Trojan.DOS.Sinowal!E2

Modérateur: Modérateurs et Modératrices

Trojan.DOS.Sinowal!E2

Messagede waloo » 02 04 2012

Bonjour à tous,

J'ai un souci avec un Trojan du joli nom de Trojan.DOS.Sinowal!E2, détecté par A2 Square Free.
J'ai cru à un leurre, mais NOD32 me l'a trouvé aussi par hasard.
Mon souci est que ce trojan est indiqué sur " Rootkits:\\.\PhysicalDrive0 "
Je n'arrive pas à le supprimer, le trouve pas non plus sur internet.
Seul le scan de A2 Square me l'a trouvé en mode sans échec.
Les autres, Malwarebytes, Ad-Aware ou spybot ne trouvent rien ; même NOD 32 ne le trouve pas, sauf une fois, c'est pour cela que je l'ai indiqué en "découvert par hasard".
Quelqu'un pourrait-il m'aider à le supprimer efficacement ?
Cordialement,
Waloo

PC Win XP PRO Sp3, AMD64 X2, 6000+, 3 Go Ram
waloo
 
Messages: 160
Inscription: 10 09 2004

Re: Trojan.DOS.Sinowal!E2

Messagede waloo » 02 04 2012

Re-Bonjour,

Le trojan a maintenant un nouveau nom trouvé par NOD32 : win32.Mebroot.Fx

Cordialement,

Waloo
waloo
 
Messages: 160
Inscription: 10 09 2004

Re: Trojan.DOS.Sinowal!E2

Messagede nickW » 03 04 2012

Bonsoir,

Peux-tu envoyer trois rapports d'analyse:

1/ les deux rapports d'analyse de OTL
(voir les points 1 et 7 de cette procédure)

2/ un rapport d'analyse Gmer:

Étape 1: Gmer, téléchargement
Télécharger le programme exécutable (fichier .exe) depuis la page http://www.gmer.net/#files
Cliquer sur le bouton Download EXE.
Enregistrer le fichier à la racine du disque système (généralement C: ) en notant son nom (qui est aléatoire).

Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.

Étape 3: Gmer, exécution

Fermer absolument toutes les applications, les connexions et les navigateurs.

Faire un double clic sur le fichier au nom aléatoire téléchargé précédemment.

Attendre quelques instants le chargement du pilote et les premières recherches.

Si l'outil affiche un message "WARNING !!! GMER has found system modification ... Do You want to fully scan your system ?", cliquer sur NO.

Vérifier que toutes les cases de la colonne de droite sont cochées sauf
Sections
les lecteurs autres que C:\
"Show all"

comme ceci:
Image

puis cliquer sur le bouton Scan.

Attendre sans rien faire d'autre (... c'est un peu long...).
Les clés de Registre & fichiers analysés s'affichent en bas de la fenêtre.

Lorsque l'outil a terminé (il n'y a plus de défilement en bas de la fenêtre), cliquer sur le bouton Save ....

Une fenêtre du Bloc-notes va s'ouvrir, contenant le fichier rapport.
Note: Dans le Bloc-notes, vérifier dans le menu Format que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sur le Bureau sous le nom gmer-120402.txt.
Fermer la fenêtre Gmer (clic sur OK).

Étape 4: Réactivation des programmes de sécurité résidents
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.

Étape 5: Résultats
Envoyer en réponse:
*- le rapport de Gmer (contenu du fichier gmer-120402.txt)<----ce rapport est parfois très long; vérifier qu'il est complet; si nécessaire le découper en plusieurs messages -- en utilisant toujours le bouton Répondre.


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 05 2004
Localisation: Dordogne/Île de France

Re: Trojan.DOS.Sinowal!E2

Messagede waloo » 03 04 2012

Bonjour nickW,

Je n'ai qu'un seul rapport OTL, et non deux. Il y a uniquement celui du bloc note. Je te le pose ci-dessous :

OTL logfile created on: 03/04/2012 10:22:22 - Run 3
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Documents and Settings\Dom\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.94 Gb Available Physical Memory | 64.53% Memory free
4.84 Gb Paging File | 3.92 Gb Available in Paging File | 80.93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 244.14 Gb Total Space | 180.57 Gb Free Space | 73.96% Space Free | Partition Type: NTFS
Drive D: | 221.61 Gb Total Space | 86.40 Gb Free Space | 38.99% Space Free | Partition Type: NTFS
Drive K: | 465.76 Gb Total Space | 5.74 Gb Free Space | 1.23% Space Free | Partition Type: NTFS
Drive V: | 219.83 Gb Total Space | 201.36 Gb Free Space | 91.60% Space Free | Partition Type: NTFS

Computer Name: DOMINIQUE | User Name: Dom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/03 09:54:04 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Bureau\OTL.exe
PRC - [2012/03/19 11:24:56 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/02/07 18:10:51 | 000,136,584 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2012/02/07 18:10:16 | 000,374,152 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
PRC - [2012/01/22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe
PRC - [2011/12/20 14:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011/11/25 11:09:45 | 001,993,728 | ---- | M] (Michel Krämer) -- C:\Program Files\Spamihilator\spamihilator.exe
PRC - [2011/11/04 11:14:54 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/11/04 11:14:53 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2011/09/22 12:03:02 | 003,080,264 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2011/01/11 19:04:04 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2010/09/13 20:02:44 | 000,399,872 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2010/02/25 16:42:58 | 003,436,544 | ---- | M] (Panasonic System Networks Co., Ltd.) -- C:\Program Files\Panasonic\Communication Assistant\Communication Assistant.exe
PRC - [2009/12/01 10:36:27 | 000,165,888 | ---- | M] (Samsung Software Center, Moscow) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe
PRC - [2009/11/26 10:02:05 | 001,975,808 | ---- | M] () -- C:\WINDOWS\twain_32\Samsung\CLX6250\Scan2Pc.exe
PRC - [2009/11/25 15:46:40 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009/10/26 09:33:41 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
PRC - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/28 12:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Maxtor\Sync\SyncServices.exe
PRC - [2004/10/21 15:40:26 | 001,381,376 | ---- | M] (Astase) -- C:\Program Files\Astase\UltraBackup\4.0\bin\ubTray.exe
PRC - [2003/07/19 17:48:42 | 000,118,784 | ---- | M] () -- C:\Program Files\MRU-Blaster\scheduler.exe
PRC - [2003/06/20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\MDM.EXE


========== Modules (No Company Name) ==========

MOD - [2012/03/19 11:24:56 | 001,969,080 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/02/23 11:53:13 | 011,817,472 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\29bdc8352d3c26e3c572ea60639dec3b\System.Web.ni.dll
MOD - [2012/02/23 11:53:07 | 000,627,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\f25d114cb629d1f512f98883c6535a75\System.Transactions.ni.dll
MOD - [2012/02/23 11:52:53 | 000,627,712 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\c0d15fb6308587fef8744d568e64bcda\System.EnterpriseServices.ni.dll
MOD - [2012/02/23 11:52:14 | 001,712,128 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\96e485c02ad346a2bd26a635e7fcb023\Microsoft.VisualBasic.ni.dll
MOD - [2012/02/23 11:50:51 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\94a40f415bfa947e251888bbe88bb973\System.Configuration.ni.dll
MOD - [2012/02/23 10:35:22 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\77e1279cbf4eecfb0284b63316fe43fe\System.Xml.ni.dll
MOD - [2012/02/23 10:35:19 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ad99ac6b5666edb8ee742dd64f9578af\System.Windows.Forms.ni.dll
MOD - [2012/02/23 10:35:08 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\9351cf29bb1ba951e45a9b3b0edab937\System.Drawing.ni.dll
MOD - [2012/02/23 10:34:57 | 006,616,576 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\ae888f8633fce3ff1de98e32bce0abbf\System.Data.ni.dll
MOD - [2012/02/23 10:32:44 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\9e3803cd2a11f056291862e306a8e2b2\System.ni.dll
MOD - [2012/02/23 10:32:03 | 003,186,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012/02/23 10:32:02 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2012/02/23 10:32:02 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2012/02/23 10:31:58 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2012/02/23 10:31:58 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2012/02/17 10:11:53 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2012/02/05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll
MOD - [2012/02/05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll
MOD - [2012/01/03 15:10:46 | 000,301,056 | ---- | M] () -- C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA
MOD - [2011/12/20 14:32:00 | 001,515,520 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011/12/20 14:32:00 | 000,634,880 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011/12/20 14:32:00 | 000,559,244 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011/12/20 14:32:00 | 000,516,599 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011/12/20 14:32:00 | 000,389,120 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011/12/20 14:32:00 | 000,172,032 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011/12/20 14:32:00 | 000,143,360 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011/12/20 14:32:00 | 000,103,936 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\OutputLog.dll
MOD - [2011/12/20 14:32:00 | 000,094,208 | ---- | M] () -- C:\Program Files\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011/11/25 11:09:45 | 000,279,040 | ---- | M] () -- C:\Program Files\Spamihilator\sqlite3.dll
MOD - [2011/11/25 11:09:45 | 000,060,416 | ---- | M] () -- C:\Program Files\Spamihilator\zlib1.dll
MOD - [2011/10/13 10:55:09 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MOD - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
MOD - [2011/09/01 15:17:13 | 000,430,568 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll
MOD - [2011/09/01 15:17:11 | 000,589,184 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/09/01 15:16:33 | 000,508,776 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw
MOD - [2011/08/18 15:25:12 | 000,308,560 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll
MOD - [2010/03/11 14:57:02 | 000,311,296 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/03/11 14:57:00 | 000,430,080 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_fr_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010/02/25 16:37:38 | 000,630,784 | ---- | M] () -- C:\Program Files\Panasonic\Communication Assistant\System.Data.SQLite.DLL
MOD - [2009/11/26 10:02:05 | 001,975,808 | ---- | M] () -- C:\WINDOWS\twain_32\Samsung\CLX6250\Scan2Pc.exe
MOD - [2009/11/25 15:46:40 | 000,614,400 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009/10/26 09:33:41 | 000,015,872 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant.exe
MOD - [2009/10/26 09:33:33 | 000,010,240 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerCOM.dll
MOD - [2009/10/26 09:33:32 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2009/09/28 13:17:03 | 000,242,688 | ---- | M] () -- C:\WINDOWS\twain_32\Samsung\CLX6250\NetModule2.dll
MOD - [2009/08/13 12:21:53 | 001,384,520 | ---- | M] () -- C:\WINDOWS\twain_32\Samsung\CLX6250\SSOle.dll
MOD - [2009/08/13 12:21:08 | 000,155,648 | ---- | M] () -- C:\WINDOWS\twain_32\Samsung\CLX6250\IMFilter.dll
MOD - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
MOD - [2009/04/07 10:17:55 | 000,026,624 | ---- | M] () -- C:\WINDOWS\system32\ssy1cl3.dll
MOD - [2007/06/12 03:50:07 | 000,022,723 | ---- | M] () -- C:\WINDOWS\system32\c620cl3.dll
MOD - [2003/07/19 17:48:42 | 000,118,784 | ---- | M] () -- C:\Program Files\MRU-Blaster\scheduler.exe
MOD - [2003/06/02 08:15:47 | 000,595,968 | ---- | M] () -- C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPdfManagerPopup.dll
MOD - [2003/05/20 01:00:00 | 000,119,808 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [1999/03/03 18:21:50 | 000,121,344 | ---- | M] () -- C:\Program Files\Corel\Shared\versions\vers232.dll
MOD - [1999/03/03 18:21:50 | 000,017,920 | ---- | M] () -- C:\Program Files\Corel\Shared\versions\implode.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/02/07 18:10:51 | 000,136,584 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2012/02/07 18:10:16 | 000,374,152 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/01/24 12:25:20 | 000,078,336 | ---- | M] (Dassault Systèmes) [On_Demand | Stopped] -- C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe -- (DraftSight API Service)
SRV - [2012/01/22 08:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) [On_Demand | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware)
SRV - [2011/11/04 11:14:53 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/09/22 12:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/09/15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011/02/28 12:45:19 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2011/01/11 19:04:04 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2010/09/13 20:02:44 | 000,399,872 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
SRV - [2009/12/01 10:36:27 | 000,165,888 | ---- | M] (Samsung Software Center, Moscow) [Auto | Running] -- C:\WINDOWS\system32\spool\drivers\w32x86\3\NetFaxServer.exe -- (Samsung Network Fax Server)
SRV - [2009/11/20 20:42:10 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/04/30 13:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2007/09/28 12:24:36 | 000,156,976 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2003/07/28 21:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2003/06/20 00:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\MDM.EXE -- (MDM)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xpsec.sys -- (xpsec)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xcpip.sys -- (xcpip)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\Drivers\SSPORT.sys -- (SSPORT)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\jqeeh.sys -- (jqeeh.sys)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/02/07 18:10:21 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2011/11/02 10:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Stopped] -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc)
DRV - [2011/08/18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\Lbd.sys -- (Lbd)
DRV - [2011/08/18 15:25:12 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/08/09 14:24:52 | 000,154,136 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2011/08/04 09:20:38 | 000,103,112 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/05/19 13:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA)
DRV - [2011/01/11 19:04:04 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2011/01/11 19:04:04 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2010/06/22 19:01:50 | 000,021,248 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010/03/17 15:42:25 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2009/06/10 16:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009/04/22 15:46:42 | 003,482,112 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/02/09 00:42:42 | 000,099,968 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hxctlflt.sys -- (hxctlflt)
DRV - [2008/12/11 11:24:20 | 004,959,232 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/05/16 13:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM)
DRV - [2008/05/16 13:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS)
DRV - [2008/05/16 13:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008/05/16 13:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008/05/16 13:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM)
DRV - [2008/05/16 13:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008/05/16 13:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) Sony Ericsson Device 0016 driver (WDM)
DRV - [2008/01/09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007/08/21 20:49:28 | 000,017,912 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\markfun.w32 -- (MarkFun_NT)
DRV - [2007/05/03 14:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2007/03/23 12:58:47 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2006/11/27 17:33:54 | 000,019,968 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/11/27 17:33:50 | 000,058,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/10/18 17:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvata.sys -- (nvata)
DRV - [2006/07/01 23:42:58 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [1999/03/11 15:29:38 | 000,136,224 | ---- | M] (Schneider Automation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Duntlw.sys -- (DUNTLW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-823518204-507921405-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
IE - HKU\S-1-5-21-823518204-507921405-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKU\S-1-5-21-823518204-507921405-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 D5 48 D2 D9 5B CA 01 [binary data]
IE - HKU\S-1-5-21-823518204-507921405-725345543-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-823518204-507921405-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-823518204-507921405-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-823518204-507921405-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.orange.fr/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.652
FF - prefs.js..extensions.enabledItems: rsDownloadHelper@yevgenyandrov.net:1.0
FF - prefs.js..extensions.enabledItems: unplug@compunach:2.047
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/19 11:24:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/31 19:27:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/03/28 17:50:32 | 000,000,000 | ---D | M]

[2010/03/15 12:35:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dom\Application Data\Mozilla\Extensions
[2012/03/30 09:40:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Dom\Application Data\Mozilla\Firefox\Profiles\c7v7les1.default\extensions
[2010/06/29 13:28:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Dom\Application Data\Mozilla\Firefox\Profiles\c7v7les1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/30 09:40:58 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Dom\Application Data\Mozilla\Firefox\Profiles\c7v7les1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/02/08 12:56:12 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Dom\Application Data\Mozilla\Firefox\Profiles\c7v7les1.default\extensions\LogMeInClient@logmein.com
[2010/04/02 14:08:28 | 000,000,000 | ---D | M] (RapidShare DownloadHelper) -- C:\Documents and Settings\Dom\Application Data\Mozilla\Firefox\Profiles\c7v7les1.default\extensions\rsDownloadHelper@yevgenyandrov.net
[2011/08/24 12:27:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/24 12:27:12 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C7V7LES1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\DOM\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\C7V7LES1.DEFAULT\EXTENSIONS\UNPLUG@COMPUNACH.XPI
[2012/03/19 11:24:56 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/03/27 11:50:58 | 001,093,632 | ---- | M] (UNISYS France) -- C:\Program Files\mozilla firefox\plugins\npornap.dll
[2012/02/17 14:09:41 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2012/02/17 14:09:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/17 14:09:41 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2012/02/17 14:09:41 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/02/17 14:09:41 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2012/02/17 14:09:41 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2012/04/02 19:15:56 | 000,440,676 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15173 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4 - HKLM..\Run: [6250 Scan2PC] C:\WINDOWS\Twain_32\Samsung\CLX6250\Scan2pc.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Internet Sweeper] C:\WINDOWS\System32\SWEEPER.EXE (Emery Info-Engineering <brettemery@bmesite.com>)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe ()
O4 - HKU\S-1-5-21-823518204-507921405-725345543-1003..\Run: [Ub4TrayApp] C:\Program Files\Astase\UltraBackup\4.0\bin\ubtray.exe (Astase)
O4 - HKU\S-1-5-21-823518204-507921405-725345543-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil11f_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Communication Assistant.lnk = C:\Program Files\Panasonic\Communication Assistant\Communication Assistant.exe (Panasonic System Networks Co., Ltd.)
O4 - Startup: C:\Documents and Settings\Dom\Menu Démarrer\Programmes\Démarrage\MRU-Blaster Scheduler.lnk = C:\Program Files\MRU-Blaster\scheduler.exe ()
O4 - Startup: C:\Documents and Settings\Dom\Menu Démarrer\Programmes\Démarrage\MRU-Blaster Silent Clean.lnk = C:\Program Files\MRU-Blaster\mrublaster.exe ()
O4 - Startup: C:\Documents and Settings\Dom\Menu Démarrer\Programmes\Démarrage\Raccourci vers Dserveur sur '192.168.2.10' (V) [2009/11/02 16:36:00 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Dom\Menu Démarrer\Programmes\Démarrage\Spamihilator.lnk = C:\Program Files\Spamihilator\spamihilator.exe (Michel Krämer)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-823518204-507921405-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-823518204-507921405-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-823518204-507921405-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-823518204-507921405-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Sélection par capture - {A36A58CC-70D5-4462-9C90-C0E9D244B230} - C:\Program Files\SmarThru Office\WebCapture.dll ()
O9 - Extra 'Tools' menuitem : Sélection par capt - {A36A58CC-70D5-4462-9C90-C0E9D244B230} - C:\Program Files\SmarThru Office\WebCapture.dll ()
O9 - Extra Button: Enregistrer le texte sélectionné - {A5183750-A927-4ec3-B027-C633A2D5418C} - C:\Program Files\SmarThru Office\WebCapture.dll ()
O9 - Extra 'Tools' menuitem : Enregistrer le text - {A5183750-A927-4ec3-B027-C633A2D5418C} - C:\Program Files\SmarThru Office\WebCapture.dll ()
O9 - Extra Button: Enregistrer au format HTML - {BDC4DF0E-D605-48d6-B4AF-CA5927A463EE} - C:\Program Files\SmarThru Office\WebCapture.dll ()
O9 - Extra 'Tools' menuitem : Enregistrer ace - {BDC4DF0E-D605-48d6-B4AF-CA5927A463EE} - C:\Program Files\SmarThru Office\WebCapture.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 7218651109 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microso ... 7218796968 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {A06BE318-C096-11D4-964F-0010A4D06F69} https://tva.dgi.minefi.gouv.fr/activeX/TeleTVA.tva (TeleTVA Control)
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} https://cfspro.impots.gouv.fr/efitvamap ... .0.0.1.cab (AdSignerLCContrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=724 (Performance Viewer Activex Control)
O16 - DPF: Microsoft XML Parser for Java file:///C:/WINDOWS/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3ABCB85A-7977-4215-9998-92BB79553F92}: NameServer = 80.10.246.2,80.10.246.129
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Dom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Dom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/02 13:00:47 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/05/10 08:48:26 | 000,000,032 | ---- | M] () - K:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012/04/03 09:54:00 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dom\Bureau\OTL.exe
[2012/04/02 12:08:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Emsisoft Anti-Malware
[2012/04/02 12:07:51 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware
[2012/04/02 12:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Mes documents\Anti-Malware
[2012/03/28 17:50:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ESET
[2012/03/28 10:19:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Application Data\TeamViewer
[2012/03/23 16:25:02 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Dom\Recent
[2012/03/15 19:17:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\dwhelper
[2012/03/12 20:05:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Application Data\Google
[2012/03/12 20:04:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Google Earth
[2012/03/12 20:02:49 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2012/03/05 11:14:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Dom\Mes documents\P6 - Pavilion

========== Files - Modified Within 30 Days ==========

[2012/04/03 10:23:37 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/04/03 10:15:09 | 000,000,340 | RHS- | M] () -- C:\boot.ini
[2012/04/03 10:12:00 | 000,001,050 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/04/03 09:54:04 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dom\Bureau\OTL.exe
[2012/04/03 09:48:58 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{2A39B585-92EF-4643-A714-17129AF1E011}.job
[2012/04/03 09:47:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\GlaryInitialize.job
[2012/04/03 09:46:59 | 000,001,046 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/04/03 09:46:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/04/03 08:57:01 | 000,000,506 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/04/03 08:56:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/04/02 20:09:19 | 000,007,008 | ---- | M] () -- C:\WINDOWS\GV150.DCI
[2012/04/02 20:09:19 | 000,002,841 | ---- | M] () -- C:\WINDOWS\GV150.SPF
[2012/04/02 20:09:19 | 000,002,841 | ---- | M] () -- C:\WINDOWS\GV150.DTI
[2012/04/02 19:15:56 | 000,440,676 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/04/02 12:26:26 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/04/02 12:08:18 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\Dom\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/04/02 12:08:17 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Emsisoft Anti-Malware.lnk
[2012/04/02 11:58:46 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012/04/02 11:58:43 | 000,129,536 | ---- | M] () -- C:\Documents and Settings\Dom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/30 09:30:51 | 000,001,802 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\ESET NOD32 Antivirus.lnk
[2012/03/29 14:40:06 | 000,002,531 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\DraftSight.lnk
[2012/03/27 22:02:52 | 000,000,829 | ---- | M] () -- C:\Documents and Settings\Dom\Application Data\Microsoft\Internet Explorer\Quick Launch\Démarrer Microsoft Office Outlook.lnk
[2012/03/27 22:02:50 | 000,555,778 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2012/03/27 22:02:50 | 000,484,720 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/03/27 22:02:50 | 000,095,600 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2012/03/27 22:02:50 | 000,080,734 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/03/27 22:02:49 | 000,002,623 | ---- | M] () -- C:\Documents and Settings\Dom\Bureau\Microsoft Office Outlook 2003.lnk
[2012/03/27 08:54:20 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/03/27 08:54:20 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/03/23 18:37:43 | 000,000,241 | ---- | M] () -- C:\WINDOWS\System32\CRUNX.BIN
[2012/03/23 16:28:36 | 000,440,585 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120402-191556.backup
[2012/03/23 16:26:10 | 000,000,821 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/03/15 10:00:48 | 001,640,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/03/14 12:46:02 | 000,000,186 | ---- | M] () -- C:\CielVideo.ini
[2012/03/06 13:20:46 | 000,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini

========== Files Created - No Company Name ==========

[2012/04/03 10:23:37 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/04/02 12:26:26 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2012/04/02 12:08:18 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\Dom\Application Data\Microsoft\Internet Explorer\Quick Launch\Emsisoft Anti-Malware.lnk
[2012/04/02 12:08:17 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Emsisoft Anti-Malware.lnk
[2012/03/23 16:26:10 | 000,000,821 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes Anti-Malware.lnk
[2012/03/12 20:02:51 | 000,001,050 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/12 20:02:51 | 000,001,046 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/23 10:29:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/26 20:11:56 | 000,000,051 | ---- | C] () -- C:\WINDOWS\npornap.INI
[2012/01/24 11:40:10 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/01/24 11:40:10 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/09/01 18:10:51 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2011/08/24 12:02:29 | 003,600,384 | ---- | C] () -- C:\WINDOWS\ffmpeg.exe
[2011/08/24 12:00:57 | 003,482,112 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2011/08/24 12:00:57 | 000,176,128 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2011/08/24 12:00:57 | 000,027,264 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2011/08/24 12:00:57 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2011/08/24 12:00:56 | 000,184,320 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2011/07/25 15:36:57 | 000,950,585 | ---- | C] () -- C:\WINDOWS\System32\libiconv-2.dll
[2011/07/25 15:33:17 | 000,197,632 | ---- | C] () -- C:\WINDOWS\System32\SaXPWIA.dll
[2011/07/25 15:33:17 | 000,138,240 | ---- | C] () -- C:\WINDOWS\System32\SaXPUIEx.dll
[2011/07/25 15:33:17 | 000,117,248 | ---- | C] () -- C:\WINDOWS\System32\SaXPIPH.dll
[2011/07/25 15:33:17 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\SaXPSTI.dll
[2011/07/25 15:33:16 | 000,140,288 | ---- | C] () -- C:\WINDOWS\System32\SaXPEH.dll
[2011/07/25 15:32:35 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\ssy1cl3.dll
[2011/07/05 12:47:21 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\default_user_class.dat
[2011/05/05 14:19:26 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/05 14:19:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/05 14:19:26 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/05 14:19:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/05 14:19:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/05 14:11:10 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/05 14:11:10 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/04 17:21:42 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/07 19:50:08 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2011/02/28 12:45:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2010/12/03 10:50:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\CorelDrw.INI
[2010/07/15 09:09:15 | 000,000,751 | ---- | C] () -- C:\WINDOWS\Tda30.INI
[2010/07/15 09:09:15 | 000,000,736 | ---- | C] () -- C:\WINDOWS\Tda200.INI
[2010/07/06 14:07:33 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/07/06 14:07:32 | 000,217,180 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/07/06 14:07:32 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/07/06 10:53:20 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Dom\Local Settings\Application Data\PUTTY.RND
[2010/06/25 10:28:48 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Dom\Local Settings\Application Data\fusioncache.dat
[2010/06/15 10:13:35 | 000,008,096 | ---- | C] () -- C:\WINDOWS\Wcdtgr.dll
[2010/06/15 10:13:35 | 000,004,064 | ---- | C] () -- C:\WINDOWS\Wnetwt16.dll
[2010/06/15 10:13:34 | 000,013,888 | ---- | C] () -- C:\WINDOWS\Wdtgr.dll
[2010/06/15 10:13:34 | 000,006,656 | ---- | C] () -- C:\WINDOWS\Wnetway.dll
[2010/06/15 10:11:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PRFSERV.INI
[2010/06/15 10:11:10 | 000,000,552 | ---- | C] () -- C:\WINDOWS\PL7SYS.INI
[2010/05/19 12:54:23 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/05/05 15:39:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DbgOut.INI
[2010/04/28 17:01:04 | 000,000,059 | ---- | C] () -- C:\WINDOWS\WTB.INI
[2010/04/23 10:02:40 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2010/04/23 10:02:37 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll

========== LOP Check ==========

[2010/03/09 16:54:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\GlarySoft
[2012/03/23 17:45:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\uTorrent
[2009/11/26 14:38:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2012/04/03 09:59:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\catalog.wci
[2009/11/05 15:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ciel
[2012/02/17 13:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dassault Systemes
[2011/02/28 12:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
[2009/11/02 17:12:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESET
[2010/03/11 15:05:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Foundstone Free Tools
[2012/04/03 08:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2009/11/04 16:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Maxtor
[2011/07/29 14:57:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panasonic
[2010/02/18 18:45:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickMediaConverter
[2010/10/13 19:00:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Audacity
[2010/02/18 18:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\CocoonSoftware
[2011/02/28 12:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\DassaultSystemes
[2012/02/17 13:48:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\DraftSight
[2011/02/28 12:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\EDrawings
[2011/05/21 11:50:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\FK_Monitor
[2010/03/11 15:05:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Foundstone Free Tools
[2010/05/19 12:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\FreeAudioPack
[2009/11/17 15:38:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\GlarySoft
[2012/01/24 11:10:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\HTC
[2011/01/14 11:25:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011/04/11 10:06:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Outlook
[2011/08/01 10:39:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Panasonic
[2010/04/23 10:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Samsung
[2012/04/03 09:47:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Spamihilator
[2009/11/03 20:48:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Systenance
[2012/03/28 10:19:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\TeamViewer
[2010/05/05 16:05:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\Teleca
[2012/03/28 17:36:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\uTorrent
[2011/03/25 14:02:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Dom\Application Data\XnView
[2011/07/25 15:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Samsung
[2012/04/03 08:57:01 | 000,000,506 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2012/04/03 09:47:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\Tasks\GlaryInitialize.job
[2012/04/02 20:21:48 | 000,032,562 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
[2012/04/03 09:48:58 | 000,000,428 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{2A39B585-92EF-4643-A714-17129AF1E011}.job

========== Purity Check ==========



=> Suite sur page suivante....
waloo
 
Messages: 160
Inscription: 10 09 2004

Re: Trojan.DOS.Sinowal!E2

Messagede waloo » 03 04 2012

=>... suite ....




========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/11/02 17:31:18 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/11/02 17:31:18 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\dllcache\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/11/02 17:31:18 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/11/02 17:31:18 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys

< MD5 for: CTFMON.EXE >
[2004/08/05 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5584247B568C2E53934873F4B655FE6A -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ERDNT\cache\ctfmon.exe
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\dllcache\ctfmon.exe

< MD5 for: EVENTLOG.DLL >
[2004/08/05 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2004/08/05 14:00:00 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=4C33E5B9A6197B6ED215F6CFBA0A2DAA -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\system32\dllcache\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/10/18 17:31:38 | 000,105,472 | ---- | M] (NVIDIA Corporation) MD5=EF9941593B2E9B436F64A87DDB570D1A -- C:\WINDOWS\system32\drivers\nvata.sys

< MD5 for: SCECLI.DLL >
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\dllcache\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/05 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2011/11/17 16:14:07 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\dllcache\userinit.exe
[2011/11/17 16:14:07 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 15:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2004/08/05 14:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >
waloo
 
Messages: 160
Inscription: 10 09 2004

Re: Trojan.DOS.Sinowal!E2

Messagede waloo » 03 04 2012

=> Et enfin le rapport GMER :



GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-03 13:22:36
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\00000068 STM3500418AS rev.CC34
Running: c082mlkk.exe; Driver: C:\DOCUME~1\Dom\LOCALS~1\Temp\axlyqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xB40F74B0]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwCreateKey [0xB80F887E]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwCreateThread [0xB40F77F0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xB40F7AB0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xB40F75D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwLoadDriver [0xB40F78B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xB40F7350]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xB40F7410]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xB40F7570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwQueueApcThread [0xB40F7630]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xB40F7530]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xB40F74F0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xB40F7670]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSystemInformation [0xB40F7870]
SSDT Lbd.sys (Boot Driver/Lavasoft AB) ZwSetValueKey [0xB80F8BFE]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xB40F73B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xB40F7430]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSystemDebugControl [0xB40F7830]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateProcess [0xB40F7370]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xB40F7470]
SSDT \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys ZwUnloadKey [0x9D83875C]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xB40F75F0]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys (ESET Antivirus Network Redirector/ESET)

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 malicious Win32:MBRoot code @ sector 976752003

---- EOF - GMER 1.0.15 ----
waloo
 
Messages: 160
Inscription: 10 09 2004

Re: Trojan.DOS.Sinowal!E2

Messagede nickW » 03 04 2012

Bonjour,

waloo a écrit:Je n'ai qu'un seul rapport OTL, et non deux. Il y a uniquement celui du bloc note.

Baaahh oui, quand on ne lit pas toute ma douce et délicate prose ..... :wink:
Si ce n'est déjà fait, dans le paragraphe Registre: approfondi, cocher le bouton-radio Avec liste blanche:
Image

... on n'obtient pas les résultats escomptés ..... :wink: :wink:


Nouvelles vérifications:

Étape 1: aswMBR (de gmer/avast), téléchargement
Télécharger aswMBR depuis le lien ci-dessous:
http://public.avast.com/~gmerek/aswMBR.exe

Enregistrer ce fichier sur le Bureau.


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et de l'antispyware.


Étape 3: aswMBR (de gmer/avast), exécution
Faire un double clic sur aswMBR.exe pour lancer l'exécution de l'outil.

Dans la petite fenêtre "aswMBR" qui s'affiche, sous la question "Would you like to download latest Avast! virus definitions ?", cliquer sur Non.

Cliquer sur le bouton Scan pour lancer l'analyse:
Image

Attendre l'affichage de la ligne Image

Cliquer sur le bouton Image et enregistrer le fichier sous le nom aswMBR-120403.txt sur le Bureau.
Cliquer sur le bouton Exit, et confirmer en cliquant sur Oui.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et de l'antispyware.


Étape 5: Contrôle du MBR sur VirusTotal
aswMBR a sauvegardé une copie du MBR sur le Bureau, nommée MBR.dat.
Note: MBR = Master Boot Record alias Zone amorce. Voir ici.

Aller sur le site http://www.virustotal.com/ - Note: Javascript doit être activé ainsi que l'acceptation des cookies du site.

Cliquer sur le bouton Choose File
Dans la fenêtre "Envoi du fichier", naviguer jusqu'au Bureau, puis sélectionner le fichier MBR.dat et cliquer sur le bouton Ouvrir

Cliquer sur Image Scan It!.

Le fichier est envoyé (affichage de: Uploading file...).

Si Virustotal annonce que le fichier a déjà été analysé (affichage de: File already submitted), cliquer sur le bouton Reanalyse

Il est possible que l'analyse soit mise en file d'attente (affichage de: Your file is at position * in the analysis queue) (si de nombreuses demandes d'analyse sont en cours). Il faut dans ce cas patienter, sans Actualiser la page.

Laisser l'analyse se dérouler (affichage de: Your file is being analysed).

Lorsque l'analyse est terminée (disparition de: Your file is being analysed), il y a affichage de la somme de contrôle SHA256, ainsi que des résultats d'analyse.


Étape 6: Résultat
Envoyer en réponse:
*- le rapport de aswMBR (contenu du fichier aswMBR-120403.txt situé sur le Bureau).
*- la somme de contrôle SHA256 du fichier
(cela ressemble à: 973ea43bc788974a7a1268080d56705dab845d76609fa7c7d4615f53ceb6c3b7)
*- l'adresse de la page des résultats
(cela ressemble à: https://www.virustotal.com/file/d3c1d75e786b9911bea4c8dc75fa529e236e80ce5c659d1854eca4dae5b7535a/analysis/1333464924/)

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 05 2004
Localisation: Dordogne/Île de France

Re: Trojan.DOS.Sinowal!E2

Messagede waloo » 06 04 2012

Bonjour nickW,

Pif paf pour moi, ai vraiment mal lu la subbblime prose... Honte à moi.... :oops: :whip:

Vais me rattraper et tout relire deux fois !!! :Mouaaarrrrffffffff:

Ci-joint le rapport du fichier aswMBR-120403.txt :

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-06 11:17:01
-----------------------------
11:17:01.953 OS Version: Windows 5.1.2600 Service Pack 3
11:17:01.953 Number of processors: 2 586 0x4303
11:17:01.953 ComputerName: DOMINIQUE UserName: Dom
11:17:03.078 Initialize success
11:17:23.000 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
11:17:23.000 Disk 0 Vendor: STM3500418AS CC34 Size: 476938MB BusType: 3
11:17:23.015 Disk 0 MBR read successfully
11:17:23.031 Disk 0 MBR scan
11:17:23.031 Disk 0 Windows XP default MBR code
11:17:23.031 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 250003 MB offset 63
11:17:23.031 Disk 0 Partition - 00 0F Extended LBA 226925 MB offset 512007615
11:17:23.046 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 226925 MB offset 512007678
11:17:23.046 Disk 0 scanning sectors +976752000
11:17:23.062 Disk 0 malicious Win32:MBRoot code @ sector 976752003 !
11:17:23.093 Disk 0 scanning C:\WINDOWS\system32\drivers
11:17:32.906 Service scanning
11:17:40.187 Modules scanning
11:17:43.406 Disk 0 trace - called modules:
11:17:43.734 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
11:17:43.750 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac34ab8]
11:17:43.750 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8ac7ad08]
11:17:43.750 5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\00000068[0x8ac34030]
11:17:43.750 Scan finished successfully
11:18:28.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dom\Bureau\MBR.dat"
11:18:28.968 The log file has been saved successfully to "C:\Documents and Settings\Dom\Bureau\aswMBR-120403.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-06 11:20:20
-----------------------------
11:20:20.453 OS Version: Windows 5.1.2600 Service Pack 3
11:20:20.453 Number of processors: 2 586 0x4303
11:20:20.453 ComputerName: DOMINIQUE UserName: Dom
11:20:20.687 Initialize success
11:20:24.109 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000068
11:20:24.109 Disk 0 Vendor: STM3500418AS CC34 Size: 476938MB BusType: 3
11:20:24.109 Disk 0 MBR read successfully
11:20:24.109 Disk 0 MBR scan
11:20:24.109 Disk 0 Windows XP default MBR code
11:20:24.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 250003 MB offset 63
11:20:24.125 Disk 0 Partition - 00 0F Extended LBA 226925 MB offset 512007615
11:20:24.125 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 226925 MB offset 512007678
11:20:24.140 Disk 0 scanning sectors +976752000
11:20:24.156 Disk 0 malicious Win32:MBRoot code @ sector 976752003 !
11:20:24.187 Disk 0 scanning C:\WINDOWS\system32\drivers
11:20:30.546 Service scanning
11:20:37.593 Modules scanning
11:20:40.015 Disk 0 trace - called modules:
11:20:40.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
11:20:40.015 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac34ab8]
11:20:40.015 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\0000006a[0x8ac7ad08]
11:20:40.015 5 ACPI.sys[b7f7e620] -> nt!IofCallDriver -> \Device\00000068[0x8ac34030]
11:20:40.015 Scan finished successfully
11:21:59.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Dom\Bureau\MBR.dat"
11:21:59.218 The log file has been saved successfully to "C:\Documents and Settings\Dom\Bureau\aswMBR-120403.txt"


Somme de contrôle :

SHA256: 47300afd66bd9a5b12df04e0a47c684e83ab155d77d49d8530ccf9db83b519a8



Adresse du résultat :

https://www.virustotal.com/file/47300af ... 333704284/


Bon, je pense que cette fois j'ai bien fait les choses, ...., enfin j'espère.... :Mouaaarrrrffffffff:


Image

Oups, pour me faire pardonner d'avoir mal lu.....
waloo
 
Messages: 160
Inscription: 10 09 2004

Re: Trojan.DOS.Sinowal!E2

Messagede waloo » 19 04 2012

Bonjour nickW,

As-tu pu voir mon rapport et m'aider à enlever ce rootkit ?

Cordialement,

Waloo
waloo
 
Messages: 160
Inscription: 10 09 2004


Retourner vers RootKit

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 2 invités