1 log created on 04122010_215033
Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\All Users\Documents\Settings\cbss.dll scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Documents\Settings scheduled to be moved on reboot.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EGUQM38L\google_fr[1].txt moved successfully.
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF28A5.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF2D38.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF6F07.tmp not found!
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFA3D4.tmp moved successfully.
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFBF8C.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFBFFC.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFC2CA.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFC2F1.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFC46F.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFC5B5.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFC6E8.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFFE78.tmp not found!
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\VRS07JVB\fan[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\VRS07JVB\google_fr[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\VRS07JVB\sofoot_com[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\VAKWZJYJ\292885-11-virus-svschost-fichier-temp[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\VAKWZJYJ\3XCOCAZHR1WXCA7ZKS50CAHEOIBYCAONCA5YCA7JD05BCA8JM2K1CAK5QKJTCATZRFMVCAWRWLTJCAITGZQ1CA8EEVUKCAMCR6Z7CAE2X7ZXCAX515XPCAL4RY02CAH44BQPCAVXS78DCA3D0YFW.htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\VAKWZJYJ\84ZLCA6THT5DCAM90IZUCA9S8LX6CAKFA78SCAXBZJDUCATCC3FWCAI9XLHRCAPYSK8SCA1G0QSLCANN0YT5CAJO1X1TCAUZMORLCAS4HV8FCAQ7UN37CAUDM4FOCAON1OIBCAX602LPCAT7Q47N.htm moved successfully.
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\VAKWZJYJ\ADSAdClient31[1].txt not found!
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\VAKWZJYJ\login_status[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\VAKWZJYJ\MsgrConfig[1].asmx moved successfully.
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\QR1U3WXA\01[1].htm not found!
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\QR1U3WXA\index[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\QR1U3WXA\pubs-v[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\QR1U3WXA\search[3].htm moved successfully.
File\Folder C:\WINDOWS\temp\ZLT03bd9.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT03bdc.TMP not found!
Registry entries deleted on Reboot...
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg\ deleted successfully.
File move failed. C:\Documents and Settings\All Users\Documents\Settings\cbss.dll scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Documents\Settings scheduled to be moved on reboot.
C:\Documents and Settings\Stéphane LEMBRE\scriptjava.html moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 214056 bytes
->Flash cache emptied: 0 bytes
User: Stéphane LEMBRE
->Temp folder emptied: 6143385 bytes
->Temporary Internet Files folder emptied: 23581985 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 2545 bytes
User: StÚphane LEMBRE
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 411368 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 31232 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 29,00 mb
OTL by OldTimer - Version 3.2.1.1 log created on 04122010_215033
Files\Folders moved on Reboot...
File move failed. C:\Documents and Settings\All Users\Documents\Settings\cbss.dll scheduled to be moved on reboot.
Folder move failed. C:\Documents and Settings\All Users\Documents\Settings scheduled to be moved on reboot.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EGUQM38L\google_fr[1].txt moved successfully.
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF28A5.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF2D38.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF6F07.tmp not found!
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFA3D4.tmp moved successfully.
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFBF8C.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFBFFC.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFC2CA.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFC2F1.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFC46F.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFC5B5.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFC6E8.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFFE78.tmp not found!
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\VRS07JVB\fan[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\VRS07JVB\google_fr[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\VRS07JVB\sofoot_com[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\VAKWZJYJ\292885-11-virus-svschost-fichier-temp[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\VAKWZJYJ\3XCOCAZHR1WXCA7ZKS50CAHEOIBYCAONCA5YCA7JD05BCA8JM2K1CAK5QKJTCATZRFMVCAWRWLTJCAITGZQ1CA8EEVUKCAMCR6Z7CAE2X7ZXCAX515XPCAL4RY02CAH44BQPCAVXS78DCA3D0YFW.htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\VAKWZJYJ\84ZLCA6THT5DCAM90IZUCA9S8LX6CAKFA78SCAXBZJDUCATCC3FWCAI9XLHRCAPYSK8SCA1G0QSLCANN0YT5CAJO1X1TCAUZMORLCAS4HV8FCAQ7UN37CAUDM4FOCAON1OIBCAX602LPCAT7Q47N.htm moved successfully.
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\VAKWZJYJ\ADSAdClient31[1].txt not found!
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\VAKWZJYJ\login_status[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\VAKWZJYJ\MsgrConfig[1].asmx moved successfully.
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\QR1U3WXA\01[1].htm not found!
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\QR1U3WXA\index[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\QR1U3WXA\pubs-v[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\QR1U3WXA\search[3].htm moved successfully.
File\Folder C:\WINDOWS\temp\ZLT03bd9.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT03bdc.TMP not found!
Registry entries deleted on Reboot...
(Sous Vista/Win7, il faut cliquer droit sur OTL et choisir Exécuter en tant qu'administrateur)
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.cherche.us
FF - prefs.js..keyword.URL: "http://www.cherche.us/Result.php?cx=partner-pub-0420647...
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (bnis.mxo) - C:\WINDOWS\System32\bnis.mxo ()
O20 - HKLM Winlogon: Shell - (yfklng) - File not found
O20 - Winlogon\Notify\cbssreg: DllName - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll File not found
[2010/04/12 20:44:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
[2010/04/12 22:04:56 | 000,019,968 | ---- | M] () -- C:\WINDOWS\System32\bnis.mxo
:commands
[emptytemp]
[reboot]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.cherche.us
FF - prefs.js..keyword.URL: "http://www.cherche.us/Result.php?cx=partner-pub-0420647...
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (bnis.mxo) - C:\WINDOWS\System32\bnis.mxo ()
O20 - HKLM Winlogon: Shell - (yfklng) - File not found
O20 - Winlogon\Notify\cbssreg: DllName - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll - C:\Documents and Settings\All Users\Documents\Settings\cbss.dll File not found
[2010/04/12 20:44:59 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
[2010/04/12 22:04:56 | 000,019,968 | ---- | M] () -- C:\WINDOWS\System32\bnis.mxo
:commands
[emptytemp]
[reboot]
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
Prefs.js: "http://www.cherche.us/Result.php?cx=partner-pub-0420647... removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:rundll32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:bnis.mxo deleted successfully.
C:\WINDOWS\system32\bnis.mxo moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:yfklng deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg\ deleted successfully.
C:\Documents and Settings\All Users\Documents\Settings folder moved successfully.
File C:\WINDOWS\System32\bnis.mxo not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 27088859 bytes
->Flash cache emptied: 548 bytes
User: Stéphane LEMBRE
->Temp folder emptied: 2005330 bytes
->Temporary Internet Files folder emptied: 20245760 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 434 bytes
User: StÚphane LEMBRE
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20480 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 47,00 mb
OTL by OldTimer - Version 3.2.1.1 log created on 04132010_190043
Files\Folders moved on Reboot...
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\C.tmp moved successfully.
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF1486.tmp not found!
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF34F6.tmp moved successfully.
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF977B.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFAD8B.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFB356.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFC439.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFC6FC.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFCD7A.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFD0A5.tmp not found!
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\A6J5FG9E\292885-11-virus-svschost-fichier-temp[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\8F1Z2TI4\MsgrConfig[1].asmx moved successfully.
File\Folder C:\WINDOWS\temp\ZLT02715.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT02718.TMP not found!
Registry entries deleted on Reboot...
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
Prefs.js: "http://www.cherche.us/Result.php?cx=partner-pub-0420647... removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:rundll32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:bnis.mxo deleted successfully.
C:\WINDOWS\system32\bnis.mxo moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:yfklng deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg\ deleted successfully.
C:\Documents and Settings\All Users\Documents\Settings folder moved successfully.
File C:\WINDOWS\System32\bnis.mxo not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 27088859 bytes
->Flash cache emptied: 548 bytes
User: Stéphane LEMBRE
->Temp folder emptied: 2005330 bytes
->Temporary Internet Files folder emptied: 20245760 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 434 bytes
User: StÚphane LEMBRE
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20480 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 47,00 mb
OTL by OldTimer - Version 3.2.1.1 log created on 04132010_190043
Files\Folders moved on Reboot...
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\C.tmp moved successfully.
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF1486.tmp not found!
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF34F6.tmp moved successfully.
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DF977B.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFAD8B.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFB356.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFC439.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFC6FC.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFCD7A.tmp not found!
File\Folder C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temp\~DFD0A5.tmp not found!
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\A6J5FG9E\292885-11-virus-svschost-fichier-temp[1].htm moved successfully.
C:\Documents and Settings\Stéphane LEMBRE\Local Settings\Temporary Internet Files\Content.IE5\8F1Z2TI4\MsgrConfig[1].asmx moved successfully.
File\Folder C:\WINDOWS\temp\ZLT02715.TMP not found!
File\Folder C:\WINDOWS\temp\ZLT02718.TMP not found!
Registry entries deleted on Reboot...
1/
Télécharge ToolsCleaner2 sur ton Bureau.
Double-clique sur ToolsCleaner2.exe pour le lancer.
Clique sur Recherche et laisse le scan agir.
Clique sur Suppression pour finaliser.
Tu peux, si tu le souhaites, te servir des Options Facultatives.
Clique sur Quitter pour obtenir le rapport.
Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
2/
Télécharge et installe CCleaner (N'installe pas la Yahoo! Toolbar).
Lance-le. Va dans Options puis Avancé et décoche la case Effacer uniquement les fichiers etc....
Va dans Nettoyeur, choisis Analyse. Une fois terminé, lance le nettoyage.
3/
Il est nécessaire de désactiver puis réactiver la restauration système pour la purger.
==Prévention==
Pour supprimer les popups d'AntiVir : Lien
Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.
Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Propriétés, onglet Mises à jour automatiques).
Par rapport au P2P : Lien
Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien
==Problème résolu ?==
--> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
Clique, dans ton premier message, sur le bouton Editer ![]()
.
Ajoute la mention [Résolu] devant le titre.
Clique ensuite sur Valider votre message.
Sois plus vigilant(e) sur Internet![;)]( ";)")
2/
3/
==Prévention==
Pour supprimer les popups d'AntiVir : Lien
Conserve MBAM. Il te servira à scanner les fichiers douteux en complément de l'antivirus et scanne le disque dur régulièrement.
Vérifie que les mises à jour automatiques sont bien activées (Menu Démarrer, clique droit sur Poste de travail, Propriétés, onglet Mises à jour automatiques).
Par rapport au P2P : Lien
Voici un dossier complet (A lire avec Adobe Reader ou Foxit Reader) : Lien
==Problème résolu ?==
--> Si tu estimes que ton problème est résolu, ajoute [Résolu] au titre. Pour cela :
.Sois plus vigilant(e) sur Internet
[#ff0000]/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\[/#f]
Télécharge ComboFix ([#ff0000]sUBs[/#f]) sur ton Bureau.
Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
Il va te demander d'installer la console de récupération : accepte.
Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
ComboFix 10-04-14.04 - Stéphane LEMBRE 16/04/2010 18:37:37.1.1 - x86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.767.224 [GMT 2:00]
Lancé depuis: c:\documents and settings\Stéphane LEMBRE\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\DAEMON Tools SearchBar\search.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-16 au 2010-04-16 ))))))))))))))))))))))))))))))))))))
.
2010-04-13 17:23 . 2010-02-05 09:03 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-12 19:33 . 2010-04-12 19:34 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-04-12 18:28 . 2010-04-12 18:28 -------- d-----w- C:\_OTL
2010-04-12 17:09 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 17:09 . 2010-04-12 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-12 17:09 . 2010-04-12 17:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 17:09 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-12 16:38 . 2010-04-12 16:38 -------- d-----w- c:\documents and settings\LocalService\Bureau
2010-04-11 20:57 . 2010-02-05 09:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-11 20:55 . 2010-04-11 20:55 966104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-11 20:54 . 2010-04-11 20:55 849744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-04-11 20:54 . 2010-04-11 20:54 855864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-04-11 20:54 . 2010-04-11 20:54 1597952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-04-11 20:54 . 2010-04-11 20:54 818256 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-04-11 20:54 . 2010-04-11 20:54 1265264 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-11 20:46 . 2010-04-11 20:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}
2010-04-11 20:46 . 2010-02-05 09:04 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}\Ad-AwareInstaller.exe
2010-04-11 20:45 . 2010-04-12 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 16:47 . 2007-11-08 18:32 -------- d-----w- c:\program files\DAEMON Tools SearchBar
2010-04-16 16:24 . 2007-01-04 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-16 16:24 . 2006-12-10 13:41 -------- d-----w- c:\program files\Wanadoo
2010-04-16 16:23 . 2008-05-08 13:44 -------- d-----w- c:\program files\Free Music Zilla
2010-04-16 16:23 . 2008-12-22 20:54 -------- d-----w- c:\program files\DNA
2010-04-12 19:22 . 2006-12-10 13:24 -------- d-----w- c:\program files\Fichiers communs\Java
2010-04-12 19:22 . 2006-12-10 13:24 -------- d-----w- c:\program files\Java
2010-04-12 18:29 . 2006-08-11 17:43 87154 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-12 18:29 . 2006-08-11 17:43 515792 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-11 20:46 . 2007-03-24 20:04 -------- d-----w- c:\program files\Lavasoft
2010-03-04 08:26 . 2007-06-06 07:18 49887503 -c--a-w- c:\windows\Internet Logs\tvDebug.zip
2010-02-16 10:33 . 2008-04-05 16:06 -------- d-----w- c:\program files\Everest Poker
2010-02-16 10:27 . 2007-02-25 13:52 -------- d-----w- c:\program files\GoodiesTv3
2010-01-17 18:28 . 2010-01-16 15:15 795536 -c--a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2007-10-14 12:27 . 2007-10-14 12:27 386 -c--a-w- c:\program files\Raccourci vers Program Files.lnk
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2005-07-08 17675304]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2007-01-27 190024]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-12 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-11 7626752]
"nwiz"="nwiz.exe" [2006-07-11 1519616]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-11 86016]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"WooCnxMon"="c:\progra~1\Wanadoo\CnxMon.exe" [2004-05-13 24576]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-05-13 24576]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\TaskbarIcon.exe" [2004-05-13 49152]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 968696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
c:\documents and settings\St‚phane LEMBRE\Menu D‚marrer\Programmes\D‚marrage\
FMZilla.lnk - c:\program files\Free Music Zilla\FMZilla.exe [2008-5-8 626688]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-11-1 625952]
Notification de cadeaux MSN.lnk - c:\documents and settings\St‚phane LEMBRE\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-9-24 135680]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-12-10 45056]
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2009-5-12 303104]
ScanPanel.lnk - c:\scanpanel\ScnPanel.exe [2008-3-4 1933312]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2008-12-16 20:16 637232 ----a-w- c:\program files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/04/2010 22:57 64288]
R0 pe3alxec;Cycling Manager 2007 no-binding Environment Driver (pe3alxec);c:\windows\system32\drivers\pe3alxec.sys [11/07/2007 11:44 65184]
R0 pf2alxec;Cycling Manager 2007 no-binding File System Driver (pf2alxec);c:\windows\system32\drivers\pf2alxec.sys [11/07/2007 11:44 83616]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14/11/2009 20:04 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [05/02/2010 11:03 1229232]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08/11/2007 20:26 685816]
S2 pr2alxec;Cycling Manager 2007 no-binding Drivers Auto Removal (pr2alxec);c:\windows\system32\pr2alxec.exe svc --> c:\windows\system32\pr2alxec.exe svc [?]
.
Contenu du dossier 'Tâches planifiées'
2010-04-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-05 09:03]
2010-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL =
uDefault_Search_URL = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.cherche.us/keyword/%s
Trusted Zone: chat-land.org
DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} - hxxp://data.flatcast.com/NpFv415.dll
FF - ProfilePath - c:\documents and settings\Stéphane LEMBRE\Application Data\Mozilla\Firefox\Profiles\ulp97glk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.eurosport.fr/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv415.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\progra~1\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\progra~1\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\progra~1\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\progra~1\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\progra~1\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-Locked - (no file)
HKCU-Run-MsgCenterExe - c:\program files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
HKU-Default-RunOnce-^SetupICWDesktop - (no file)
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-16 18:48
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82AC9AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbfc3
\Driver\ACPI -> ACPI.sys @ 0xf735dcb8
\Driver\atapi -> atapi.sys @ 0xf72d97b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582490
SecurityProcedure -> ntkrnlpa.exe @ 0x80582b32
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582490
SecurityProcedure -> ntkrnlpa.exe @ 0x80582b32
user & kernel MBR OK
**************************************************************************
.
Heure de fin: 2010-04-16 18:53:42
ComboFix-quarantined-files.txt 2010-04-16 16:53
Avant-CF: 32 291 344 384 octets libres
Après-CF: 32 319 385 600 octets libres
- - End Of File - - 496CBF5F0BBBB2992293C6D220FCC46A
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.767.224 [GMT 2:00]
Lancé depuis: c:\documents and settings\Stéphane LEMBRE\Bureau\ComboFix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Un nouveau point de restauration a été créé
AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\DAEMON Tools SearchBar\search.dll
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-03-16 au 2010-04-16 ))))))))))))))))))))))))))))))))))))
.
2010-04-13 17:23 . 2010-02-05 09:03 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-12 19:33 . 2010-04-12 19:34 -------- d-----w- c:\program files\Fichiers communs\Adobe
2010-04-12 18:28 . 2010-04-12 18:28 -------- d-----w- C:\_OTL
2010-04-12 17:09 . 2010-03-29 22:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-12 17:09 . 2010-04-12 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-12 17:09 . 2010-04-12 17:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-12 17:09 . 2010-03-29 22:45 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-12 16:38 . 2010-04-12 16:38 -------- d-----w- c:\documents and settings\LocalService\Bureau
2010-04-11 20:57 . 2010-02-05 09:03 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-04-11 20:55 . 2010-04-11 20:55 966104 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-04-11 20:54 . 2010-04-11 20:55 849744 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-04-11 20:54 . 2010-04-11 20:54 855864 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-04-11 20:54 . 2010-04-11 20:54 1597952 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-04-11 20:54 . 2010-04-11 20:54 818256 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-04-11 20:54 . 2010-04-11 20:54 1265264 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-04-11 20:46 . 2010-04-11 20:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}
2010-04-11 20:46 . 2010-02-05 09:04 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{52AC600B-5800-407E-99FF-83CD0669760B}\Ad-AwareInstaller.exe
2010-04-11 20:45 . 2010-04-12 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-16 16:47 . 2007-11-08 18:32 -------- d-----w- c:\program files\DAEMON Tools SearchBar
2010-04-16 16:24 . 2007-01-04 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-04-16 16:24 . 2006-12-10 13:41 -------- d-----w- c:\program files\Wanadoo
2010-04-16 16:23 . 2008-05-08 13:44 -------- d-----w- c:\program files\Free Music Zilla
2010-04-16 16:23 . 2008-12-22 20:54 -------- d-----w- c:\program files\DNA
2010-04-12 19:22 . 2006-12-10 13:24 -------- d-----w- c:\program files\Fichiers communs\Java
2010-04-12 19:22 . 2006-12-10 13:24 -------- d-----w- c:\program files\Java
2010-04-12 18:29 . 2006-08-11 17:43 87154 ----a-w- c:\windows\system32\perfc00C.dat
2010-04-12 18:29 . 2006-08-11 17:43 515792 ----a-w- c:\windows\system32\perfh00C.dat
2010-04-11 20:46 . 2007-03-24 20:04 -------- d-----w- c:\program files\Lavasoft
2010-03-04 08:26 . 2007-06-06 07:18 49887503 -c--a-w- c:\windows\Internet Logs\tvDebug.zip
2010-02-16 10:33 . 2008-04-05 16:06 -------- d-----w- c:\program files\Everest Poker
2010-02-16 10:27 . 2007-02-25 13:52 -------- d-----w- c:\program files\GoodiesTv3
2010-01-17 18:28 . 2010-01-16 15:15 795536 -c--a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2007-10-14 12:27 . 2007-10-14 12:27 386 -c--a-w- c:\program files\Raccourci vers Program Files.lnk
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2005-07-08 17675304]
"MessengerPlus3"="c:\program files\MessengerPlus! 3\MsgPlus.exe" [2007-01-27 190024]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-07-26 3883856]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-09-18 171464]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-12 323392]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-11 7626752]
"nwiz"="nwiz.exe" [2006-07-11 1519616]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 16208384]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"ntiMUI"="c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-11 86016]
"SunJavaUpdateSched"="c:\program files\Fichiers communs\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Acer Empowering Technology Monitor"="c:\windows\system32\SysMonitor.exe" [2006-04-18 49152]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"WooCnxMon"="c:\progra~1\Wanadoo\CnxMon.exe" [2004-05-13 24576]
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" [2004-01-26 866816]
"WOOWATCH"="c:\progra~1\Wanadoo\Watch.exe" [2004-05-13 24576]
"WOOTASKBARICON"="c:\progra~1\Wanadoo\TaskbarIcon.exe" [2004-05-13 49152]
"Zone Labs Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 968696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
c:\documents and settings\St‚phane LEMBRE\Menu D‚marrer\Programmes\D‚marrage\
FMZilla.lnk - c:\program files\Free Music Zilla\FMZilla.exe [2008-5-8 626688]
hamachi.lnk - c:\program files\Hamachi\hamachi.exe [2007-11-1 625952]
Notification de cadeaux MSN.lnk - c:\documents and settings\St‚phane LEMBRE\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2009-9-24 135680]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - c:\acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2006-12-10 45056]
Acer WLAN 11g USB Dongle.lnk - c:\program files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
Exif Launcher S.lnk - c:\program files\FinePixViewerS\QuickDCF2.exe [2009-5-12 303104]
ScanPanel.lnk - c:\scanpanel\ScnPanel.exe [2008-3-4 1933312]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2008-12-16 20:16 637232 ----a-w- c:\program files\BitTorrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [11/04/2010 22:57 64288]
R0 pe3alxec;Cycling Manager 2007 no-binding Environment Driver (pe3alxec);c:\windows\system32\drivers\pe3alxec.sys [11/07/2007 11:44 65184]
R0 pf2alxec;Cycling Manager 2007 no-binding File System Driver (pf2alxec);c:\windows\system32\drivers\pf2alxec.sys [11/07/2007 11:44 83616]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [14/11/2009 20:04 108289]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [05/02/2010 11:03 1229232]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [08/11/2007 20:26 685816]
S2 pr2alxec;Cycling Manager 2007 no-binding Drivers Auto Removal (pr2alxec);c:\windows\system32\pr2alxec.exe svc --> c:\windows\system32\pr2alxec.exe svc [?]
.
Contenu du dossier 'Tâches planifiées'
2010-04-16 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-05 09:03]
2010-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 13:42]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL =
uDefault_Search_URL = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.cherche.us/keyword/%s
Trusted Zone: chat-land.org
DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} - hxxp://data.flatcast.com/NpFv415.dll
FF - ProfilePath - c:\documents and settings\Stéphane LEMBRE\Application Data\Mozilla\Firefox\Profiles\ulp97glk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.eurosport.fr/
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv415.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- PARAMETRES FIREFOX ----
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\progra~1\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\progra~1\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\progra~1\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\progra~1\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\progra~1\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\progra~1\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\progra~1\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHELINS SUPPRIMES - - - -
Toolbar-Locked - (no file)
HKCU-Run-MsgCenterExe - c:\program files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe
HKU-Default-RunOnce-^SetupICWDesktop - (no file)
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-16 18:48
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x82AC9AC8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74cbfc3
\Driver\ACPI -> ACPI.sys @ 0xf735dcb8
\Driver\atapi -> atapi.sys @ 0xf72d97b4
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582490
SecurityProcedure -> ntkrnlpa.exe @ 0x80582b32
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80582490
SecurityProcedure -> ntkrnlpa.exe @ 0x80582b32
user & kernel MBR OK
**************************************************************************
.
Heure de fin: 2010-04-16 18:53:42
ComboFix-quarantined-files.txt 2010-04-16 16:53
Avant-CF: 32 291 344 384 octets libres
Après-CF: 32 319 385 600 octets libres
- - End Of File - - 496CBF5F0BBBB2992293C6D220FCC46A
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK
J'ai un doute, tu peux suivre cette procédure :
http://forum.malekal.com/load-tdsskiller-t22358.html
http://forum.malekal.com/load-tdsskiller-t22358.html
TDSS rootkit removing tool, Kaspersky Lab, 2010
version 2.2.8.1 Mar 22 2010 10:43:04
Scanning Services ...
Scanning Kernel memory ...
Driver "atapi" infected by TDSS rootkit!
Completed
Results:
Memory objects infected / cured / cured on reboot: 1 / 0 / 0
Registry objects infected / cured / cured on reboot: 0 / 0 / 0
File objects infected / cured / cured on reboot: 0 / 0 / 0
Appuyez sur une touche pour continuer...
version 2.2.8.1 Mar 22 2010 10:43:04
Scanning Services ...
Scanning Kernel memory ...
Driver "atapi" infected by TDSS rootkit!
Completed
Results:
Memory objects infected / cured / cured on reboot: 1 / 0 / 0
Registry objects infected / cured / cured on reboot: 0 / 0 / 0
File objects infected / cured / cured on reboot: 0 / 0 / 0
Appuyez sur une touche pour continuer...
Maintenant, on sait ce que tu as comme infection.
Le fichier système atapi.sys est patché, il faut en remettre un normal.
Télécharge SEAF (de C_XX) sur ton Bureau.
Dans le cadre, copie-colle ceci : atapi.sys
Clique sur Lancer la recherche.
Un rapport va apparaître, poste-le.
Le fichier système atapi.sys est patché, il faut en remettre un normal.
1. ========================= SEAF 1.0.0.7 - C_XX
2.
3. Commencé à: 20:46:38 le 16/04/2010
4.
5. Valeur(s) recherchée(s):
6.
7. atapi.sys
8.
9.
10. ====== Fichier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
11.
12. "c:\WINDOWS\system32\drivers\atapi.sys" [ ----A---- | 95360 ]
13. TC: 10/08/2004,22:00:00 | TM: 10/08/2004,22:00:00 | DA: 16/04/2010,18:51:13
14.
15. =========================
16.
17. "c:\WINDOWS\ERDNT\cache\atapi.sys" [ ----A---- | 95360 ]
18. TC: 16/04/2010,18:51:20 | TM: 10/08/2004,22:00:00 | DA: 16/04/2010,18:51:20
19.
20. =========================
21.
22. ====== Dossier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
23.
24. Aucun dossier trouvé
25.
26. =========================
27.
28. Fin à: 20:57:24 le 16/04/2010 ( E.O.F )
1. ========================= SEAF 1.0.0.7 - C_XX
2.
3. Commencé à: 11:06:20 le 17/04/2010
4.
5. Valeur(s) recherchée(s):
6.
7. atapi.sys
8.
9.
10. ====== Fichier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
11.
12. "c:\WINDOWS\system32\drivers\atapi.sys" [ ----A---- | 96512 ]
13. TC: 10/08/2004,22:00:00 | TM: 13/04/2008,11:40:32 | DA: 17/04/2010,09:42:58
14.
15. =========================
16.
17. "c:\WINDOWS\ServicePackFiles\i386\atapi.sys" [ ----N---- | 96512 ]
18. TC: 17/04/2010,09:48:26 | TM: 13/04/2008,11:40:32 | DA: 17/04/2010,09:48:26
19.
20. =========================
21.
22. "c:\WINDOWS\ERDNT\cache\atapi.sys" [ ----A---- | 95360 ]
23. TC: 16/04/2010,18:51:20 | TM: 10/08/2004,22:00:00 | DA: 16/04/2010,18:51:20
24.
25. =========================
26.
27. "c:\WINDOWS\$NtServicePackUninstall$\atapi.sys" [ ----C---- | 95360 ]
28. TC: 17/04/2010,09:29:01 | TM: 17/04/2010,08:55:56 | DA: 17/04/2010,09:29:01
29.
30. =========================
31.
32. ====== Dossier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
33.
34. Aucun dossier trouvé
35.
36. =========================
37.
38. Fin à: 11:10:29 le 17/04/2010 ( E.O.F )
2.
3. Commencé à: 11:06:20 le 17/04/2010
4.
5. Valeur(s) recherchée(s):
6.
7. atapi.sys
8.
9.
10. ====== Fichier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
11.
12. "c:\WINDOWS\system32\drivers\atapi.sys" [ ----A---- | 96512 ]
13. TC: 10/08/2004,22:00:00 | TM: 13/04/2008,11:40:32 | DA: 17/04/2010,09:42:58
14.
15. =========================
16.
17. "c:\WINDOWS\ServicePackFiles\i386\atapi.sys" [ ----N---- | 96512 ]
18. TC: 17/04/2010,09:48:26 | TM: 13/04/2008,11:40:32 | DA: 17/04/2010,09:48:26
19.
20. =========================
21.
22. "c:\WINDOWS\ERDNT\cache\atapi.sys" [ ----A---- | 95360 ]
23. TC: 16/04/2010,18:51:20 | TM: 10/08/2004,22:00:00 | DA: 16/04/2010,18:51:20
24.
25. =========================
26.
27. "c:\WINDOWS\$NtServicePackUninstall$\atapi.sys" [ ----C---- | 95360 ]
28. TC: 17/04/2010,09:29:01 | TM: 17/04/2010,08:55:56 | DA: 17/04/2010,09:29:01
29.
30. =========================
31.
32. ====== Dossier(s) (TC: Date de création, TM: Date de modification, DA, Dernier accès) ======
33.
34. Aucun dossier trouvé
35.
36. =========================
37.
38. Fin à: 11:10:29 le 17/04/2010 ( E.O.F )
TDSS rootkit removing tool, Kaspersky Lab, 2010
version 2.2.8.1 Mar 22 2010 10:43:04
Scanning Services ...
Scanning Kernel memory ...
Completed
Results:
Memory objects infected / cured / cured on reboot: 0 / 0 / 0
Registry objects infected / cured / cured on reboot: 0 / 0 / 0
File objects infected / cured / cured on reboot: 0 / 0 / 0
Appuyez sur une touche pour continuer...
version 2.2.8.1 Mar 22 2010 10:43:04
Scanning Services ...
Scanning Kernel memory ...
Completed
Results:
Memory objects infected / cured / cured on reboot: 0 / 0 / 0
Registry objects infected / cured / cured on reboot: 0 / 0 / 0
File objects infected / cured / cured on reboot: 0 / 0 / 0
Appuyez sur une touche pour continuer...
Lassé par la pub ? Créez un compte
- Contenus similaires :
- ForumVista supprimer fichier temp
- ForumFichier temp vista
- ForumFichier temp de firefox
- ForumReparer fichier temp emule
- ForumComment ouvrir un fichier temp
- ForumFichier temp opera
- ForumFichier temp photoshop windows
- solutionsFichier temp windows 7
- ForumFichier temp
- ForumSuprimer fichier temp
- Voir plus
