Security defender

Voici le rapport :

RogueKiller V6.2.4 [12/01/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: laurent [Droits d'admin]
Mode: Recherche -- Date : 19/01/2012 20:05:45

¤¤¤ Processus malicieux: 2 ¤¤¤
[SUSP PATH] eop.dll -- C:\Documents and Settings\laurent\Local Settings\Application Data\App\eop.dll -> KILLED [TermProc]
[SUSP PATH] 5E3FF373-A59B-84AC-6007-BB0C9AC61A44.avi -- C:\Documents and Settings\laurent\Local Settings\Application Data\5E3FF373-A59B-84AC-6007-BB0C9AC61A44.avi -> KILLED [TermProc]

¤¤¤ Entrees de registre: 6 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : eop (rundll32.exe "C:\Documents and Settings\laurent\Local Settings\Application Data\App\eop.dll",wmain) -> FOUND
[SUSP PATH] HKLM\[...]\Run : preload (C:\Windows\RUNXMLPL.exe) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-1136481619-946561316-4239971723-1005[...]\Run : eop (rundll32.exe "C:\Documents and Settings\laurent\Local Settings\Application Data\App\eop.dll",wmain) -> FOUND
[SUSP PATH] 5E3FF373-A59B-84AC-6007-BB0C9AC61A44.lnk : C:\WINDOWS\system32\rundll32.exe|C:\Documents and Settings\laurent\Local Settings\Application Data\5E3FF373-A59B-84AC-6007-BB0C9AC61A44.avi -> FOUND
[SUSP PATH] 5E3FF373-A59B-84AC-6007-BB0C9AC61A44.lnk : C:\WINDOWS\system32\rundll32.exe|C:\Documents and Settings\All Users\Application Data\5E3FF373-A59B-84AC-6007-BB0C9AC61A44.avi -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
S_SSDT[0] : -> HOOKED ( @ 0x00000000)

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
[...]


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 16d145dc06148063718d08cdad89ecec
[BSP] 218810c0c2ad48f408c958d7e20d267a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] UNKNW [HIDDEN!] Offset (sectors): 63 | Size: 5247 Mo
1 - [ACTIVE] FAT32 [VISIBLE] Offset (sectors): 10249470 | Size: 57124 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 121820895 | Size: 57659 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[1].txt >>
RKreport[1].txt

Voici le rapport de Roguekiller :

Et je lance le scan avec MBAM


RogueKiller V6.2.4 [12/01/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: laurent [Droits d'admin]
Mode: Recherche -- Date : 19/01/2012 20:05:45

¤¤¤ Processus malicieux: 2 ¤¤¤
[SUSP PATH] eop.dll -- C:\Documents and Settings\laurent\Local Settings\Application Data\App\eop.dll -> KILLED [TermProc]
[SUSP PATH] 5E3FF373-A59B-84AC-6007-BB0C9AC61A44.avi -- C:\Documents and Settings\laurent\Local Settings\Application Data\5E3FF373-A59B-84AC-6007-BB0C9AC61A44.avi -> KILLED [TermProc]

¤¤¤ Entrees de registre: 6 ¤¤¤
[BLACKLIST DLL] HKCU\[...]\Run : eop (rundll32.exe "C:\Documents and Settings\laurent\Local Settings\Application Data\App\eop.dll",wmain) -> FOUND
[SUSP PATH] HKLM\[...]\Run : preload (C:\Windows\RUNXMLPL.exe) -> FOUND
[BLACKLIST DLL] HKUS\S-1-5-21-1136481619-946561316-4239971723-1005[...]\Run : eop (rundll32.exe "C:\Documents and Settings\laurent\Local Settings\Application Data\App\eop.dll",wmain) -> FOUND
[SUSP PATH] 5E3FF373-A59B-84AC-6007-BB0C9AC61A44.lnk : C:\WINDOWS\system32\rundll32.exe|C:\Documents and Settings\laurent\Local Settings\Application Data\5E3FF373-A59B-84AC-6007-BB0C9AC61A44.avi -> FOUND
[SUSP PATH] 5E3FF373-A59B-84AC-6007-BB0C9AC61A44.lnk : C:\WINDOWS\system32\rundll32.exe|C:\Documents and Settings\All Users\Application Data\5E3FF373-A59B-84AC-6007-BB0C9AC61A44.avi -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
S_SSDT[0] : -> HOOKED ( @ 0x00000000)

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
[...]


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 16d145dc06148063718d08cdad89ecec
[BSP] 218810c0c2ad48f408c958d7e20d267a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] UNKNW [HIDDEN!] Offset (sectors): 63 | Size: 5247 Mo
1 - [ACTIVE] FAT32 [VISIBLE] Offset (sectors): 10249470 | Size: 57124 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 121820895 | Size: 57659 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[1].txt >>
RKreport[1].txt

Je pensais l'avoir fait désolé. Le voici :


RogueKiller V6.2.4 [12/01/2012] par Tigzy
mail: tigzyRK<at>gmail<dot>com
Remontees: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html
Blog: http://tigzyrk.blogspot.com

Systeme d'exploitation: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Demarrage : Mode normal
Utilisateur: laurent [Droits d'admin]
Mode: Suppression -- Date : 19/01/2012 21:15:07

¤¤¤ Processus malicieux: 0 ¤¤¤

¤¤¤ Entrees de registre: 0 ¤¤¤

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤
S_SSDT[0] : -> HOOKED ( @ 0x00000000)

¤¤¤ Infection : ¤¤¤

¤¤¤ Fichier HOSTS: ¤¤¤
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.1001-search.info
127.0.0.1 1001-search.info
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.123topsearch.com
[...]


¤¤¤ MBR Verif: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 16d145dc06148063718d08cdad89ecec
[BSP] 218810c0c2ad48f408c958d7e20d267a : Windows XP MBR Code
Partition table:
0 - [XXXXXX] UNKNW [HIDDEN!] Offset (sectors): 63 | Size: 5247 Mo
1 - [ACTIVE] FAT32 [VISIBLE] Offset (sectors): 10249470 | Size: 57124 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 121820895 | Size: 57659 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Termine : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Bonjour !

Hier j'ai lancé l'examen complet avec MBAM et ce matin le PC avait redémarré tout seul et il n'y a pas le rapport...

Par contre, avant de poster sur comment ça marche, j'avais fait un examen rapide dont voici le rapport :

Faut-il que je refasse un examen complet ? Par contre je ne serais pas sur mon PC avant 17h...

(pour info, security defender n'apparait plus)

A+


Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Version de la base de données: v2012.01.19.03

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
laurent :: VALUED-12EF4461 [administrateur]

1/19/2012 18:03:51
mbam-log-2012-01-19 (18-03-51).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 192723
Temps écoulé: 12 minute(s), 28 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|5E3FF373-A59B-84AC-6007-BB0C9AC61A44 (Trojan.FakeAlert) -> Données: "C:\WINDOWS\system32\rundll32.exe" "C:\Documents and Settings\laurent\Application Data\5E3FF373-A59B-84AC-6007-BB0C9AC61A44.avi", start minimized -> Mis en quarantaine et supprimé avec succès.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|5E3FF373-A59B-84AC-6007-BB0C9AC61A44 (Trojan.FakeAlert) -> Données: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\5E3FF373-A59B-84AC-6007-BB0C9AC61A44.avi", start minimized -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 1
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchURL|SearchAssistant (Hijack.SearchPage) -> Mauvais: (http://www.cherche.us) Bon: (http://www.google.com/) -> Mis en quarantaine et réparé avec succès

Dossier(s) détecté(s): 2
C:\Documents and Settings\laurent\Application Data\Security Defender (Rogue.SecurityDefender) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Security Defender (Rogue.SecurityDefender) -> Mis en quarantaine et supprimé avec succès.

Fichier(s) détecté(s): 9
C:\Documents and Settings\laurent\Local Settings\Temp\~!#1B.tmp (Trojan.Dropper) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\laurent\Application Data\Security Defender\{7819BCAE-5A64-45DC-5E96-01E9C80705C3}.pst (Rogue.SecurityDefender) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\laurent\Application Data\Security Defender\{6F294C11-C6CD-4FE9-B088-BC741013B0BE}.pst (Rogue.SecurityDefender) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\laurent\Local Settings\Temp\oiu0.8030352788947817.exe (Exploit.Drop.7) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\laurent\Local Settings\Temp\tue0.7117880546900066.exe (Exploit.Drop.7) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\laurent\Bureau\Security Defender.lnk (Rogue.SecurityDefender) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\laurent\Application Data\Microsoft\Internet Explorer\Quick Launch\Security Defender.lnk (Rogue.SecurityDefender) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Security Defender\Security Defender.ico (Rogue.SecurityDefender) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\Security Defender\Security Defender.dll (Rogue.SecurityDefender) -> Mis en quarantaine et supprimé avec succès.

(fin)

Non, il n' y a pas le dernier rapport de MBAM...

Voici les deux liens :

OTL :

http://cjoint.com/?BAuqMWY7hEb

Extras :

http://cjoint.com/?BAuqPiW9Og0

J'ai désinstallé les 3 programmes.

Par contre, ensuite tu mets "copie/colle [les instructions hébergées ici]" mais il n'y a pas de lien...

Un oubli, je viens de l'ajouter !

A +

Voici le rapport OTL :

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpFolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk\ deleted successfully.
C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\Cld2000.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NBKeyScan\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\NeroFilterCheck\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1a3e09be-1e45-494b-9174-d7385b45bbf5}\ not found.
C:\Documents and Settings\laurent\Application Data\Security Defender folder moved successfully.
C:\Documents and Settings\laurent\Menu Démarrer\Programmes\Security Defender folder moved successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Security Defender folder moved successfully.
C:\WINDOWS\DA0BF7AB88EB46758FA1531EAD938821.TMP\WiseCustomCalla.dll deleted successfully.
C:\WINDOWS\DA0BF7AB88EB46758FA1531EAD938821.TMP\WiseCustomCalla2.exe deleted successfully.
C:\WINDOWS\DA0BF7AB88EB46758FA1531EAD938821.TMP\WiseData.ini deleted successfully.
C:\WINDOWS\DA0BF7AB88EB46758FA1531EAD938821.TMP folder deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\system32\5E3FF373-A59B-84AC-6007-BB0C9AC61A44.avi moved successfully.
C:\Documents and Settings\laurent\Local Settings\Application Data\5E3FF373-A59B-84AC-6007-BB0C9AC61A44.avi moved successfully.
C:\Documents and Settings\laurent\Application Data\5E3FF373-A59B-84AC-6007-BB0C9AC61A44.avi moved successfully.
C:\Documents and Settings\All Users\Application Data\5E3FF373-A59B-84AC-6007-BB0C9AC61A44.avi moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Backups folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Excludes folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy folder moved successfully.
Folder C:\Documents and Settings\laurent\Application Data\Security Defender\ not found.
========== FILES ==========
[color=#A23BEC]< ipconfig /flushdns /c >/color
No captured output from command...
C:\Documents and Settings\laurent\Mes documents\Téléchargements\cmd.bat deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 208896 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1215329 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 131742 bytes

User: Administrateur
->Temp folder emptied: 208896 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: laurent
->Temp folder emptied: 22780781 bytes
->Temporary Internet Files folder emptied: 7230717 bytes
->Java cache emptied: 90383563 bytes
->FireFox cache emptied: 77586201 bytes
->Flash cache emptied: 3202688 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 797796 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 292888247 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 474.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 01202012_234649

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_f5c.dat moved successfully.

Registry entries deleted on Reboot...

Et voici le rapport aswMBR :

aswMBR version 0.9.9.1297 Copyright(c) 2011 AVAST Software
Run date: 2012-01-20 23:55:49
-----------------------------
23:55:49.640 OS Version: Windows 5.1.2600 Service Pack 3
23:55:49.640 Number of processors: 1 586 0x4C02
23:55:49.640 ComputerName: VALUED-12EF4461 UserName: laurent
23:55:51.796 Initialize success
23:56:16.265 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\000000ba
23:56:16.265 Disk 0 Vendor: Hitachi_HTS541612J9SA00 SBDOC70P Size: 114473MB BusType: 3
23:56:16.265 Device \Driver\nvata -> MajorFunction 85a431e8
23:56:16.296 Disk 0 MBR read successfully
23:56:16.296 Disk 0 MBR scan
23:56:16.296 Disk 0 Windows XP default MBR code
23:56:16.312 Disk 0 Partition 1 00 12 Compaq diag MSWIN4.1 5004 MB offset 63
23:56:16.343 Disk 0 Partition 2 80 (A) 0C FAT32 LBA MSWIN4.1 54478 MB offset 10249470
23:56:16.359 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 54988 MB offset 121820895
23:56:16.359 Disk 0 scanning sectors +234436545
23:56:16.421 Disk 0 scanning C:\WINDOWS\system32\drivers
23:56:41.046 Service scanning
23:56:43.312 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
23:56:43.937 Modules scanning
23:57:06.546 Disk 0 trace - called modules:
23:57:06.578 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x85a431e8]<<
23:57:06.578 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859da200]
23:57:06.593 3 CLASSPNP.SYS[f7567fd7] -> nt!IofCallDriver -> \Device\000000bb[0x859cdf18]
23:57:06.593 5 ACPI.sys[f725b620] -> nt!IofCallDriver -> \Device\000000ba[0x859cd030]
23:57:06.609 \Driver\nvata[0x8593e5d0] -> IRP_MJ_CREATE -> 0x85a431e8
23:57:06.609 Scan finished successfully
23:57:21.687 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\laurent\Bureau\MBR.dat"
23:57:21.687 The log file has been saved successfully to "C:\Documents and Settings\laurent\Bureau\aswMBR.txt"

Bonjour,

Le PC se comporte plutôt bien (comme avant l'infection security defender)

J'ai fait la mise à jour de adobe flash player ; par contre pour java et adobe reader, il ne veut pas faire les mises à jour. Je clique sur "update java" mais rien ne se passe.

Voici le rapport :

SX Check&Update
Lien vers le tutoriel : http://forum.security-x.fr/tutoriels-317/tutoriel-sx-checkupdate/
---
Windows Version : Windows XP 32 bits
Service Pack : 3
UserName : laurent
21/01/2012
11:37:44
version = v0.1.0
---
Windows Update Information :
AUOptions : 4
Automatically, no notification
---
Name : FlashPlayer ActiveX
Version : 10.0.12.36
Flash Player ActiveX n'est pas à jour!

Name : FlashPlayer Plugin
Version : 11.1.102.55
Flash Player Plugin est à jour

Nom : Adobe Photoshop CS3
Version : 10.0
Adobe Reader n'est pas à jour!

Nom : Mozilla Firefox 9.0.1 (x86 fr)
Version : 9.0.1

Name : FlashPlayer ActiveX
Version : 9
Flash Player ActiveX n'est pas à jour!

Java Information :
Nom : Java(TM) 6 Update 13
Version : 6.0.130
Java(TM) 6 Update 13 n'est pas à jour!

Java Information :
Nom : Java(TM) 6 Update 3
Version : 1.6.0.30
Java(TM) 6 Update 3 n'est pas à jour!

Java Information :
Nom : Java(TM) 6 Update 5
Version : 1.6.0.50
Java(TM) 6 Update 5 n'est pas à jour!

Java Information :
Nom : Java(TM) 6 Update 7
Version : 1.6.0.70
Java(TM) 6 Update 7 n'est pas à jour!

Nom : Adobe Photoshop CS3
Version : 10
Adobe Reader n'est pas à jour!

Name : Adobe PDF Library Files
Version : 8.0
Adobe Reader n'est pas à jour!
Nom : Internet Explorer
Version : 8.0.6001.18702

Ok c'est fait.

Merci beaucoup d'avoir pris le temps de m'aider et merci pour les conseils !!!

Je vais un peu abuser de ton aide mais j'ai autre souci sur mon PC et je me dit que c'est peut être un truc tout con à faire mais que j'ignore :

En fait il arrive (en moyenne une fois sur 2) que mon PC s'allume avec une ergonomie assez "grosse" (gros icônes, gros curseur...) alors que parfois tout est normal ; je ne comprends pas pourquoi ...