Rootkit - au secours
Résolu/Fermé
A voir également:
- Rootkit - au secours
- Anti rootkit - Télécharger - Antivirus & Antimalwares
- Rootkit hunter - Télécharger - Antivirus & Antimalwares
- Anti rootkit gratuit - Télécharger - Antivirus & Antimalwares
- Avg anti rootkit - Télécharger - Antivirus & Antimalwares
- Malwarebyte anti rootkit - Télécharger - Antivirus & Antimalwares
33 réponses
Utilisateur anonyme
22 mai 2009 à 22:42
22 mai 2009 à 22:42
Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt
Double-clique sur RSIT.exe afin de lancer RSIT.
Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt
voici le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:47:49, on 22/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\vaio media music server\SSSvr.exe
C:\Program Files\sony\photo server 20\appsrv\PicAppSrv.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Sony\giga pocket\GPVSvr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\media player\Media Player.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Sony\giga pocket\GPL_R.exe
C:\Program Files\Sony\giga pocket\USBsircs.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\sony\giga pocket\gps.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
D:\export\NetTransport 2\NetTransport.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\export\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [OrangePlayer] d:\media player\Media Player.exe /systray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] d:\media player\Media Player.exe /systray (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-347842940-725657105-1485997204-1006\..\Run: [OrangePlayer] d:\media player\Media Player.exe /systray (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] d:\media player\Media Player.exe /systray (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Gestionnaire d'enregistrements programmés.lnk = C:\Program Files\Sony\giga pocket\GPL_R.exe
O4 - Global Startup: Gestionnaire Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Pilote Remocon Giga Pocket.lnk = C:\Program Files\Sony\giga pocket\USBsircs.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - D:\export\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - D:\export\NetTransport 2\NTAddList.html
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/...
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\sony\photo server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (Application) (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
O24 - Desktop Component 0: (no name) - http://img484.imageshack.us/img484/4276/vssml6as.jpg
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:47:49, on 22/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\vaio media music server\SSSvr.exe
C:\Program Files\sony\photo server 20\appsrv\PicAppSrv.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\Sony\giga pocket\GPVSvr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\media player\Media Player.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Sony\giga pocket\GPL_R.exe
C:\Program Files\Sony\giga pocket\USBsircs.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
C:\Program Files\sony\giga pocket\gps.exe
C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
D:\export\NetTransport 2\NetTransport.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\export\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [OrangePlayer] d:\media player\Media Player.exe /systray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\Run: [OrangePlayer] d:\media player\Media Player.exe /systray (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-347842940-725657105-1485997204-1006\..\Run: [OrangePlayer] d:\media player\Media Player.exe /systray (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\Run: [OrangePlayer] d:\media player\Media Player.exe /systray (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Gestionnaire d'enregistrements programmés.lnk = C:\Program Files\Sony\giga pocket\GPL_R.exe
O4 - Global Startup: Gestionnaire Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Pilote Remocon Giga Pocket.lnk = C:\Program Files\Sony\giga pocket\USBsircs.exe
O8 - Extra context menu item: &Télécharger avec NetTransport - D:\export\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - D:\export\NetTransport 2\NTAddList.html
O15 - Trusted Zone: *.sony-europe.com
O15 - Trusted Zone: *.sonystyle-europe.com
O15 - Trusted Zone: *.vaio-link.com
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/...
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\vaio media music server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\sony\photo server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (Application) (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\giga pocket\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Fichiers communs\sony shared\vaio media platform\UPnPFramework.exe
O24 - Desktop Component 0: (no name) - http://img484.imageshack.us/img484/4276/vssml6as.jpg
Utilisateur anonyme
22 mai 2009 à 22:53
22 mai 2009 à 22:53
comment va le pc ?
C est toi ici : O24 - Desktop Component 0: (no name) - http://img484.imageshack.us/img484/4276/vssml6as.jpg ;)
C est toi ici : O24 - Desktop Component 0: (no name) - http://img484.imageshack.us/img484/4276/vssml6as.jpg ;)
Le PC fonctionne normalement (ni lent ni rien de spécial)
Mais bon je n'y connais rien
Est ce que je dois refaire tourner des outils de detection à nouveau ?
Mes collègues me disent que sur Mac il n' y a pas tous ces virus c'est vrai ?
Pour le O24 c'est la récompense pour l'assistance mais ce n'est pas ni moi ni une collègue de bureau
Mais bon je n'y connais rien
Est ce que je dois refaire tourner des outils de detection à nouveau ?
Mes collègues me disent que sur Mac il n' y a pas tous ces virus c'est vrai ?
Pour le O24 c'est la récompense pour l'assistance mais ce n'est pas ni moi ni une collègue de bureau
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
22 mai 2009 à 23:06
22 mai 2009 à 23:06
---> Télécharge OTMoveIt3 (OldTimer) sur ton Bureau :
http://oldtimer.geekstogo.com/OTMoveIt3.exe
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:files
C:\WINDOWS\system32\2111_up.exe
:commands
[emptytemp]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
##############
* pour supprimer les outils/fix utilisés :
Télécharge ToolsCleaner sur ton bureau.
-->
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
http://oldtimer.geekstogo.com/OTMoveIt3.exe
---> Double-clique sur OTMoveIt3.exe afin de le lancer.
---> Copie (Ctrl+C) le texte suivant ci-dessous :
:files
C:\WINDOWS\system32\2111_up.exe
:commands
[emptytemp]
---> Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.
---> Clique maintenant sur le bouton MoveIt! puis ferme OTMoveIt3.
Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.
---> Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log
##############
* pour supprimer les outils/fix utilisés :
Télécharge ToolsCleaner sur ton bureau.
-->
http://pc-system.fr/
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
========== FILES ==========
C:\WINDOWS\system32\2111_up.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\~DFB202.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\YIWIQER0\affich-12555731-rootkit-au-secours[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\YIWIQER0\CAMHS4E4CA2JI3YACAG2KE87CA0X8EUQCAP1EW2OCACPFZB2CAJ0ROBLCA8QYNF3CAE5STA7CADFTES9CAYLF243CAI63T2VCAMDIQFECA8AJU0ZCA4D44G2CAS9YRUOCAUCV16SCAM2OXLACAU0LNY9.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\QW46639Y\CADWYZC2CA6IRW0FCAABTJC3CABURZNTCA6LHR60CAOJEP3VCAQ310WGCAOU1TNKCAS3VX2VCASI7AFMCAL0CLJ1CAL5WVE2CA3RLT4UCAQYIHO0CAJQZF4XCAHSXYJHCA55EUWOCAYOG7IRCAW69IU3.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\6KXFI2EP\CATWLZ9ACACB0USJCAXB11B6CAIZC7IRCAWX85FVCACKDXLOCAPRV42ACA0EO4OHCA8J4P53CAT6Q1HCCAZ63MKCCAD7ZJEOCAW0FMRHCA5TO1SKCATZUFEJCAZX20YKCAZ8TQL3CALCGI9CCAQLVGC7.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JET8EE2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_d0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05222009_231132
Files moved on Reboot...
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\~DFB202.tmp moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\YIWIQER0\affich-12555731-rootkit-au-secours[1].htm moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\YIWIQER0\CAMHS4E4CA2JI3YACAG2KE87CA0X8EUQCAP1EW2OCACPFZB2CAJ0ROBLCA8QYNF3CAE5STA7CADFTES9CAYLF243CAI63T2VCAMDIQFECA8AJU0ZCA4D44G2CAS9YRUOCAUCV16SCAM2OXLACAU0LNY9.htm moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\QW46639Y\CADWYZC2CA6IRW0FCAABTJC3CABURZNTCA6LHR60CAOJEP3VCAQ310WGCAOU1TNKCAS3VX2VCASI7AFMCAL0CLJ1CAL5WVE2CA3RLT4UCAQYIHO0CAJQZF4XCAHSXYJHCA55EUWOCAYOG7IRCAW69IU3.htm moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\6KXFI2EP\CATWLZ9ACACB0USJCAXB11B6CAIZC7IRCAWX85FVCACKDXLOCAPRV42ACA0EO4OHCA8J4P53CAT6Q1HCCAZ63MKCCAD7ZJEOCAW0FMRHCA5TO1SKCATZUFEJCAZX20YKCAZ8TQL3CALCGI9CCAQLVGC7.htm moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File C:\WINDOWS\temp\JET8EE2.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_d0.dat not found!
second rapport
[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Christophe\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Christophe\Bureau\Ad-remover.lnk: trouvé !
C:\Documents and Settings\Christophe\Menu Démarrer\Programmes\Ad-remover: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
---------------------------------
--> Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Christophe\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Christophe\Bureau\Ad-remover.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Christophe\Menu Démarrer\Programmes\Ad-remover: supprimé !
C:\Program Files\Ad-remover: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\WINDOWS\system32\2111_up.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\~DFB202.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\YIWIQER0\affich-12555731-rootkit-au-secours[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\YIWIQER0\CAMHS4E4CA2JI3YACAG2KE87CA0X8EUQCAP1EW2OCACPFZB2CAJ0ROBLCA8QYNF3CAE5STA7CADFTES9CAYLF243CAI63T2VCAMDIQFECA8AJU0ZCA4D44G2CAS9YRUOCAUCV16SCAM2OXLACAU0LNY9.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\QW46639Y\CADWYZC2CA6IRW0FCAABTJC3CABURZNTCA6LHR60CAOJEP3VCAQ310WGCAOU1TNKCAS3VX2VCASI7AFMCAL0CLJ1CAL5WVE2CA3RLT4UCAQYIHO0CAJQZF4XCAHSXYJHCA55EUWOCAYOG7IRCAW69IU3.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\6KXFI2EP\CATWLZ9ACACB0USJCAXB11B6CAIZC7IRCAWX85FVCACKDXLOCAPRV42ACA0EO4OHCA8J4P53CAT6Q1HCCAZ63MKCCAD7ZJEOCAW0FMRHCA5TO1SKCATZUFEJCAZX20YKCAZ8TQL3CALCGI9CCAQLVGC7.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JET8EE2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_d0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05222009_231132
Files moved on Reboot...
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\~DFB202.tmp moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\YIWIQER0\affich-12555731-rootkit-au-secours[1].htm moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\YIWIQER0\CAMHS4E4CA2JI3YACAG2KE87CA0X8EUQCAP1EW2OCACPFZB2CAJ0ROBLCA8QYNF3CAE5STA7CADFTES9CAYLF243CAI63T2VCAMDIQFECA8AJU0ZCA4D44G2CAS9YRUOCAUCV16SCAM2OXLACAU0LNY9.htm moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\QW46639Y\CADWYZC2CA6IRW0FCAABTJC3CABURZNTCA6LHR60CAOJEP3VCAQ310WGCAOU1TNKCAS3VX2VCASI7AFMCAL0CLJ1CAL5WVE2CA3RLT4UCAQYIHO0CAJQZF4XCAHSXYJHCA55EUWOCAYOG7IRCAW69IU3.htm moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\6KXFI2EP\CATWLZ9ACACB0USJCAXB11B6CAIZC7IRCAWX85FVCACKDXLOCAPRV42ACA0EO4OHCA8J4P53CAT6Q1HCCAZ63MKCCAD7ZJEOCAW0FMRHCA5TO1SKCATZUFEJCAZX20YKCAZ8TQL3CALCGI9CCAQLVGC7.htm moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File C:\WINDOWS\temp\JET8EE2.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_d0.dat not found!
second rapport
[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Christophe\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Christophe\Bureau\Ad-remover.lnk: trouvé !
C:\Documents and Settings\Christophe\Menu Démarrer\Programmes\Ad-remover: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
---------------------------------
--> Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Christophe\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Christophe\Bureau\Ad-remover.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Christophe\Menu Démarrer\Programmes\Ad-remover: supprimé !
C:\Program Files\Ad-remover: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
========== FILES ==========
C:\WINDOWS\system32\2111_up.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\~DFB202.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\YIWIQER0\affich-12555731-rootkit-au-secours[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\YIWIQER0\CAMHS4E4CA2JI3YACAG2KE87CA0X8EUQCAP1EW2OCACPFZB2CAJ0ROBLCA8QYNF3CAE5STA7CADFTES9CAYLF243CAI63T2VCAMDIQFECA8AJU0ZCA4D44G2CAS9YRUOCAUCV16SCAM2OXLACAU0LNY9.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\QW46639Y\CADWYZC2CA6IRW0FCAABTJC3CABURZNTCA6LHR60CAOJEP3VCAQ310WGCAOU1TNKCAS3VX2VCASI7AFMCAL0CLJ1CAL5WVE2CA3RLT4UCAQYIHO0CAJQZF4XCAHSXYJHCA55EUWOCAYOG7IRCAW69IU3.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\6KXFI2EP\CATWLZ9ACACB0USJCAXB11B6CAIZC7IRCAWX85FVCACKDXLOCAPRV42ACA0EO4OHCA8J4P53CAT6Q1HCCAZ63MKCCAD7ZJEOCAW0FMRHCA5TO1SKCATZUFEJCAZX20YKCAZ8TQL3CALCGI9CCAQLVGC7.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JET8EE2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_d0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05222009_231132
Files moved on Reboot...
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\~DFB202.tmp moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\YIWIQER0\affich-12555731-rootkit-au-secours[1].htm moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\YIWIQER0\CAMHS4E4CA2JI3YACAG2KE87CA0X8EUQCAP1EW2OCACPFZB2CAJ0ROBLCA8QYNF3CAE5STA7CADFTES9CAYLF243CAI63T2VCAMDIQFECA8AJU0ZCA4D44G2CAS9YRUOCAUCV16SCAM2OXLACAU0LNY9.htm moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\QW46639Y\CADWYZC2CA6IRW0FCAABTJC3CABURZNTCA6LHR60CAOJEP3VCAQ310WGCAOU1TNKCAS3VX2VCASI7AFMCAL0CLJ1CAL5WVE2CA3RLT4UCAQYIHO0CAJQZF4XCAHSXYJHCA55EUWOCAYOG7IRCAW69IU3.htm moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\6KXFI2EP\CATWLZ9ACACB0USJCAXB11B6CAIZC7IRCAWX85FVCACKDXLOCAPRV42ACA0EO4OHCA8J4P53CAT6Q1HCCAZ63MKCCAD7ZJEOCAW0FMRHCA5TO1SKCATZUFEJCAZX20YKCAZ8TQL3CALCGI9CCAQLVGC7.htm moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File C:\WINDOWS\temp\JET8EE2.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_d0.dat not found!
second rapport
[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Christophe\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Christophe\Bureau\Ad-remover.lnk: trouvé !
C:\Documents and Settings\Christophe\Menu Démarrer\Programmes\Ad-remover: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
---------------------------------
--> Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Christophe\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Christophe\Bureau\Ad-remover.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Christophe\Menu Démarrer\Programmes\Ad-remover: supprimé !
C:\Program Files\Ad-remover: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\WINDOWS\system32\2111_up.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\~DFB202.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\YIWIQER0\affich-12555731-rootkit-au-secours[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\YIWIQER0\CAMHS4E4CA2JI3YACAG2KE87CA0X8EUQCAP1EW2OCACPFZB2CAJ0ROBLCA8QYNF3CAE5STA7CADFTES9CAYLF243CAI63T2VCAMDIQFECA8AJU0ZCA4D44G2CAS9YRUOCAUCV16SCAM2OXLACAU0LNY9.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\QW46639Y\CADWYZC2CA6IRW0FCAABTJC3CABURZNTCA6LHR60CAOJEP3VCAQ310WGCAOU1TNKCAS3VX2VCASI7AFMCAL0CLJ1CAL5WVE2CA3RLT4UCAQYIHO0CAJQZF4XCAHSXYJHCA55EUWOCAYOG7IRCAW69IU3.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\6KXFI2EP\CATWLZ9ACACB0USJCAXB11B6CAIZC7IRCAWX85FVCACKDXLOCAPRV42ACA0EO4OHCA8J4P53CAT6Q1HCCAZ63MKCCAD7ZJEOCAW0FMRHCA5TO1SKCATZUFEJCAZX20YKCAZ8TQL3CALCGI9CCAQLVGC7.htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JET8EE2.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_d0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05222009_231132
Files moved on Reboot...
C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\~DFB202.tmp moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\YIWIQER0\affich-12555731-rootkit-au-secours[1].htm moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\YIWIQER0\CAMHS4E4CA2JI3YACAG2KE87CA0X8EUQCAP1EW2OCACPFZB2CAJ0ROBLCA8QYNF3CAE5STA7CADFTES9CAYLF243CAI63T2VCAMDIQFECA8AJU0ZCA4D44G2CAS9YRUOCAUCV16SCAM2OXLACAU0LNY9.htm moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\QW46639Y\CADWYZC2CA6IRW0FCAABTJC3CABURZNTCA6LHR60CAOJEP3VCAQ310WGCAOU1TNKCAS3VX2VCASI7AFMCAL0CLJ1CAL5WVE2CA3RLT4UCAQYIHO0CAJQZF4XCAHSXYJHCA55EUWOCAYOG7IRCAW69IU3.htm moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\Content.IE5\6KXFI2EP\CATWLZ9ACACB0USJCAXB11B6CAIZC7IRCAWX85FVCACKDXLOCAPRV42ACA0EO4OHCA8J4P53CAT6Q1HCCAZ63MKCCAD7ZJEOCAW0FMRHCA5TO1SKCATZUFEJCAZX20YKCAZ8TQL3CALCGI9CCAQLVGC7.htm moved successfully.
C:\Documents and Settings\Christophe\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat moved successfully.
File C:\WINDOWS\temp\JET8EE2.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_d0.dat not found!
second rapport
[ Rapport ToolsCleaner version 2.3.5 (par A.Rothstein & dj QUIOU) ]
--> Recherche:
C:\Rsit: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Christophe\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Christophe\Bureau\Ad-remover.lnk: trouvé !
C:\Documents and Settings\Christophe\Menu Démarrer\Programmes\Ad-remover: trouvé !
C:\Program Files\Ad-remover: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !
---------------------------------
--> Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Christophe\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Christophe\Bureau\Ad-remover.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Rsit: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Christophe\Menu Démarrer\Programmes\Ad-remover: supprimé !
C:\Program Files\Ad-remover: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
Utilisateur anonyme
22 mai 2009 à 23:45
22 mai 2009 à 23:45
si tu n as pas d autres soucis change le statut du sujet en resolu stp
http://www.commentcamarche.net/faq/sujet 11365 marquer un fil de discussion comme etant resolu
http://www.commentcamarche.net/faq/sujet 11365 marquer un fil de discussion comme etant resolu
Merci beaucoup pour toute ton aide et les solutions adaptées aux non-spécialistes.
Votre site est bien utile et je reviendrais pour des choses + positives
encore merci
Votre site est bien utile et je reviendrais pour des choses + positives
encore merci
Bonjour,
mon problème de rootkit est résolu.
Merci à vous et si un GM (gentil modérateur) peut cocher ce message comme résolu merci d'avance
mon problème de rootkit est résolu.
Merci à vous et si un GM (gentil modérateur) peut cocher ce message comme résolu merci d'avance
jacques.gache
Messages postés
33453
Date d'inscription
mardi 13 novembre 2007
Statut
Contributeur sécurité
Dernière intervention
25 janvier 2016
1 616
23 mai 2009 à 13:07
23 mai 2009 à 13:07
gen-hackman bonjour, oui dans le message 16 mais plus maintenant si tu regarde le message 24 @+