[OK] Demande étude log suite à virus lançant IE intempestive

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Messagede nickW » 29 Aoû 2010, 10:02

Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. Ceci est la suite du message précédent.


Étape 6: Pas de processus de contrôle en temps réel
Si le PC a redémarré, et si l'antivirus a été réactivé, il faut de nouveau le désactiver.


Étape 7: OTL (de OldTimer), correction

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Correction: Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 8: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 9: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 10: Résultats
Envoyer en réponse:
*- le rapport de rkill (contenu du fichier rkill.log situé dans le dossier SystemDrive\)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct:
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede sergeK » 29 Aoû 2010, 10:11

Bonjour,

Devant l'absence de réponse à ce fil lors du passage de nickW dans la nuit, j'ai tenté de voir les différences avec mon propre fil, et constaté que les lignes en violet de la section "Custom Scans" du rapport de marcus91 ne comportaient pas les indications telles que < %systemroot%\*. /mp /s > par exemple, ce qui m'a laissé penser à l'absence du scan.txt.

Je vous prie tous deux de m'excuser pour cette interprétation erronée. :oops:

Bonne journée.
sergeK
 
Messages: 171
Inscription: 20 Jan 2008, 00:20

Messagede nickW » 29 Aoû 2010, 11:00

Re-Bonjour sergeK,

L'explication: c'est le logiciel gérant le forum qui "mange" les libellés qui sont inscrits entre "<" et ">" en croyant qu'il s'agit de HTML.
Exemple:
Code: Tout sélectionner
< %SYSTEMDRIVE%\*.exe >


Pour les faire apparaître, il faut lors du premier envoi du message (après il est trop tard) dé-cocher la case situé devant "Désactiver le HTML dans ce message" ... et il m'est impossible de demander cette manip aux interlocuteurs nouveaux venus, souvent peu au fait des subtilités du logiciel phpBB.

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Demande étude log suite à virus lançant IE intempestivement

Messagede marcus91 » 29 Aoû 2010, 16:04

Merci NickW pour ces instructions de désinfection.
Je joins les fichiers demandés en étape 10:

RKILL.LOG:

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.
Ran as Marc on 29/08/2010 at 15:44:27.


Processes terminated by Rkill or while it was running:


C:\DOCUME~1\Marc\LOCALS~1\Temp\Gxv .exe
C:\DOCUME~1\Marc\LOCALS~1\Temp\Gxn .exe
C:\DOCUME~1\Marc\LOCALS~1\Temp\Gxn .exe
C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marc\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Marc\Bureau\rkill.exe


Rkill completed on 29/08/2010 at 15:44:38.

END
marcus91
 
Messages: 50
Inscription: 28 Aoû 2010, 16:44
Localisation: Essonne

Demande étude log suite à virus lançant IE intempestivement

Messagede marcus91 » 29 Aoû 2010, 16:06

mbam.log


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4500

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

29/08/2010 16:19:19
mbam-log-2010-08-29 (16-19-19).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 188547
Temps écoulé: 21 minute(s), 20 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 14
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 3
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 22

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Documents and Settings\All Users\Documents\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{494e6cec-7483-a4ee-0938-895519a84bc7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\setup.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XBV6RD5SZF (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg (Trojan.Agent) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\otgv1dnwqq (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xbv6rd5szf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\uid (Malware.Trace) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\WINDOWS\system32\lowsec (Stolen.data) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Marc\Local Settings\Temp\Gxn .exe (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\Marc\Local Settings\Temp\Gxt.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marc\Local Settings\Temp\Gxx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marc\Local Settings\Temp\Gxy.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marc\Local Settings\Temp\mkcxhunr.exe (Rogue.SecuritySuite) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marc\Local Settings\Temp\3B0.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marc\Local Settings\Temp\3B2.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marc\Local Settings\Temp\3B4.tmp (Rootkit.Dropper) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\gnjb.tmp\setup.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marc\Local Settings\Temporary Internet Files\Content.IE5\SYDWHU97\newsecureapp70700[1].exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\local.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\lowsec\user.ds (Stolen.data) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marc\Local Settings\Temp\Gxv.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marc\Bureau\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Settings\cbss.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marc\Menu Démarrer\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Documents and Settings\Marc\Local Settings\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\Fonts\k62B7kcr0.com (Malware.Generic) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

END
marcus91
 
Messages: 50
Inscription: 28 Aoû 2010, 16:44
Localisation: Essonne

Demande étude log suite à virus lançant IE intempestivement

Messagede marcus91 » 29 Aoû 2010, 16:08

OTL.TXT:

All processes killed
Error: Unable to interpret <rien > in the current context!
========== SERVICES/DRIVERS ==========
Error: No service named SSHNAS was found to stop!
Service\Driver key SSHNAS not found.
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1417001333-1788223648-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{C94E154B-1459-4A47-966B-4B843BEFC7DB} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}\ deleted successfully.
C:\Program Files\AskSearch\bin\DefaultSearch.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1417001333-1788223648-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
C:\Program Files\pdfforge Toolbar\SearchSettings.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ deleted successfully.
C:\Program Files\AskBarDis\bar\bin\askBar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}\ deleted successfully.
C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Program Files\pdfforge Toolbar\SearchSettings.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ deleted successfully.
File C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
File C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
File C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1417001333-1788223648-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3041D03E-FD4B-44E0-B742-2D9B88305F98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1417001333-1788223648-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31CF9EBE-5755-4A1D-AC25-2834D952D9B4}\ not found.
File C:\Program Files\PDFCreator Toolbar\v3.0.0.0\PDFCreator_Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files\pdfforge Toolbar\SearchSettings.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1417001333-1788223648-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\newsecureapp70700.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1417001333-1788223648-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\OTGV1DNWQQ not found.
File C:\Documents and Settings\Marc\Local Settings\Temp\Gxv.exe not found.
Registry value HKEY_USERS\S-1-5-21-1417001333-1788223648-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Run\\XBV6RD5SZF not found.
C:\Documents and Settings\Marc\Local Settings\Temp\Gxn .exe moved successfully.
File move failed. C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\system32\sdra64.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cbssreg\ not found.
File C:\Documents and Settings\All Users\Documents\Settings\cbss.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d6a28aab-53a8-11de-90b8-00123f32f263}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d6a28aab-53a8-11de-90b8-00123f32f263}\ not found.
File F:\InstallTomTomHOME.exe not found.
SSHNAS removed from NetSvcs value successfully!
File C:\Documents and Settings\Marc\Local Settings\Temp\sshnas21.dll not found.
========== FILES ==========
C:\WINDOWS\Gqifaf.exe moved successfully.
C:\WINDOWS\Gqifae.exe moved successfully.
C:\WINDOWS\Gqifad.exe moved successfully.
C:\WINDOWS\Gqifac.exe moved successfully.
C:\WINDOWS\Gqifab.exe moved successfully.
C:\WINDOWS\Gqifaa.exe moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\At10.job moved successfully.
C:\WINDOWS\tasks\At100.job moved successfully.
C:\WINDOWS\tasks\At101.job moved successfully.
C:\WINDOWS\tasks\At102.job moved successfully.
C:\WINDOWS\tasks\At103.job moved successfully.
C:\WINDOWS\tasks\At104.job moved successfully.
C:\WINDOWS\tasks\At105.job moved successfully.
C:\WINDOWS\tasks\At106.job moved successfully.
C:\WINDOWS\tasks\At107.job moved successfully.
C:\WINDOWS\tasks\At108.job moved successfully.
C:\WINDOWS\tasks\At109.job moved successfully.
C:\WINDOWS\tasks\At11.job moved successfully.
C:\WINDOWS\tasks\At110.job moved successfully.
C:\WINDOWS\tasks\At111.job moved successfully.
C:\WINDOWS\tasks\At112.job moved successfully.
C:\WINDOWS\tasks\At113.job moved successfully.
C:\WINDOWS\tasks\At114.job moved successfully.
C:\WINDOWS\tasks\At115.job moved successfully.
C:\WINDOWS\tasks\At116.job moved successfully.
C:\WINDOWS\tasks\At117.job moved successfully.
C:\WINDOWS\tasks\At118.job moved successfully.
C:\WINDOWS\tasks\At119.job moved successfully.
C:\WINDOWS\tasks\At12.job moved successfully.
C:\WINDOWS\tasks\At120.job moved successfully.
C:\WINDOWS\tasks\At121.job moved successfully.
C:\WINDOWS\tasks\At122.job moved successfully.
C:\WINDOWS\tasks\At123.job moved successfully.
C:\WINDOWS\tasks\At124.job moved successfully.
C:\WINDOWS\tasks\At125.job moved successfully.
C:\WINDOWS\tasks\At126.job moved successfully.
C:\WINDOWS\tasks\At127.job moved successfully.
C:\WINDOWS\tasks\At128.job moved successfully.
C:\WINDOWS\tasks\At129.job moved successfully.
C:\WINDOWS\tasks\At13.job moved successfully.
C:\WINDOWS\tasks\At130.job moved successfully.
C:\WINDOWS\tasks\At131.job moved successfully.
C:\WINDOWS\tasks\At132.job moved successfully.
C:\WINDOWS\tasks\At133.job moved successfully.
C:\WINDOWS\tasks\At134.job moved successfully.
C:\WINDOWS\tasks\At135.job moved successfully.
C:\WINDOWS\tasks\At136.job moved successfully.
C:\WINDOWS\tasks\At137.job moved successfully.
C:\WINDOWS\tasks\At138.job moved successfully.
C:\WINDOWS\tasks\At139.job moved successfully.
C:\WINDOWS\tasks\At14.job moved successfully.
C:\WINDOWS\tasks\At140.job moved successfully.
C:\WINDOWS\tasks\At141.job moved successfully.
C:\WINDOWS\tasks\At142.job moved successfully.
C:\WINDOWS\tasks\At143.job moved successfully.
C:\WINDOWS\tasks\At144.job moved successfully.
C:\WINDOWS\tasks\At145.job moved successfully.
C:\WINDOWS\tasks\At146.job moved successfully.
C:\WINDOWS\tasks\At147.job moved successfully.
C:\WINDOWS\tasks\At148.job moved successfully.
C:\WINDOWS\tasks\At149.job moved successfully.
C:\WINDOWS\tasks\At15.job moved successfully.
C:\WINDOWS\tasks\At150.job moved successfully.
C:\WINDOWS\tasks\At151.job moved successfully.
C:\WINDOWS\tasks\At152.job moved successfully.
C:\WINDOWS\tasks\At153.job moved successfully.
C:\WINDOWS\tasks\At154.job moved successfully.
C:\WINDOWS\tasks\At155.job moved successfully.
C:\WINDOWS\tasks\At156.job moved successfully.
C:\WINDOWS\tasks\At157.job moved successfully.
C:\WINDOWS\tasks\At158.job moved successfully.
C:\WINDOWS\tasks\At159.job moved successfully.
C:\WINDOWS\tasks\At16.job moved successfully.
C:\WINDOWS\tasks\At160.job moved successfully.
C:\WINDOWS\tasks\At161.job moved successfully.
C:\WINDOWS\tasks\At162.job moved successfully.
C:\WINDOWS\tasks\At163.job moved successfully.
C:\WINDOWS\tasks\At164.job moved successfully.
C:\WINDOWS\tasks\At165.job moved successfully.
C:\WINDOWS\tasks\At166.job moved successfully.
C:\WINDOWS\tasks\At167.job moved successfully.
C:\WINDOWS\tasks\At168.job moved successfully.
C:\WINDOWS\tasks\At169.job moved successfully.
C:\WINDOWS\tasks\At17.job moved successfully.
C:\WINDOWS\tasks\At170.job moved successfully.
C:\WINDOWS\tasks\At171.job moved successfully.
C:\WINDOWS\tasks\At172.job moved successfully.
C:\WINDOWS\tasks\At173.job moved successfully.
C:\WINDOWS\tasks\At174.job moved successfully.
C:\WINDOWS\tasks\At175.job moved successfully.
C:\WINDOWS\tasks\At176.job moved successfully.
C:\WINDOWS\tasks\At177.job moved successfully.
C:\WINDOWS\tasks\At178.job moved successfully.
C:\WINDOWS\tasks\At179.job moved successfully.
C:\WINDOWS\tasks\At18.job moved successfully.
C:\WINDOWS\tasks\At180.job moved successfully.
C:\WINDOWS\tasks\At181.job moved successfully.
C:\WINDOWS\tasks\At182.job moved successfully.
C:\WINDOWS\tasks\At183.job moved successfully.
C:\WINDOWS\tasks\At184.job moved successfully.
C:\WINDOWS\tasks\At185.job moved successfully.
C:\WINDOWS\tasks\At186.job moved successfully.
C:\WINDOWS\tasks\At187.job moved successfully.
C:\WINDOWS\tasks\At188.job moved successfully.
C:\WINDOWS\tasks\At189.job moved successfully.
C:\WINDOWS\tasks\At19.job moved successfully.
C:\WINDOWS\tasks\At190.job moved successfully.
C:\WINDOWS\tasks\At191.job moved successfully.
C:\WINDOWS\tasks\At192.job moved successfully.
C:\WINDOWS\tasks\At193.job moved successfully.
C:\WINDOWS\tasks\At194.job moved successfully.
C:\WINDOWS\tasks\At195.job moved successfully.
C:\WINDOWS\tasks\At196.job moved successfully.
C:\WINDOWS\tasks\At197.job moved successfully.
C:\WINDOWS\tasks\At198.job moved successfully.
C:\WINDOWS\tasks\At199.job moved successfully.
C:\WINDOWS\tasks\At2.job moved successfully.
C:\WINDOWS\tasks\At20.job moved successfully.
C:\WINDOWS\tasks\At200.job moved successfully.
C:\WINDOWS\tasks\At201.job moved successfully.
C:\WINDOWS\tasks\At202.job moved successfully.
C:\WINDOWS\tasks\At203.job moved successfully.
C:\WINDOWS\tasks\At204.job moved successfully.
C:\WINDOWS\tasks\At205.job moved successfully.
C:\WINDOWS\tasks\At206.job moved successfully.
C:\WINDOWS\tasks\At207.job moved successfully.
C:\WINDOWS\tasks\At208.job moved successfully.
C:\WINDOWS\tasks\At209.job moved successfully.
C:\WINDOWS\tasks\At21.job moved successfully.
C:\WINDOWS\tasks\At210.job moved successfully.
C:\WINDOWS\tasks\At211.job moved successfully.
C:\WINDOWS\tasks\At212.job moved successfully.
C:\WINDOWS\tasks\At213.job moved successfully.
C:\WINDOWS\tasks\At214.job moved successfully.
C:\WINDOWS\tasks\At215.job moved successfully.
C:\WINDOWS\tasks\At216.job moved successfully.
C:\WINDOWS\tasks\At217.job moved successfully.
C:\WINDOWS\tasks\At218.job moved successfully.
C:\WINDOWS\tasks\At219.job moved successfully.
C:\WINDOWS\tasks\At22.job moved successfully.
C:\WINDOWS\tasks\At220.job moved successfully.
C:\WINDOWS\tasks\At221.job moved successfully.
C:\WINDOWS\tasks\At222.job moved successfully.
C:\WINDOWS\tasks\At223.job moved successfully.
C:\WINDOWS\tasks\At224.job moved successfully.
C:\WINDOWS\tasks\At225.job moved successfully.
C:\WINDOWS\tasks\At226.job moved successfully.
C:\WINDOWS\tasks\At227.job moved successfully.
C:\WINDOWS\tasks\At228.job moved successfully.
C:\WINDOWS\tasks\At229.job moved successfully.
C:\WINDOWS\tasks\At23.job moved successfully.
C:\WINDOWS\tasks\At230.job moved successfully.
C:\WINDOWS\tasks\At231.job moved successfully.
C:\WINDOWS\tasks\At232.job moved successfully.
C:\WINDOWS\tasks\At233.job moved successfully.
C:\WINDOWS\tasks\At234.job moved successfully.
C:\WINDOWS\tasks\At235.job moved successfully.
C:\WINDOWS\tasks\At236.job moved successfully.
C:\WINDOWS\tasks\At237.job moved successfully.
C:\WINDOWS\tasks\At238.job moved successfully.
C:\WINDOWS\tasks\At239.job moved successfully.
C:\WINDOWS\tasks\At24.job moved successfully.
C:\WINDOWS\tasks\At240.job moved successfully.
C:\WINDOWS\tasks\At241.job moved successfully.
C:\WINDOWS\tasks\At242.job moved successfully.
C:\WINDOWS\tasks\At243.job moved successfully.
C:\WINDOWS\tasks\At244.job moved successfully.
C:\WINDOWS\tasks\At245.job moved successfully.
C:\WINDOWS\tasks\At246.job moved successfully.
C:\WINDOWS\tasks\At247.job moved successfully.
C:\WINDOWS\tasks\At248.job moved successfully.
C:\WINDOWS\tasks\At249.job moved successfully.
C:\WINDOWS\tasks\At25.job moved successfully.
C:\WINDOWS\tasks\At250.job moved successfully.
C:\WINDOWS\tasks\At251.job moved successfully.
C:\WINDOWS\tasks\At252.job moved successfully.
C:\WINDOWS\tasks\At253.job moved successfully.
C:\WINDOWS\tasks\At254.job moved successfully.
C:\WINDOWS\tasks\At255.job moved successfully.
C:\WINDOWS\tasks\At256.job moved successfully.
C:\WINDOWS\tasks\At257.job moved successfully.
C:\WINDOWS\tasks\At258.job moved successfully.
C:\WINDOWS\tasks\At259.job moved successfully.
C:\WINDOWS\tasks\At26.job moved successfully.
C:\WINDOWS\tasks\At260.job moved successfully.
C:\WINDOWS\tasks\At261.job moved successfully.
C:\WINDOWS\tasks\At262.job moved successfully.
C:\WINDOWS\tasks\At263.job moved successfully.
C:\WINDOWS\tasks\At264.job moved successfully.
C:\WINDOWS\tasks\At265.job moved successfully.
C:\WINDOWS\tasks\At266.job moved successfully.
C:\WINDOWS\tasks\At267.job moved successfully.
C:\WINDOWS\tasks\At268.job moved successfully.
C:\WINDOWS\tasks\At269.job moved successfully.
C:\WINDOWS\tasks\At27.job moved successfully.
C:\WINDOWS\tasks\At270.job moved successfully.
C:\WINDOWS\tasks\At271.job moved successfully.
C:\WINDOWS\tasks\At272.job moved successfully.
C:\WINDOWS\tasks\At273.job moved successfully.
C:\WINDOWS\tasks\At274.job moved successfully.
C:\WINDOWS\tasks\At275.job moved successfully.
C:\WINDOWS\tasks\At276.job moved successfully.
C:\WINDOWS\tasks\At277.job moved successfully.
C:\WINDOWS\tasks\At278.job moved successfully.
C:\WINDOWS\tasks\At279.job moved successfully.
C:\WINDOWS\tasks\At28.job moved successfully.
C:\WINDOWS\tasks\At280.job moved successfully.
C:\WINDOWS\tasks\At281.job moved successfully.
C:\WINDOWS\tasks\At282.job moved successfully.
C:\WINDOWS\tasks\At283.job moved successfully.
C:\WINDOWS\tasks\At284.job moved successfully.
C:\WINDOWS\tasks\At285.job moved successfully.
C:\WINDOWS\tasks\At286.job moved successfully.
C:\WINDOWS\tasks\At287.job moved successfully.
C:\WINDOWS\tasks\At288.job moved successfully.
C:\WINDOWS\tasks\At289.job moved successfully.
C:\WINDOWS\tasks\At29.job moved successfully.
C:\WINDOWS\tasks\At290.job moved successfully.
C:\WINDOWS\tasks\At291.job moved successfully.
C:\WINDOWS\tasks\At292.job moved successfully.
C:\WINDOWS\tasks\At293.job moved successfully.
C:\WINDOWS\tasks\At294.job moved successfully.
C:\WINDOWS\tasks\At295.job moved successfully.
C:\WINDOWS\tasks\At296.job moved successfully.
C:\WINDOWS\tasks\At297.job moved successfully.
C:\WINDOWS\tasks\At298.job moved successfully.
C:\WINDOWS\tasks\At299.job moved successfully.
C:\WINDOWS\tasks\At3.job moved successfully.
C:\WINDOWS\tasks\At30.job moved successfully.
C:\WINDOWS\tasks\At300.job moved successfully.
C:\WINDOWS\tasks\At301.job moved successfully.
C:\WINDOWS\tasks\At302.job moved successfully.
C:\WINDOWS\tasks\At303.job moved successfully.
C:\WINDOWS\tasks\At304.job moved successfully.
C:\WINDOWS\tasks\At305.job moved successfully.
C:\WINDOWS\tasks\At306.job moved successfully.
C:\WINDOWS\tasks\At307.job moved successfully.
C:\WINDOWS\tasks\At308.job moved successfully.
C:\WINDOWS\tasks\At309.job moved successfully.
C:\WINDOWS\tasks\At31.job moved successfully.
C:\WINDOWS\tasks\At310.job moved successfully.
C:\WINDOWS\tasks\At311.job moved successfully.
C:\WINDOWS\tasks\At312.job moved successfully.
C:\WINDOWS\tasks\At313.job moved successfully.
C:\WINDOWS\tasks\At314.job moved successfully.
C:\WINDOWS\tasks\At315.job moved successfully.
C:\WINDOWS\tasks\At316.job moved successfully.
C:\WINDOWS\tasks\At317.job moved successfully.
C:\WINDOWS\tasks\At318.job moved successfully.
C:\WINDOWS\tasks\At319.job moved successfully.
C:\WINDOWS\tasks\At32.job moved successfully.
C:\WINDOWS\tasks\At320.job moved successfully.
C:\WINDOWS\tasks\At321.job moved successfully.
C:\WINDOWS\tasks\At322.job moved successfully.
C:\WINDOWS\tasks\At323.job moved successfully.
C:\WINDOWS\tasks\At324.job moved successfully.
C:\WINDOWS\tasks\At325.job moved successfully.
C:\WINDOWS\tasks\At326.job moved successfully.
C:\WINDOWS\tasks\At327.job moved successfully.
C:\WINDOWS\tasks\At328.job moved successfully.
C:\WINDOWS\tasks\At329.job moved successfully.
C:\WINDOWS\tasks\At33.job moved successfully.
C:\WINDOWS\tasks\At330.job moved successfully.
C:\WINDOWS\tasks\At331.job moved successfully.
C:\WINDOWS\tasks\At332.job moved successfully.
C:\WINDOWS\tasks\At333.job moved successfully.
C:\WINDOWS\tasks\At334.job moved successfully.
C:\WINDOWS\tasks\At335.job moved successfully.
C:\WINDOWS\tasks\At336.job moved successfully.
C:\WINDOWS\tasks\At34.job moved successfully.
C:\WINDOWS\tasks\At35.job moved successfully.
C:\WINDOWS\tasks\At36.job moved successfully.
C:\WINDOWS\tasks\At37.job moved successfully.
C:\WINDOWS\tasks\At38.job moved successfully.
C:\WINDOWS\tasks\At39.job moved successfully.
C:\WINDOWS\tasks\At4.job moved successfully.
C:\WINDOWS\tasks\At40.job moved successfully.
C:\WINDOWS\tasks\At41.job moved successfully.
C:\WINDOWS\tasks\At42.job moved successfully.
C:\WINDOWS\tasks\At43.job moved successfully.
C:\WINDOWS\tasks\At44.job moved successfully.
C:\WINDOWS\tasks\At45.job moved successfully.
C:\WINDOWS\tasks\At46.job moved successfully.
C:\WINDOWS\tasks\At47.job moved successfully.
C:\WINDOWS\tasks\At48.job moved successfully.
C:\WINDOWS\tasks\At49.job moved successfully.
C:\WINDOWS\tasks\At5.job moved successfully.
C:\WINDOWS\tasks\At50.job moved successfully.
C:\WINDOWS\tasks\At51.job moved successfully.
C:\WINDOWS\tasks\At52.job moved successfully.
C:\WINDOWS\tasks\At53.job moved successfully.
C:\WINDOWS\tasks\At54.job moved successfully.
C:\WINDOWS\tasks\At55.job moved successfully.
C:\WINDOWS\tasks\At56.job moved successfully.
C:\WINDOWS\tasks\At57.job moved successfully.
C:\WINDOWS\tasks\At58.job moved successfully.
C:\WINDOWS\tasks\At59.job moved successfully.
C:\WINDOWS\tasks\At6.job moved successfully.
C:\WINDOWS\tasks\At60.job moved successfully.
C:\WINDOWS\tasks\At61.job moved successfully.
C:\WINDOWS\tasks\At62.job moved successfully.
C:\WINDOWS\tasks\At63.job moved successfully.
C:\WINDOWS\tasks\At64.job moved successfully.
C:\WINDOWS\tasks\At65.job moved successfully.
C:\WINDOWS\tasks\At66.job moved successfully.
C:\WINDOWS\tasks\At67.job moved successfully.
C:\WINDOWS\tasks\At68.job moved successfully.
C:\WINDOWS\tasks\At69.job moved successfully.
C:\WINDOWS\tasks\At7.job moved successfully.
C:\WINDOWS\tasks\At70.job moved successfully.
C:\WINDOWS\tasks\At71.job moved successfully.
C:\WINDOWS\tasks\At72.job moved successfully.
C:\WINDOWS\tasks\At73.job moved successfully.
C:\WINDOWS\tasks\At74.job moved successfully.
C:\WINDOWS\tasks\At75.job moved successfully.
C:\WINDOWS\tasks\At76.job moved successfully.
C:\WINDOWS\tasks\At77.job moved successfully.
C:\WINDOWS\tasks\At78.job moved successfully.
C:\WINDOWS\tasks\At79.job moved successfully.
C:\WINDOWS\tasks\At8.job moved successfully.
C:\WINDOWS\tasks\At80.job moved successfully.
C:\WINDOWS\tasks\At81.job moved successfully.
C:\WINDOWS\tasks\At82.job moved successfully.
C:\WINDOWS\tasks\At83.job moved successfully.
C:\WINDOWS\tasks\At84.job moved successfully.
C:\WINDOWS\tasks\At85.job moved successfully.
C:\WINDOWS\tasks\At86.job moved successfully.
C:\WINDOWS\tasks\At87.job moved successfully.
C:\WINDOWS\tasks\At88.job moved successfully.
C:\WINDOWS\tasks\At89.job moved successfully.
C:\WINDOWS\tasks\At9.job moved successfully.
C:\WINDOWS\tasks\At90.job moved successfully.
C:\WINDOWS\tasks\At91.job moved successfully.
C:\WINDOWS\tasks\At92.job moved successfully.
C:\WINDOWS\tasks\At93.job moved successfully.
C:\WINDOWS\tasks\At94.job moved successfully.
C:\WINDOWS\tasks\At95.job moved successfully.
C:\WINDOWS\tasks\At96.job moved successfully.
C:\WINDOWS\tasks\At97.job moved successfully.
C:\WINDOWS\tasks\At98.job moved successfully.
C:\WINDOWS\tasks\At99.job moved successfully.
File\Folder C:\WINDOWS\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job not found.
File\Folder C:\WINDOWS\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
File move failed. C:\Documents and Settings\All Users\Application Data\5F44K5ou.exe scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Application Data\2uGL041F.dat moved successfully.
File\Folder C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk not found.
File\Folder C:\Documents and Settings\Marc\Bureau\Antimalware Doctor.lnk not found.
File\Folder C:\Documents and Settings\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk not found.
C:\Documents and Settings\Invité\Application Data\Search Settings\kb128\temp folder moved successfully.
C:\Documents and Settings\Invité\Application Data\Search Settings\kb128 folder moved successfully.
C:\Documents and Settings\Invité\Application Data\Search Settings folder moved successfully.
C:\Documents and Settings\Marc\Application Data\Search Settings\kb128\temp folder moved successfully.
C:\Documents and Settings\Marc\Application Data\Search Settings\kb128 folder moved successfully.
C:\Documents and Settings\Marc\Application Data\Search Settings folder moved successfully.
C:\Documents and Settings\vincent\Application Data\Search Settings\kb128\temp folder moved successfully.
C:\Documents and Settings\vincent\Application Data\Search Settings\kb128 folder moved successfully.
C:\Documents and Settings\vincent\Application Data\Search Settings folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Invité
->Temp folder emptied: 55284 bytes
->Temporary Internet Files folder emptied: 179777259 bytes
->FireFox cache emptied: 91302830 bytes
->Flash cache emptied: 3851 bytes

User: LocalService
->Temp folder emptied: 115616 bytes
->Temporary Internet Files folder emptied: 181116 bytes
->Flash cache emptied: 618 bytes

User: Marc
->Temp folder emptied: 575034397 bytes
->Temporary Internet Files folder emptied: 154457341 bytes
->Java cache emptied: 59843232 bytes
->FireFox cache emptied: 21110822 bytes
->Google Chrome cache emptied: 79566208 bytes
->Flash cache emptied: 456 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 125519298 bytes
->Flash cache emptied: 1984 bytes

User: vincent
->Temp folder emptied: 852199687 bytes
->Temporary Internet Files folder emptied: 119243590 bytes
->Java cache emptied: 56407045 bytes
->FireFox cache emptied: 90146293 bytes
->Flash cache emptied: 36816 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2134632 bytes
%systemroot%\System32 .tmp files removed: 3771392 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 99486887 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 90973399 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 65988 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2 481,00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08292010_162408

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\Antimalware Doctor.lnk not found!
File\Folder C:\Documents and Settings\All Users\Application Data\5F44K5ou.exe not found!

Registry entries deleted on Reboot...

END
marcus91
 
Messages: 50
Inscription: 28 Aoû 2010, 16:44
Localisation: Essonne

Demande étude log suite à virus lançant IE intempestivement

Messagede marcus91 » 29 Aoû 2010, 16:22

OTL.TXT situé sur le bureau:

OTL logfile created on: 29/08/2010 16:54:52 - Run 2
OTL by OldTimer - Version 3.2.10.0 Folder = C:\Documents and Settings\Marc\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 64,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97,65 Gb Total Space | 16,30 Gb Free Space | 16,69% Space Free | Partition Type: NTFS
Drive D: | 209,96 Gb Total Space | 6,46 Gb Free Space | 3,08% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MEZZO-719C8ECD8
Current User Name: Marc
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/08/29 16:51:29 | 000,029,421 | ---- | M] () -- C:\Documents and Settings\Marc\Local Settings\Temp\hki86.exe
PRC - [2010/08/28 12:00:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\Bureau\OTL.exe
PRC - [2010/08/27 23:40:59 | 000,035,848 | ---- | M] () -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2010/08/27 23:40:58 | 000,035,848 | ---- | M] () -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/08/27 23:40:57 | 000,035,848 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2010/08/27 19:11:51 | 000,035,844 | ---- | M] () -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2010/08/27 19:11:51 | 000,035,844 | ---- | M] () -- C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
PRC - [2010/08/27 19:11:51 | 000,035,844 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010/07/01 00:07:46 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/06/15 19:58:18 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/06/15 16:33:44 | 000,141,624 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper .exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Fichiers communs\Mcafee\SystemCore\mfefire.exe
PRC - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Fichiers communs\Mcafee\SystemCore\mfevtps.exe
PRC - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe
PRC - [2010/02/04 22:21:15 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/01/30 16:21:31 | 000,788,880 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/01/05 19:04:02 | 000,170,144 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Fichiers communs\Mcafee\SystemCore\mcshield.exe
PRC - [2009/07/27 04:10:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009/06/27 15:52:06 | 000,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched .exe
PRC - [2009/06/03 14:46:36 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/06/03 14:46:34 | 000,251,240 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMERunner .exe
PRC - [2009/04/23 06:48:56 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/04/23 06:48:54 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/10/14 15:42:54 | 001,404,928 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp .exe
PRC - [2004/10/12 16:54:30 | 000,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
PRC - [2004/01/07 01:01:00 | 000,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray .exe
PRC - [2003/02/11 09:10:00 | 000,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE


========== Modules (SafeList) ==========

MOD - [2010/08/28 12:00:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\Bureau\OTL.exe
MOD - [2008/04/14 04:32:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/27 17:16:24 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/04/27 17:16:24 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\Fichiers communs\Mcafee\SystemCore\mfevtps.exe -- (mfevtp)
SRV - [2010/04/15 09:45:10 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/02/04 22:21:15 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/01/05 19:04:02 | 000,170,144 | ---- | M] () [Unknown | Running] -- C:\Program Files\Fichiers communs\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2009/12/18 19:20:28 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2009/12/17 17:37:52 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/06/03 14:46:36 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2008/12/09 18:40:16 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/09 18:40:16 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)


========== Driver Services (SafeList) ==========

DRV - [2010/04/27 17:16:24 | 000,385,880 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/04/27 17:16:24 | 000,312,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/04/27 17:16:24 | 000,152,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/04/27 17:16:24 | 000,095,568 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/04/27 17:16:24 | 000,088,480 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/04/27 17:16:24 | 000,083,496 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/04/27 17:16:24 | 000,082,952 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/04/27 17:16:24 | 000,055,456 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/04/27 17:16:24 | 000,051,688 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2009/09/23 14:55:23 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2004/09/17 10:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2004/08/25 14:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2004/08/13 02:56:00 | 000,040,544 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm)
DRV - [2004/08/13 01:05:00 | 000,100,603 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa)
DRV - [2004/08/13 01:05:00 | 000,098,714 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf)
DRV - [2004/08/13 01:05:00 | 000,086,202 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs)
DRV - [2004/08/13 01:05:00 | 000,034,843 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs)
DRV - [2004/08/13 01:05:00 | 000,025,723 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio)
DRV - [2004/08/13 01:05:00 | 000,014,715 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio)
DRV - [2004/08/13 01:05:00 | 000,006,363 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool)
DRV - [2004/08/13 01:05:00 | 000,004,123 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct)
DRV - [2004/08/13 01:05:00 | 000,002,271 | ---- | M] (Sonic Solutions) [File_System | Auto | Running] -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres)
DRV - [2004/08/04 03:21:00 | 000,087,136 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb)
DRV - [2004/07/14 11:29:04 | 000,005,627 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5)
DRV - [2004/07/14 11:28:50 | 000,023,545 | ---- | M] (Sonic Solutions) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln)
DRV - [2003/09/26 11:41:10 | 000,044,032 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [1997/12/09 01:32:00 | 000,003,616 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\as6eio.sys -- (as6eio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.fr"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.1
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/23 10:28:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/25 12:12:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/26 09:34:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/19 11:23:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.23\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/12/17 00:06:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Extensions
[2009/06/14 11:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/04/12 23:59:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\extensions
[2009/04/12 23:59:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/07/27 11:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\wk53unwo.default\extensions
[2010/03/20 15:25:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Marc\Application Data\Mozilla\Firefox\Profiles\wk53unwo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/04 19:02:31 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/01/16 03:10:07 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/01/16 03:10:07 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/16 03:10:07 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/08/19 17:14:46 | 000,002,027 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\McSiteAdvisor.xml
[2010/01/16 03:10:07 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/03/25 17:07:43 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2004/08/19 14:58:24 | 000,000,790 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Fichiers communs\Mcafee\SystemCore\ScriptSn.20100518053014.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe ()
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask .exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe ()
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ()
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O4 - Startup: C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} https://static.impots.gouv.fr/tdir/stat ... DP-2.0.cab (AdSignerLCContrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Marc\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/04/12 16:33:52 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/08/29 16:24:08 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/08/29 15:35:18 | 000,194,048 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifak.exe
[2010/08/29 15:32:04 | 000,194,048 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifaj.exe
[2010/08/29 14:06:04 | 000,194,048 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifai.exe
[2010/08/29 13:01:49 | 000,194,048 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifah.exe
[2010/08/29 09:35:15 | 000,194,048 | ---- | C] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifag.exe
[2010/08/28 16:39:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/08/28 16:34:57 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/08/28 16:31:41 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Marc\Bureau\erunt-setup.exe
[2010/08/28 12:05:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\Malwarebytes
[2010/08/28 12:05:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/08/28 12:05:19 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/08/28 12:05:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/28 12:05:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/28 12:02:05 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marc\Bureau\mbam-setup.exe
[2010/08/28 12:00:08 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Marc\Bureau\OTL.exe
[2010/08/28 10:04:00 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/08/27 23:48:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2010/08/27 23:37:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Canon Easy-WebPrint EX
[2010/08/27 23:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/08/27 23:36:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\fr
[2010/08/27 23:36:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2010/08/27 23:33:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2010/08/27 23:33:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2010/08/27 19:11:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Documents\Settings
[2010/08/27 14:39:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/08/27 14:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\BF4822D78C446F035BF8F6241EBD3430
[2010/08/26 10:42:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/08/26 10:08:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2010/08/26 09:59:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/07/28 11:16:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\DVDVideoSoft
[2010/07/28 11:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Mes documents\DVDVideoSoft
[2010/07/28 11:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\DVDVideoSoft
[2010/07/28 11:16:18 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010/07/19 12:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/07/19 11:25:42 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/07/19 11:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/07/19 11:25:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/07/19 11:15:54 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/07/09 10:46:24 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/07/01 15:03:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2010/07/01 15:02:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\Canon
[2010/07/01 15:00:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/07/01 14:48:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\Canon Easy-WebPrint EX
[2010/07/01 14:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\CANON
[2010/07/01 14:44:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/07/01 14:44:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\CanonIJ Uninstaller Information
[2010/07/01 14:44:18 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2010/07/01 14:44:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\STRING
[2010/07/01 14:44:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CHM
[2010/07/01 14:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2010/06/30 11:13:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/30 11:13:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/26 15:21:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/06/24 21:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Local Settings\Application Data\Help
[2010/06/24 21:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Application Data\Help
[2010/06/11 18:55:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Marc\Mes documents\Azureus Downloads
[2004/08/25 15:22:08 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 90 Days ==========

[2010/08/29 16:56:00 | 000,001,142 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1788223648-725345543-1004UA.job
[2010/08/29 16:52:40 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/29 16:52:39 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2010/08/29 16:52:39 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2010/08/29 16:52:38 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2010/08/29 16:52:38 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2010/08/29 16:51:30 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\2uGL041F.dat
[2010/08/29 16:50:45 | 000,001,000 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/08/29 16:50:40 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\McAfee AntiVirus Plus.lnk
[2010/08/29 16:50:34 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/08/29 16:50:26 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/29 16:50:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/29 16:50:20 | 2145,538,048 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/29 16:49:44 | 006,815,744 | ---- | M] () -- C:\Documents and Settings\Marc\ntuser.dat
[2010/08/29 16:49:37 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\Marc\ntuser.ini
[2010/08/29 16:34:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/29 16:03:00 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/08/29 15:41:19 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Marc\Bureau\rkill.exe
[2010/08/28 16:35:05 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/08/28 16:34:57 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Marc\Bureau\NTREGOPT.lnk
[2010/08/28 16:34:57 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Marc\Bureau\ERUNT.lnk
[2010/08/28 16:31:54 | 000,000,970 | ---- | M] () -- C:\Documents and Settings\Marc\Bureau\ntregopt-loc_fr.zip
[2010/08/28 16:31:41 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Marc\Bureau\erunt-setup.exe
[2010/08/28 12:05:23 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/08/28 12:02:18 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Marc\Bureau\mbam-setup.exe
[2010/08/28 12:01:13 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\Marc\Bureau\scan.zip
[2010/08/28 12:00:08 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Marc\Bureau\OTL.exe
[2010/08/28 10:20:42 | 000,001,475 | ---- | M] () -- C:\Documents and Settings\Marc\Bureau\Explorateur Windows.lnk
[2010/08/28 10:09:57 | 000,169,896 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/28 10:07:38 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/08/28 10:05:34 | 001,049,474 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/08/28 10:05:34 | 000,500,482 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/08/28 10:05:34 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/08/28 10:05:34 | 000,080,508 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/08/28 10:05:34 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/08/27 23:45:08 | 000,746,533 | ---- | M] () -- C:\Documents and Settings\Marc\Mes documents\Mes favoris Google Chrome 27 Aout 2010.html
[2010/08/27 22:23:03 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/08/27 14:32:28 | 000,194,048 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifak.exe
[2010/08/27 14:32:28 | 000,194,048 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifaj.exe
[2010/08/27 14:32:28 | 000,194,048 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifai.exe
[2010/08/27 14:32:28 | 000,194,048 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifah.exe
[2010/08/27 14:32:28 | 000,194,048 | ---- | M] (ApexDC++ Development Team) -- C:\WINDOWS\Gqifag.exe
[2010/08/27 07:51:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1788223648-725345543-1004Core.job
[2010/08/26 10:03:29 | 000,252,240 | RHS- | M] () -- C:\ntldr
[2010/08/26 09:34:29 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Adobe Reader 9.lnk
[2010/08/24 12:55:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/20 16:51:33 | 000,002,255 | ---- | M] () -- C:\Documents and Settings\Marc\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/20 16:51:32 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Marc\Bureau\Google Chrome.lnk
[2010/08/13 17:18:33 | 000,041,984 | ---- | M] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/28 11:16:25 | 000,000,920 | ---- | M] () -- C:\Documents and Settings\Marc\Bureau\DVDVideoSoft Free Studio.lnk
[2010/07/28 11:16:22 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\Marc\Bureau\Free Image Convert and Resize.lnk
[2010/07/27 14:11:35 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.INI
[2010/07/21 18:21:49 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2010/07/19 11:22:52 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk
[2010/07/15 15:27:01 | 000,036,200 | ---- | M] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/07/01 14:48:54 | 000,001,685 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Enregistrement utilisateur de Canon MP560 series.LNK
[2010/07/01 14:47:45 | 000,001,680 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Canon Solution Menu.lnk
[2010/07/01 14:47:34 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Canon Easy-PhotoPrint EX.lnk
[2010/07/01 14:46:17 | 000,001,736 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Canon MP Navigator EX 3.0.lnk
[2010/07/01 14:45:54 | 000,001,652 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Canon My Printer.lnk
[2010/07/01 14:45:35 | 000,001,965 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Canon MP560 series Manuel en ligne.lnk
[2010/06/30 10:26:44 | 000,001,804 | ---- | M] () -- C:\WINDOWS\As6e32.ini
[2010/06/30 10:26:44 | 000,000,544 | ---- | M] () -- C:\WINDOWS\Supmini.ini
[2010/06/30 10:16:37 | 000,007,650 | ---- | M] () -- C:\WINDOWS\aWhite.dat
[2010/06/30 10:16:37 | 000,000,004 | ---- | M] () -- C:\WINDOWS\aError.dat
[2010/06/30 10:16:36 | 000,007,650 | ---- | M] () -- C:\WINDOWS\aDark.dat
[2010/06/30 10:16:35 | 000,000,012 | ---- | M] () -- C:\WINDOWS\aExpo.dat
[2010/06/26 13:56:15 | 000,000,338 | ---- | M] () -- C:\Documents and Settings\Marc\Bureau\Raccourci vers Marc.lnk

========== Files Created - No Company Name ==========

[2010/08/29 16:51:30 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\2uGL041F.dat
[2010/08/29 15:41:19 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Marc\Bureau\rkill.exe
[2010/08/28 16:35:05 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Marc\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2010/08/28 16:34:57 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Marc\Bureau\NTREGOPT.lnk
[2010/08/28 16:34:57 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Marc\Bureau\ERUNT.lnk
[2010/08/28 16:31:59 | 000,000,970 | ---- | C] () -- C:\Documents and Settings\Marc\Bureau\ntregopt-loc_fr.zip
[2010/08/28 12:05:23 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2010/08/28 12:01:13 | 000,000,383 | ---- | C] () -- C:\Documents and Settings\Marc\Bureau\scan.zip
[2010/08/27 23:45:06 | 000,746,533 | ---- | C] () -- C:\Documents and Settings\Marc\Mes documents\Mes favoris Google Chrome 27 Aout 2010.html
[2010/08/27 22:17:25 | 006,815,744 | ---- | C] () -- C:\Documents and Settings\Marc\ntuser.dat
[2010/08/27 16:16:44 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/28 11:16:25 | 000,000,920 | ---- | C] () -- C:\Documents and Settings\Marc\Bureau\DVDVideoSoft Free Studio.lnk
[2010/07/28 11:16:22 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\Marc\Bureau\Free Image Convert and Resize.lnk
[2010/07/27 14:10:51 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2010/07/19 11:26:49 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\iTunes.lnk
[2010/07/19 11:22:52 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\QuickTime Player.lnk
[2010/07/01 14:50:08 | 000,012,800 | ---- | C] () -- C:\WINDOWS\System32\CNC173ED.TBL
[2010/07/01 14:48:54 | 000,001,685 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Enregistrement utilisateur de Canon MP560 series.LNK
[2010/07/01 14:47:44 | 000,001,680 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Canon Solution Menu.lnk
[2010/07/01 14:47:34 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Canon Easy-PhotoPrint EX.lnk
[2010/07/01 14:46:17 | 000,001,736 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Canon MP Navigator EX 3.0.lnk
[2010/07/01 14:45:54 | 000,001,652 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Canon My Printer.lnk
[2010/07/01 14:45:36 | 000,001,965 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Canon MP560 series Manuel en ligne.lnk
[2010/06/26 13:56:15 | 000,000,338 | ---- | C] () -- C:\Documents and Settings\Marc\Bureau\Raccourci vers Marc.lnk
[2009/12/09 23:56:37 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2009/08/27 21:47:19 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/08/27 21:47:06 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2009/08/27 21:47:04 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/08/27 21:47:03 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/08/27 21:47:03 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/05/02 13:07:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\As6e32.ini
[2009/05/02 13:07:00 | 000,000,544 | ---- | C] () -- C:\WINDOWS\Supmini.ini
[2009/05/02 13:06:57 | 000,003,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\As6eio.sys
[2009/04/14 20:02:30 | 000,041,984 | ---- | C] () -- C:\Documents and Settings\Marc\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/12 18:03:22 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/10/20 02:56:16 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/10/20 02:54:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2007/10/20 02:54:28 | 000,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2007/10/18 11:02:34 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2004/09/22 20:47:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/25 14:27:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2009/04/12 23:59:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/07/01 14:44:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/07/09 10:46:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/07/01 15:03:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2009/06/14 11:28:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2009/12/22 14:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2010/07/19 11:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/05/11 20:33:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/11 10:13:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
[2009/12/23 18:21:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Any Video Converter
[2009/11/10 00:40:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Applied Acoustics Systems
[2010/06/11 21:26:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Azureus
[2010/08/27 23:37:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\BF4822D78C446F035BF8F6241EBD3430
[2009/04/13 10:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Canneverbe_Limited
[2010/07/01 15:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Canon
[2010/07/09 00:13:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Canon Easy-WebPrint EX
[2010/07/28 11:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\DVDVideoSoft
[2009/05/15 19:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\iGetter
[2009/04/12 18:06:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Leadertech
[2009/06/27 15:55:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\OpenOffice.org
[2009/04/13 10:40:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\pdfforge
[2009/10/28 10:08:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Sony
[2009/11/08 19:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\Thunderbird
[2009/06/14 11:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Marc\Application Data\TomTom
[2010/08/29 16:52:38 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 1).job
[2010/08/29 16:52:38 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 2).job
[2010/08/29 16:52:39 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 3).job
[2010/08/29 16:52:39 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Daily 4).job
[2010/08/29 16:52:40 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========


< End of report >

END
marcus91
 
Messages: 50
Inscription: 28 Aoû 2010, 16:44
Localisation: Essonne

Demande étude log suite à virus lançant IE intempestivement

Messagede marcus91 » 29 Aoû 2010, 16:24

Voila, je pense n'avoir rien oublié.

Le résultat est-il satisfaisant ?

Merci pour tout ;)
marcus91
 
Messages: 50
Inscription: 28 Aoû 2010, 16:44
Localisation: Essonne

Messagede nickW » 30 Aoû 2010, 00:12

Bonsoir,

Nouveaux nettoyages, nouvelle analyse:
(Note: c'est assez long :wink:)


Je te conseille d'imprimer la procédure ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet ni au navigateur lors de l'étape 5, et des redémarrages sont possibles).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer.



Étape 1: Dr.Web CureIt, téléchargement
Télécharger Dr.Web CureIt via un clic droit (Enregistrer le fichier sous) sur le lien ci-dessous:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
Enregistrer le fichier sur le Bureau.


Étape 2: Gmer, téléchargement
Télécharger le programme exécutable (fichier .exe) depuis la page http://www.gmer.net/#files
Cliquer sur le bouton Download EXE.
Enregistrer le fichier à la racine du disque système (généralement C: ) en notant son nom (qui est aléatoire).


Étape 3: Dr.Web CureIt, analyse/nettoyage
Lancer l'outil par un double clic sur cureit.exe

Cliquer sur Commencer le scan.
Sur l'invite "Voulez-vous exécuter une analyse maintenant?" cliquer sur le bouton OK pour confirmer.
Si des fichiers infectés sont détectés, cliquer sur le bouton Oui pour tout.

Attendre que l'Analyse rapide soit terminée.

Si elle s'affiche, déplacer sans la fermer la petite fenêtre verte proposant d'acheter Dr.WEB (50% de réduction) de façon à voir la fenêtre intitulée "Dr.Web Scanner pour Windows"
Dans la fenêtre intitulée "Dr.Web Scanner pour Windows", dans le Menu Options (en haut) choisir Changer la configuration
Dans l'onglet "Scanner" dé-cocher la case située devant "Analyse heuristique", ensuite cliquer sur les boutons Appliquer puis OK.

De retour dans la fenêtre intitulée "Dr.Web Scanner pour Windows", cocher le Bouton-radio situé devant Analyse complète, puis cliquer sur la flèche verte (sur la droite) pour lancer le balayage.

Si un fichier infecté est détecté, sur l'invite "Désinfecter?", cliquer sur Oui pour tout puis sur Désinfecter.
Note: si la détection te semble erronée (faux-positif), cliquer sur Non pour tout.

Lorsque la recherche sera terminée, cliquer si cela est possible sur l'icône Image, puis sur le bouton Suivant et choisir Déplacer en quarantaine l'objet indésirable

Lorsque ceci sera effectué, cliquer (en haut) sur le Menu Fichier, puis choisir Enregistrer le rapport et enregistrer le fichier sur le Bureau.

Fermer Dr.Web CureIt.

Faire redémarrer le PC (ceci est très important, car certains fichiers seront réparés/déplacés lors de ce redémarrage).


Étape 4: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image McAfee Antivirus: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Exit" et confirmer


Étape 5: Gmer, exécution

Fermer absolument toutes les applications, les connexions et les navigateurs.

Faire un double clic sur le fichier au nom aléatoire téléchargé précédemment.

Attendre quelques instants le chargement du pilote et les premières recherches.

Si l'outil affiche un message "WARNING !!! GMER has found system modification ... Do You want to fully scan your system ?", cliquer sur NO.

Vérifier que toutes les cases de la colonne de droite sont cochées sauf
Sections
les lecteurs autres que C:\
"Show all"

comme ceci:
Image

puis cliquer sur le bouton Scan.

Attendre sans rien faire d'autre (... c'est un peu long...).
Les clés de Registre & fichiers analysés s'affichent en bas de la fenêtre.

Lorsque l'outil a terminé (il n'y a plus de défilement en bas de la fenêtre), cliquer sur le bouton Save ....

Une fenêtre du Bloc-notes va s'ouvrir, contenant le fichier rapport.
Note: Dans le Bloc-notes, vérifier dans le menu Format que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sur le Bureau sous le nom gmer-100829.txt.
Fermer la fenêtre Gmer (clic sur OK).


Étape 6: Réactivation des programmes de sécurité résidents
Important: Réactiver le module résident de l'antivirus.


Étape 7: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 8: Résultat
*- le rapport de Dr.Web CureIt (contenu du fichier DrWeb.csv situé sur le Bureau). Note: ce fichier peut être ouvert dans le Bloc-notes.
*- le rapport de Gmer (contenu du fichier gmer-100829.txt)<----ce rapport est souvent très long; vérifier qu'il est complet; si nécessaire le découper en plusieurs messages -- en utilisant toujours le bouton Répondre.

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Demande étude log suite à virus lançant IE intempestivement

Messagede marcus91 » 31 Aoû 2010, 08:43

Voici en j'en suis:

Symptômes:
Plus de lancement intempestif d'Internet Explorer.
A noter également que Ad-Aware tue aux démarrages de Windows plusieurs instances du process 5F44K5ou.exe qui me semble être à l'origine de la surcharge CPU. Il semble donc toujours présent et lancé au démarrage de Windows. Ad-Awaure l'identifie comme Win32.Trojan.Powp.

Etate 1: OK
Etape 2: OK
Etape 3: OK sauf que je n'ai pas vu apparaitre l'icône Image. Dr Web m'a cependant indique ceci:
- Quarantine: C:\Documents and settings\marc\DrWeb\Quarantine
- Log: c:\documents ans settings\marc\DrWeb\CurIt.log
Etape 4: OK
Etape 5: Gmer:
J'ai eu des problèmes de blocage, probablement parce que je n'avais pas désactivé McAfee assez longtemps (60mn). J'ai recommencé après avoir été contraint de redémarrer le PC. Cette fois ci, j'ai désactivé McAfee sans réactivation programmée. Le scan de Gmer estallé jusqu'au bout. J'ai cliqué sur Save, une fenêtre d'enregistrement du Log est apparue (et non pas ouverture du Bloc-notes). Je saisi le nom du log et sélectionne le dossier de destination Bureau. Je clique sur OK et la j'ai le sablier Windows et le PC bloqué, plus la main, obligé de rebooter le PC.

Dois-je continuer la procédure en étape 7 pour l'analyse OTL ?

.

En attendant voici le fichier DrWeb.csv généré en étape 3:

DrWeb.csv

7da81be1c032c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1c032c0.bup;Trojan.MulDrop.39629;;
7da81be1c032c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1c12800.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1c12800.bup;Trojan.DownLoader1.16230;;
7da81be1c12800.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1c171e40.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1c171e40.bup;Trojan.DownLoader1.16230;;
7da81be1c171e40.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1c1aab0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1c1aab0.bup;Trojan.DownLoader1.16230;;
7da81be1c1aab0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1c1c2030.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1c1c2030.bup;Trojan.MulDrop1.43030;;
7da81be1c1c2030.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1c2ab0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1c2ab0.bup;Trojan.MulDrop.39629;;
7da81be1c2ab0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1c42420.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1c42420.bup;Trojan.DownLoader1.16230;;
7da81be1c42420.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1c53990.bup/stream000\data001;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1c53990.bup/stream000;Trojan.DisableSR.18;;
7da81be1c53990.bup/stream000\data002;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1c53990.bup/stream000;Trojan.DownLoader1.17841;;
stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;;
7da81be1c53990.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1c62e0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1c62e0.bup;Trojan.MulDrop.39629;;
7da81be1c62e0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1c72de0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1c72de0.bup;Trojan.MulDrop1.43030;;
7da81be1c72de0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1c732c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1c732c0.bup;Trojan.DownLoader1.16230;;
7da81be1c732c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1c831c0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1c831c0.bup;Trojan.DownLoader1.16230;;
7da81be1c831c0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1c835b0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1c835b0.bup;Trojan.MulDrop.39629;;
7da81be1c835b0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1c83a90.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1c83a90.bup;Trojan.DownLoader1.16230;;
7da81be1c83a90.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1c93e0.bup/stream000\data001;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1c93e0.bup/stream000;Trojan.DisableSR.18;;
7da81be1c93e0.bup/stream000\data002;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1c93e0.bup/stream000;Trojan.DownLoader1.17841;;
stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;;
7da81be1c93e0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1ca1090.bup/stream000\data001;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1ca1090.bup/stream000;Trojan.DisableSR.18;;
7da81be1ca1090.bup/stream000\data002;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1ca1090.bup/stream000;Trojan.DownLoader1.17841;;
stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;;
7da81be1ca1090.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1cb2800.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1cb2800.bup;Trojan.Siggen.64492;;
7da81be1cb2800.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1cb2fd0.bup/stream000\data001;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1cb2fd0.bup/stream000;Trojan.DisableSR.18;;
7da81be1cb2fd0.bup/stream000\data002;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1cb2fd0.bup/stream000;Trojan.DownLoader1.17841;;
stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;;
7da81be1cb2fd0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1cb38a0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1cb38a0.bup;Trojan.DownLoader1.16230;;
7da81be1cb38a0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81be1cc1670.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81be1cc1670.bup;Trojan.MulDrop.39629;;
7da81be1cc1670.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81bf16251480.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81bf16251480.bup;BackDoor.Click.1058;;
7da81bf16251480.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81e5141435b0.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81e5141435b0.bup;Win32.HLLC.Asdas.7;;
7da81e5141435b0.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81e626e2130.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81e626e2130.bup;BackDoor.Tdss.2459;;
7da81e626e2130.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
7da81e628392030.bup\stream000;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine\7da81e628392030.bup;BackDoor.Tdss.2459;;
7da81e628392030.bup;C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Quarantine;Conteneur comporte des objets infectés;Quarantaine.;
A0052250.exe;C:\System Volume Information\_restore{DB74B9C6-D3D1-4281-A07E-1E5A2D15D5EA}\RP471;Trojan.DownLoader1.17982;Supprimé.;
A0052297.exe;C:\System Volume Information\_restore{DB74B9C6-D3D1-4281-A07E-1E5A2D15D5EA}\RP471;Trojan.DownLoader1.17982;Supprimé.;
A0052298.exe;C:\System Volume Information\_restore{DB74B9C6-D3D1-4281-A07E-1E5A2D15D5EA}\RP471;Trojan.DownLoader1.17982;Supprimé.;
Gqifag.exe;C:\WINDOWS;Trojan.DownLoader1.17982;Supprimé.;
Gqifah.exe;C:\WINDOWS;Trojan.DownLoader1.17982;Supprimé.;
Gqifai.exe;C:\WINDOWS;Trojan.DownLoader1.17982;Supprimé.;
Gqifaj.exe;C:\WINDOWS;Trojan.DownLoader1.17982;Supprimé.;
Gqifak.exe;C:\WINDOWS;Trojan.DownLoader1.17982;Supprimé.;
Gqifaa.exe;C:\_OTL\MovedFiles\08292010_162408\C_WINDOWS;Trojan.DownLoader1.17982;Supprimé.;
Gqifab.exe;C:\_OTL\MovedFiles\08292010_162408\C_WINDOWS;Trojan.DownLoader1.17982;Supprimé.;
Gqifac.exe;C:\_OTL\MovedFiles\08292010_162408\C_WINDOWS;Trojan.DownLoader1.17982;Supprimé.;
Gqifad.exe;C:\_OTL\MovedFiles\08292010_162408\C_WINDOWS;Trojan.DownLoader1.17982;Supprimé.;
Gqifae.exe;C:\_OTL\MovedFiles\08292010_162408\C_WINDOWS;Trojan.DownLoader1.17982;Supprimé.;
Gqifaf.exe;C:\_OTL\MovedFiles\08292010_162408\C_WINDOWS;Trojan.DownLoader1.17982;Supprimé.;

END
marcus91
 
Messages: 50
Inscription: 28 Aoû 2010, 16:44
Localisation: Essonne

PrécédenteSuivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 23 invités