[ok] problème de virus ou de trojan indéterminé

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[ok] problème de virus ou de trojan indéterminé

Messagede toutatafr » 06 Oct 2010, 10:52

re-bonjour,

en me relisant, il semblerait que j'ai été infecté par zetscap.dll ?
Est-ce là la source du problème?
Si oui quelqu'un peut-il m'indiquer comment nettoyer mon pc?
Merci

__________________________________________________________________

Bonjour,

Depuis quelques temps j'ai des problèmes avec mon pc.

Les symptômes sont les suivants:
- arrêt de certains services et impossibilité de les redémarrer autrement qu'en redémarrant mon pc
- coupure réseau
- ouverture de site de scan antivirus en ligne
- ouverture de site pornographique
- désactivation du contrôle du volume

Mes actions jusqu'à ce jour sont des scan (après mis à jour) avec:
- spybot
- ccleaner
- antivir
- officescan (antivirus)
- malwarebyte
- regcleaner (pour faire du propre dans la base de registre)

Ces différents scan m'ont ammené à supprimer dlo58.dll estimée comme "nocive" par malwarebyte

Concernant les services:
erreur dans le service "explorateur d'ordinateur" que je n'arrive pas à redémarrer
vérification de bdr HKLM/syst/currentcontrolset/services/browser les valeurs sont correctes
ce service dépend de lanmanWorkstation et lanmanServeur
je ne peux pas démarrer lanmanserveur (service Serveur)

Je poste dans les messages suivants les différents rapports d'analyses qui je l'espère pourront vous aider à m'aider

Merci
toutatafr
 
Messages: 22
Inscription: 06 Oct 2010, 10:24

Messagede toutatafr » 06 Oct 2010, 10:57

Voici un premier log avec OTL

OTL logfile created on: 06/10/2010 11:08:16 - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\jMyName\Bureau
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

994,00 Mb Total Physical Memory | 155,00 Mb Available Physical Memory | 16,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 22,08 Gb Total Space | 4,77 Gb Free Space | 21,62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 29,31 Gb Total Space | 26,33 Gb Free Space | 89,85% Space Free | Partition Type: NTFS
Drive F: | 29,30 Gb Total Space | 28,94 Gb Free Space | 98,77% Space Free | Partition Type: NTFS
Drive G: | 29,30 Gb Total Space | 28,71 Gb Free Space | 97,99% Space Free | Partition Type: NTFS
Drive H: | 39,05 Gb Total Space | 37,46 Gb Free Space | 95,92% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive U: | 23,91 Gb Total Space | 3,65 Gb Free Space | 15,25% Space Free | Partition Type: NTFS
Drive V: | 97,36 Gb Total Space | 34,29 Gb Free Space | 35,22% Space Free | Partition Type: NTFS
Drive W: | 20,60 Gb Total Space | 18,61 Gb Free Space | 90,34% Space Free | Partition Type: NTFS
Drive X: | 931,46 Gb Total Space | 627,49 Gb Free Space | 67,37% Space Free | Partition Type: NTFS
Drive Y: | 53,82 Gb Total Space | 41,19 Gb Free Space | 76,54% Space Free | Partition Type: NTFS
Drive Z: | 19,53 Gb Total Space | 19,09 Gb Free Space | 97,72% Space Free | Partition Type: NTFS

Computer Name: INFO-TO-JG2
Current User Name: jMyName
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 90 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/10/06 10:58:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jMyName\Bureau\OTL.exe
PRC - [2010/08/02 10:04:49 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/08/02 10:04:46 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/11 14:42:00 | 012,979,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
PRC - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/02 11:28:31 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/06/05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/04/13 19:34:04 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/06 15:35:30 | 000,331,776 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\SoftMon.exe
PRC - [2007/11/30 05:37:30 | 000,118,784 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
PRC - [2007/11/30 05:34:14 | 000,983,040 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\amtmon.exe
PRC - [2007/11/30 05:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe
PRC - [2007/11/30 05:22:44 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE
PRC - [2007/11/30 05:09:10 | 000,262,144 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\collector.exe
PRC - [2007/11/30 04:54:56 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\issuser.exe
PRC - [2007/11/30 04:54:12 | 000,258,048 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\LDClient\rcgui.exe
PRC - [2007/11/29 21:32:46 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\LANDesk\Shared Files\residentAgent.exe
PRC - [2007/10/19 12:21:58 | 000,134,656 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\Program Files\USBDLM\USBDLM.exe
PRC - [2007/08/31 07:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) -- C:\WINDOWS\system32\cba\pds.exe
PRC - [2007/07/09 17:03:00 | 000,221,184 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2007/06/07 17:38:14 | 002,521,880 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2007/06/07 17:38:10 | 000,183,064 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/06/07 17:38:00 | 000,109,336 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2007/04/18 19:35:38 | 000,181,792 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2007/04/18 19:32:38 | 000,140,832 | ---- | M] (Infineon Technologies AG) -- C:\WINDOWS\system32\IfxPsdSv.exe
PRC - [2007/02/07 03:30:00 | 000,065,536 | R--- | M] (Cognizance Corporation) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2005/03/16 10:13:26 | 001,044,537 | ---- | M] (Esker S.A.) -- C:\Program Files\TUN\contain\EskCntr.exe
PRC - [2005/03/16 09:45:54 | 000,311,383 | ---- | M] (Esker S.A.) -- C:\Program Files\Esker\Common\ESLCBcst.exe
PRC - [2003/11/02 01:10:42 | 000,105,213 | ---- | M] () -- C:\JBuilderX\bin\JBuilderW.exe


========== Modules (SafeList) ==========

MOD - [2010/10/06 10:58:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jMyName\Bureau\OTL.exe
MOD - [2008/04/13 19:32:04 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2007/03/07 15:03:34 | 000,070,144 | R--- | M] (Bioscrypt Inc.) -- C:\WINDOWS\system32\APSHook.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2010/09/20 18:48:52 | 000,000,007 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\dlo58.dll -- (ilbobbbe)
SRV - [2010/04/01 13:33:19 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 10:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/06/05 11:48:14 | 000,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2008/11/04 01:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008/08/07 12:17:30 | 000,575,488 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/12/06 15:35:30 | 000,331,776 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\softmon.exe -- (Softmon) LANDesk(R)
SRV - [2007/11/30 05:37:30 | 000,118,784 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe -- (LANDesk Policy Invoker)
SRV - [2007/11/30 05:34:14 | 000,983,040 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\amtmon.exe -- (LANDesk(R) Out-of-Band Monitor Service) LANDesk(R)
SRV - [2007/11/30 05:25:18 | 000,192,512 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\tmcsvc.exe -- (Intel Targeted Multicast)
SRV - [2007/11/30 05:22:44 | 000,196,608 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\LocalSch.EXE -- (Intel Local Scheduler Service)
SRV - [2007/11/30 04:54:56 | 000,406,528 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\LDClient\issuser.exe -- (ISSUSER)
SRV - [2007/11/29 21:32:46 | 000,155,648 | ---- | M] (LANDesk Software, Ltd.) [Auto | Running] -- C:\Program Files\LANDesk\Shared Files\residentagent.exe -- (CBA8) LANDesk(R)
SRV - [2007/10/19 12:21:58 | 000,134,656 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) [Auto | Running] -- C:\Program Files\USBDLM\USBDLM.exe -- (USBDLM)
SRV - [2007/08/31 07:13:00 | 000,032,819 | ---- | M] (LANDesk Software Ltd.) [Auto | Running] -- C:\WINDOWS\system32\cba\pds.exe -- (Intel PDS)
SRV - [2007/07/09 17:03:00 | 000,221,184 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2007/06/07 17:38:14 | 002,521,880 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS) Intel(R)
SRV - [2007/06/07 17:38:10 | 000,183,064 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel(R)
SRV - [2007/06/07 17:38:00 | 000,109,336 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2007/04/18 19:32:38 | 000,140,832 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\WINDOWS\system32\IfxPsdSv.exe -- (PersonalSecureDriveService)
SRV - [2007/02/07 03:30:00 | 000,074,240 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/06/22 07:14:00 | 000,131,584 | R--- | M] (Cognizance Corporation) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2006/02/24 12:00:00 | 000,106,496 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\awhost32.exe -- (awhost32)
SRV - [2006/02/20 14:07:11 | 002,041,536 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2005/03/16 09:45:54 | 000,311,383 | ---- | M] (Esker S.A.) [Auto | Running] -- C:\Program Files\Esker\Common\ESLCBcst.exe -- (EskerLicenseControl)


========== Driver Services (SafeList) ==========

DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 12:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/11/05 17:35:14 | 000,142,096 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/06/06 10:24:44 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/05/07 08:38:36 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/05/07 08:38:20 | 000,020,864 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/05/07 08:38:20 | 000,017,536 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/04/13 11:53:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 09:36:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/14 16:22:58 | 000,013,184 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2007/06/13 17:53:48 | 000,005,808 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2007/06/13 17:53:28 | 000,101,167 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2007/06/05 17:48:58 | 005,761,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2007/05/30 16:23:04 | 000,011,904 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldblank.sys -- (ldblank)
DRV - [2007/05/30 16:23:04 | 000,003,712 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mirrorflt.sys -- (mirrorflt)
DRV - [2007/05/30 16:23:04 | 000,003,328 | ---- | M] (LANDesk Software, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ldmirror.sys -- (ldmirror)
DRV - [2007/05/24 16:50:26 | 000,306,688 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/05/11 21:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2007/04/18 19:32:14 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2007/04/18 19:06:08 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2007/04/13 15:33:34 | 000,254,872 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1e5132.sys -- (e1express) Intel(R)
DRV - [2007/03/21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2006/10/09 13:31:46 | 000,044,720 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2005/11/21 13:42:08 | 000,011,008 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AW_HOST5.sys -- (AW_HOST)
DRV - [2005/10/10 14:09:38 | 000,007,552 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\awechomd.sys -- (awecho)
DRV - [2004/08/04 02:29:50 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2004/08/04 02:29:48 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2004/08/04 02:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2004/08/04 02:29:46 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2004/08/04 02:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2004/08/04 02:29:44 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2004/08/04 02:29:44 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2004/08/04 02:29:42 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2004/08/04 02:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2004/08/04 02:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2004/08/04 02:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2004/08/04 02:29:38 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2004/08/04 02:29:38 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2004/08/04 02:29:38 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2004/08/04 02:29:38 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2003/11/17 18:06:48 | 000,011,165 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\awlegacy.sys -- (awlegacy)
DRV - [2003/04/21 13:00:32 | 000,013,898 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.sys -- (Gernuwa)
DRV - [2002/09/16 18:07:24 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2002/05/09 02:44:42 | 000,105,472 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2002/04/04 07:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symmpi.sys -- (Symmpi)
DRV - [2001/08/18 07:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/18 07:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/18 07:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/18 07:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/18 06:47:42 | 000,023,424 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\zvukxfus.sys -- (zvukxfus)
DRV - [2001/08/18 00:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Service d'installation du pilote audio Intel(r) 82801 (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-21-765751392-255617765-1648912389-1361\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet
IE - HKU\S-1-5-21-765751392-255617765-1648912389-1361\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://intranet
IE - HKU\S-1-5-21-765751392-255617765-1648912389-1361\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "https://172.18.2.8:4100//|chrome://fastdial/content/fastdial.html"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:2.23b2
FF - prefs.js..extensions.enabledItems: {de1b245c-de57-11da-ba2d-0050c2490048}:1.0.8

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/14 14:26:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/06 17:06:38 | 000,000,000 | ---D | M]

[2010/06/14 09:15:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jMyName\Application Data\Mozilla\Extensions
[2010/10/05 11:12:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jMyName\Application Data\Mozilla\Firefox\Profiles\cc12w2xh.default\extensions
[2010/08/06 11:29:31 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Documents and Settings\jMyName\Application Data\Mozilla\Firefox\Profiles\cc12w2xh.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2010/08/03 10:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jMyName\Application Data\Mozilla\Firefox\Profiles\cc12w2xh.default\extensions\fastdial@telega.phpnet.us
[2010/10/05 11:12:11 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/30 05:52:16 | 000,053,248 | ---- | M] (LANDesk Software, Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npiexec.dll
[2010/08/02 10:04:51 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/08/02 10:04:51 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/08/02 10:04:51 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/08/02 10:04:51 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/08/02 10:04:51 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2010/10/04 13:34:47 | 000,420,765 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 172.17.2.110 vserie_tno
O1 - Hosts: 172.20.2.150 vserie_tpo
O1 - Hosts: 172.18.2.101 as400
O1 - Hosts: 172.16.1.171 startus_6500
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 14510 more lines...
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: () - {7726D850-5F6E-4704-AD82-6C6F57245516} - C:\WINDOWS\System32\dlo58.dll ()
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [JobHisInit] C:\Program Files\RDS\RMClient\JobHisInit.exe ()
O4 - HKLM..\Run: [MplSetUp] C:\Program Files\RDS\RMClient\MplSetUp.exe (RICOH CO.,LTD.)
O4 - HKU\S-1-5-21-765751392-255617765-1648912389-1361..\Run: [ccleaner] C:\Program Files\CCleaner\ccleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-765751392-255617765-1648912389-1361..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10i_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\jMyName\Menu Démarrer\Programmes\Démarrage\firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O4 - Startup: C:\Documents and Settings\jMyName\Menu Démarrer\Programmes\Démarrage\OutLook.lnk = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\tpojMyName\Menu Démarrer\Programmes\Démarrage\Outlook.lnk = C:\WINDOWS\Installer\{90120000-0012-0000-0000-0000000FF1CE}\outicon.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-765751392-255617765-1648912389-1361\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-765751392-255617765-1648912389-1361\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKU\S-1-5-21-765751392-255617765-1648912389-1361\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_17.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([https] in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range2 ([http] in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range3 ([http] in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range4 ([http] in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([https] in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range2 ([http] in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range3 ([http] in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range4 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-765751392-255617765-1648912389-1361\..Trusted Ranges: Range1 ([https] in Trusted sites)
O15 - HKU\S-1-5-21-765751392-255617765-1648912389-1361\..Trusted Ranges: Range2 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-765751392-255617765-1648912389-1361\..Trusted Ranges: Range3 ([http] in Trusted sites)
O15 - HKU\S-1-5-21-765751392-255617765-1648912389-1361\..Trusted Ranges: Range4 ([http] in Trusted sites)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdat ... /opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.2.122 172.16.2.123
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = t-n.fr
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\APSHook.dll) - C:\WINDOWS\system32\APSHook.dll (Bioscrypt Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\PCANotify: DllName - PCANotify.dll - C:\WINDOWS\System32\PCANotify.dll (Symantec Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\jMyName\Mes documents\Mes images\Palenke.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jMyName\Mes documents\Mes images\Palenke.bmp
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: ilbobbbe - C:\WINDOWS\System32\dlo58.dll ()
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (69537929998893056)

========== Files/Folders - Created Within 90 Days ==========

[2010/10/06 10:59:44 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\jMyName\Bureau\erunt-setup.exe
[2010/10/06 10:58:24 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jMyName\Bureau\OTL.exe
[2010/10/05 09:21:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\jMyName\Recent
[2010/09/29 14:22:16 | 000,954,029 | ---- | C] ( ) -- C:\Documents and Settings\jMyName\Bureau\patch jbuilder x.exe
[2010/09/28 16:37:06 | 000,000,000 | ---D | C] -- C:\test
[2010/09/27 10:50:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/09/27 10:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/27 09:47:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jMyName\Application Data\Avira
[2010/09/27 09:34:17 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010/09/21 09:11:32 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2010/09/21 09:11:30 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2010/09/21 09:11:30 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2010/09/21 09:11:30 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2010/09/21 09:11:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2010/09/20 15:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/09/20 15:23:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2010/09/20 10:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/09/16 11:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jMyName\SunONE
[2010/09/15 10:07:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/15 09:27:59 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spoolsv.exe
[2010/09/15 09:27:58 | 000,293,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsrv.dll
[2010/09/15 09:27:52 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\usp10.dll
[2010/09/14 17:47:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/14 16:42:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/14 16:40:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/14 16:40:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/14 16:40:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/14 16:40:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/14 16:39:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/14 16:39:10 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/14 13:55:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jMyName\Application Data\Malwarebytes
[2010/09/14 10:15:09 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\VB6STKIT.DLL
[2010/09/14 10:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Terminaux de Normandie
[2010/09/14 09:33:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Documents\Server
[2010/09/06 11:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2010/09/01 01:00:41 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\helpsvc.exe
[2010/08/27 18:21:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jMyName\Bureau\pixBene_bmp
[2010/07/15 15:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jMyName\Bureau\books
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/06 11:04:55 | 000,000,383 | ---- | M] () -- C:\Documents and Settings\jMyName\Bureau\scan.zip
[2010/10/06 11:00:00 | 000,005,024 | ---- | M] () -- C:\Documents and Settings\jMyName\Bureau\erunt-loc_fr.zip
[2010/10/06 10:59:44 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\jMyName\NTUSER.DAT
[2010/10/06 10:59:44 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\jMyName\Bureau\erunt-setup.exe
[2010/10/06 10:58:24 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jMyName\Bureau\OTL.exe
[2010/10/06 09:38:45 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/10/06 09:25:48 | 000,421,287 | ---- | M] () -- C:\Documents and Settings\jMyName\Bureau\20101006092452317.pdf
[2010/10/06 00:16:30 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\sauvegardeJAVA_info-po-srvsoge_integrale.job
[2010/10/06 00:07:56 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\sauvegardeJAVA_info-co-data_integral.job
[2010/10/06 00:06:06 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\sauvegarde_S88.job
[2010/10/05 13:46:17 | 000,185,203 | ---- | M] () -- C:\Documents and Settings\jMyName\Bureau\10-09-15_pre_disp.c
[2010/10/05 13:45:38 | 000,180,234 | ---- | M] () -- C:\Documents and Settings\jMyName\Bureau\pre_disp.c
[2010/10/05 13:44:41 | 000,000,586 | ---- | M] () -- C:\Documents and Settings\jMyName\Bureau\CommunInfo$ sur info-co-data.lnk
[2010/10/05 09:21:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/10/05 09:19:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/10/05 00:16:49 | 000,000,184 | -HS- | M] () -- C:\Documents and Settings\jMyName\ntuser.ini
[2010/10/04 15:27:34 | 000,001,210 | -H-- | M] () -- C:\Documents and Settings\jMyName\Mes documents\Default.rdp
[2010/10/04 13:34:47 | 000,420,765 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/10/04 12:30:52 | 000,296,658 | ---- | M] () -- C:\Documents and Settings\jMyName\Mes documents\cc_20101004_123041.reg
[2010/10/04 12:23:23 | 000,024,834 | ---- | M] () -- C:\Documents and Settings\jMyName\Mes documents\http.docx
[2010/10/04 10:53:32 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\jMyName\Bureau\stop_maj.bat
[2010/10/04 09:15:49 | 001,085,028 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/10/04 09:15:49 | 000,513,498 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2010/10/04 09:15:49 | 000,444,164 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/10/04 09:15:49 | 000,085,644 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2010/10/04 09:15:49 | 000,072,040 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/10/04 02:00:03 | 000,000,224 | ---- | M] () -- C:\WINDOWS\tasks\close_outlook.job
[2010/10/01 16:33:14 | 000,001,632 | RHS- | M] () -- C:\Documents and Settings\jMyName\ntuser.pol
[2010/09/29 16:42:41 | 000,201,619 | ---- | M] () -- C:\Documents and Settings\jMyName\Bureau\mer_pcna.c
[2010/09/29 14:22:16 | 000,954,029 | ---- | M] ( ) -- C:\Documents and Settings\jMyName\Bureau\patch jbuilder x.exe
[2010/09/28 15:31:58 | 001,601,536 | ---- | M] () -- C:\Documents and Settings\jMyName\Bureau\RD_QUESTIONNAIRE.doc
[2010/09/24 15:34:14 | 000,349,372 | ---- | M] () -- C:\Documents and Settings\jMyName\Bureau\AMQ-CRV-BASI-BASE.pdf
[2010/09/22 10:38:35 | 000,011,749 | ---- | M] () -- C:\Documents and Settings\jMyName\Bureau\Création.docx
[2010/09/21 08:09:39 | 000,013,437 | ---- | M] () -- C:\WINDOWS\cfgall.ini
[2010/09/20 18:48:52 | 000,000,007 | ---- | M] () -- C:\WINDOWS\System32\dlo58.dll
[2010/09/20 18:04:22 | 000,419,529 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20101004-133447.backup
[2010/09/20 15:42:45 | 000,680,350 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/09/20 09:47:55 | 000,419,529 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100920-180422.backup
[2010/09/20 09:44:53 | 000,000,924 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100920-094755.backup
[2010/09/15 14:08:12 | 000,000,623 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/09/15 14:08:12 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2010/09/15 14:08:12 | 000,000,256 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/14 10:12:56 | 000,000,202 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/09/07 17:50:19 | 000,000,554 | ---- | M] () -- C:\Documents and Settings\jMyName\Bureau\Lumberjack.lnk
[2010/09/07 13:34:52 | 000,029,648 | ---- | M] () -- C:\Documents and Settings\jMyName\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/09/06 18:28:49 | 000,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/03 16:45:47 | 001,263,406 | ---- | M] () -- C:\Documents and Settings\jMyName\Bureau\T1_RTCORBA_Giddings.pdf
[2010/08/18 14:51:48 | 000,000,526 | ---- | M] () -- C:\Documents and Settings\jMyName\Bureau\V-AsieNoir.lnk
[2010/08/17 15:17:06 | 000,058,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\spoolsv.exe
[2010/08/09 15:08:25 | 000,416,399 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20100906-110516.backup
[2010/08/02 10:39:08 | 000,416,426 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts-old
[2010/07/27 08:30:01 | 008,518,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shell32.dll
[2010/07/22 17:48:57 | 000,590,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcrt4.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/06 11:04:55 | 000,000,383 | ---- | C] () -- C:\Documents and Settings\jMyName\Bureau\scan.zip
[2010/10/06 11:00:00 | 000,005,024 | ---- | C] () -- C:\Documents and Settings\jMyName\Bureau\erunt-loc_fr.zip
[2010/10/06 09:25:48 | 000,421,287 | ---- | C] () -- C:\Documents and Settings\jMyName\Bureau\20101006092452317.pdf
[2010/10/05 13:46:17 | 000,185,203 | ---- | C] () -- C:\Documents and Settings\jMyName\Bureau\10-09-15_pre_disp.c
[2010/10/05 13:45:38 | 000,180,234 | ---- | C] () -- C:\Documents and Settings\jMyName\Bureau\pre_disp.c
[2010/10/04 12:30:45 | 000,296,658 | ---- | C] () -- C:\Documents and Settings\jMyName\Mes documents\cc_20101004_123041.reg
[2010/10/04 12:23:19 | 000,024,834 | ---- | C] () -- C:\Documents and Settings\jMyName\Mes documents\http.docx
[2010/10/04 10:53:03 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\jMyName\Bureau\stop_maj.bat
[2010/09/29 16:42:41 | 000,201,619 | ---- | C] () -- C:\Documents and Settings\jMyName\Bureau\mer_pcna.c
[2010/09/28 14:43:05 | 001,601,536 | ---- | C] () -- C:\Documents and Settings\jMyName\Bureau\RD_QUESTIONNAIRE.doc
[2010/09/27 16:04:26 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\sauvegarde_S88.job
[2010/09/27 13:43:34 | 000,000,272 | ---- | C] () -- C:\WINDOWS\tasks\sauvegardeJAVA_info-po-srvsoge_integrale.job
[2010/09/27 13:42:02 | 000,000,264 | ---- | C] () -- C:\WINDOWS\tasks\sauvegardeJAVA_info-co-data_integral.job
[2010/09/24 15:19:27 | 000,349,372 | ---- | C] () -- C:\Documents and Settings\jMyName\Bureau\AMQ-CRV-BASI-BASE.pdf
[2010/09/22 09:26:52 | 000,011,749 | ---- | C] () -- C:\Documents and Settings\jMyName\Bureau\Création.docx
[2010/09/20 18:41:25 | 000,000,007 | ---- | C] () -- C:\WINDOWS\System32\dlo58.dll
[2010/09/20 15:42:35 | 000,680,350 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2010/09/15 14:06:51 | 000,000,852 | ---- | C] () -- C:\Documents and Settings\jMyName\Menu Démarrer\Programmes\Démarrage\OutLook.lnk
[2010/09/15 14:06:51 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\jMyName\Menu Démarrer\Programmes\Démarrage\firefox.lnk
[2010/09/14 16:43:03 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2010/09/14 16:42:59 | 000,263,488 | RHS- | C] () -- C:\cmldr
[2010/09/14 16:40:19 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/14 16:40:19 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/14 16:40:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/14 16:40:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/14 16:40:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/14 10:46:25 | 000,004,834 | ---- | C] () -- C:\Documents and Settings\jMyName\Local Settings\Application Data\7726D850-5F6E-4704-AD82-6C6F57245516.txt
[2010/09/14 10:46:05 | 000,003,998 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\7726D850-5F6E-4704-AD82-6C6F57245516.txt
[2010/09/14 10:12:54 | 000,000,202 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/03 16:45:43 | 001,263,406 | ---- | C] () -- C:\Documents and Settings\jMyName\Bureau\T1_RTCORBA_Giddings.pdf
[2010/08/18 14:51:48 | 000,000,526 | ---- | C] () -- C:\Documents and Settings\jMyName\Bureau\V-AsieNoir.lnk
[2010/07/06 14:12:06 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\jMyName\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/08 15:17:32 | 000,000,326 | ---- | C] () -- C:\WINDOWS\SWWATER.INI
[2009/11/20 17:58:39 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\RPCS.ini
[2009/11/20 17:57:39 | 000,048,632 | ---- | C] () -- C:\WINDOWS\RicDB.ini
[2009/11/20 17:57:05 | 000,000,226 | ---- | C] () -- C:\WINDOWS\PMJobCli.ini
[2009/11/20 17:57:03 | 000,012,309 | ---- | C] () -- C:\WINDOWS\PMRicMb.ini
[2009/11/20 17:57:03 | 000,007,873 | ---- | C] () -- C:\WINDOWS\PMRicPMb.ini
[2009/11/20 17:57:03 | 000,005,390 | ---- | C] () -- C:\WINDOWS\PMPrtMb.ini
[2009/11/20 17:57:03 | 000,004,644 | ---- | C] () -- C:\WINDOWS\PMRicFMb.ini
[2009/11/20 17:57:03 | 000,003,149 | ---- | C] () -- C:\WINDOWS\PMDvPrn.ini
[2009/11/20 17:57:03 | 000,002,102 | ---- | C] () -- C:\WINDOWS\PMDvDev.ini
[2009/11/20 17:57:03 | 000,002,047 | ---- | C] () -- C:\WINDOWS\PMDIOMb.ini
[2009/11/20 17:57:03 | 000,002,036 | ---- | C] () -- C:\WINDOWS\PMHostMb.ini
[2009/11/20 17:57:03 | 000,001,885 | ---- | C] () -- C:\WINDOWS\PMPSIOMb.ini
[2009/11/20 17:57:03 | 000,001,727 | ---- | C] () -- C:\WINDOWS\PMRicSMb.ini
[2009/11/20 17:57:03 | 000,001,706 | ---- | C] () -- C:\WINDOWS\PMRicCMb.ini
[2009/11/20 17:57:03 | 000,001,494 | ---- | C] () -- C:\WINDOWS\PMMib2Mb.ini
[2009/11/20 17:57:03 | 000,001,168 | ---- | C] () -- C:\WINDOWS\PMDvFax.ini
[2009/11/20 17:57:03 | 000,001,143 | ---- | C] () -- C:\WINDOWS\PMDPIMb.ini
[2009/11/20 17:57:03 | 000,001,094 | ---- | C] () -- C:\WINDOWS\PMAxsMb.ini
[2009/11/20 17:57:03 | 000,000,842 | ---- | C] () -- C:\WINDOWS\PMDvScan.ini
[2009/11/20 17:57:03 | 000,000,423 | ---- | C] () -- C:\WINDOWS\PMDvCopy.ini
[2009/11/20 17:57:03 | 000,000,332 | ---- | C] () -- C:\WINDOWS\PMSnmpMb.ini
[2009/11/20 17:56:56 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\rtcpf.dll
[2009/11/20 17:56:56 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RLPR.dll
[2009/11/20 17:56:55 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\rpnv2ui.dll
[2009/11/20 17:56:51 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\PMObservps.dll
[2009/11/19 18:18:07 | 000,008,610 | ---- | C] () -- C:\WINDOWS\lmpcl2a.ini
[2009/11/16 18:32:25 | 000,002,692 | ---- | C] () -- C:\Documents and Settings\jMyName\Application Data\NMM-MetaData.db
[2009/11/16 17:55:26 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\jMyName\Local Settings\Application Data\fusioncache.dat
[2008/09/08 14:33:11 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/07/31 11:04:16 | 000,000,440 | ---- | C] () -- C:\WINDOWS\OPPN.INI
[2008/07/30 17:48:14 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\eSTsnmp.dll
[2008/07/30 07:42:12 | 000,000,813 | ---- | C] () -- C:\WINDOWS\WINHLP32.INI
[2008/07/30 03:36:09 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4837.dll
[2008/07/30 03:21:39 | 000,000,991 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/07/29 19:53:38 | 000,013,437 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2008/07/29 19:02:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/07/29 18:50:28 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2008/07/29 18:50:28 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2008/07/29 18:50:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2008/07/29 18:50:28 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2008/07/29 18:50:28 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2008/07/29 18:50:28 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/06/13 17:53:28 | 000,101,167 | ---- | C] () -- C:\WINDOWS\System32\drivers\SafeBoot.sys
[2007/03/30 00:00:40 | 000,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2004/10/06 20:21:45 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\ODMA32.dll
[2001/08/07 19:00:24 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HPNVRRes.dll
[2000/04/14 16:50:02 | 000,343,040 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[1998/06/11 14:08:06 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll

========== LOP Check ==========

[2008/07/29 18:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Infineon
[2008/07/29 18:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur.TN400\Application Data\Infineon
[2008/07/29 18:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Infineon
[2008/07/29 18:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Infineon
[2008/12/19 17:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008/07/29 19:52:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LANDesk
[2010/07/02 17:00:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Okidata
[2009/01/02 17:28:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2008/07/30 15:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Starbase
[2010/09/20 16:37:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/29 19:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vulScan
[2009/06/30 09:33:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/07/29 18:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Infineon
[2010/05/19 09:25:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jMyName\Application Data\Autodesk
[2010/07/08 11:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jMyName\Application Data\FileZilla
[2010/02/16 13:37:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jMyName\Application Data\FMZilla
[2008/07/29 18:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jMyName\Application Data\Infineon
[2009/11/16 18:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jMyName\Application Data\Nokia
[2009/11/16 18:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jMyName\Application Data\OfficeUpdate12
[2009/11/16 18:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jMyName\Application Data\Opera
[2009/11/16 18:32:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jMyName\Application Data\PC Suite
[2009/11/16 18:32:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jMyName\Application Data\Starbase
[2010/02/24 12:13:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jMyName\Application Data\Windows Search
[2008/09/29 15:56:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tpojMyName\Application Data\ACD Systems
[2009/09/04 12:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tpojMyName\Application Data\Dossier de téléchargement Share-to-Web
[2009/10/23 15:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tpojMyName\Application Data\FileZilla
[2008/12/31 17:21:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tpojMyName\Application Data\FMZilla
[2008/07/29 18:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tpojMyName\Application Data\Infineon
[2009/01/02 17:48:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tpojMyName\Application Data\Nokia
[2009/04/09 12:14:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tpojMyName\Application Data\OfficeUpdate12
[2009/10/12 11:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tpojMyName\Application Data\Opera
[2008/12/15 11:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tpojMyName\Application Data\PC Suite
[2008/07/30 15:30:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\tpojMyName\Application Data\Starbase
[2010/10/04 02:00:03 | 000,000,224 | ---- | M] () -- C:\WINDOWS\Tasks\close_outlook.job
[2010/10/06 00:07:56 | 000,000,264 | ---- | M] () -- C:\WINDOWS\Tasks\sauvegardeJAVA_info-co-data_integral.job
[2010/10/06 00:16:30 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\sauvegardeJAVA_info-po-srvsoge_integrale.job
[2010/10/06 00:06:06 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\sauvegarde_S88.job

========== Purity Check ==========



========== Custom Scans ==========


<SYSTEMDRIVE>


<MD5>
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\i386\sp2.cab:AGP440.sys
[2006/03/02 09:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 11:36:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

<MD5>
[2006/03/02 14:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\i386\sp2.cab:atapi.sys
[2006/03/02 09:00:00 | 018,782,711 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/13 19:47:24 | 020,102,028 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 11:40:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 07:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys

<MD5>
[2004/08/20 01:09:26 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=49B1376885340BF9EA0D99F71557B59A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/13 19:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 19:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 19:33:26 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

<MD5>
[2007/03/21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Compaq\MSD\IaStor.sys
[2007/03/21 14:58:56 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\WINDOWS\system32\drivers\iaStor.sys

<MD5>
[2008/04/13 19:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 19:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 19:33:36 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/20 01:09:38 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D4CFAC76926C24E32B7F25A35C31BC6E -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

<MD5>
[2004/08/20 01:09:40 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=58D439F6EF73A2D9288B204E819F4BBD -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 19:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 19:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 19:33:42 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

<systemroot>

<systemroot>
[2010/09/20 18:48:52 | 000,000,007 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\System32\dlo58.dll
[6 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

<systemroot>

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
<End>
toutatafr
 
Messages: 22
Inscription: 06 Oct 2010, 10:24

Messagede toutatafr » 06 Oct 2010, 11:02

Voici plusieurs log Malwarebytes' Anti-Malware:
Sur le dernier rapport, la clé (NoDispScrSavPage) du registre avait été modifiée par moi.
___________________________________________________________________________

Malwarebytes' Anti-Malware 1.39
Database version: 2447
Windows 5.1.2600 Service Pack 3

14/09/2010 14:17:45
mbam-log-2010-09-14 (14-17-45).txt

Scan type: Quick Scan
Objects scanned: 116463
Time elapsed: 4 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\zvukxfus (Rootkit.Agent.Z) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\zvukxfus (Rootkit.Agent.Z) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zvukxfus (Rootkit.Agent.Z) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\windows\system32\drivers\zvukxfus.sys (Rootkit.Agent.Z) -> Quarantined and deleted successfully.

_______________________________________________________________________________________


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4613

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

15/09/2010 14:53:09
mbam-log-2010-09-15 (14-53-09).txt

Scan type: Quick scan
Objects scanned: 173711
Time elapsed: 4 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\zvukxfus (Rootkit.Agent.BO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\OTGV1DNWQQ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\YXE7DXCQ37 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\shell (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\zvukxfus.sys (Rootkit.Agent.BO) -> Quarantined and deleted successfully.

___________________________________________________________________________________________

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4655

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

20/09/2010 11:18:32
mbam-log-2010-09-20 (11-18-32).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|H:\|)
Objects scanned: 289713
Time elapsed: 1 hour(s), 0 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

________________________________________________________________________________

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4738

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

04/10/2010 12:21:16
mbam-log-2010-10-04 (12-21-16).txt

Scan type: Full scan (C:\|E:\|F:\|G:\|H:\|)
Objects scanned: 300634
Time elapsed: 51 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\All Users\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
toutatafr
 
Messages: 22
Inscription: 06 Oct 2010, 10:24

Messagede toutatafr » 06 Oct 2010, 11:04

Voici maintenant les log de hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:51:30, on 06/10/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\LANDesk\Shared Files\residentagent.exe
C:\Program Files\Esker\Common\ESLCBcst.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\LANDesk\LDClient\LocalSch.EXE
C:\WINDOWS\system32\CBA\pds.exe
C:\Program Files\LANDesk\LDClient\tmcsvc.exe
C:\PROGRA~1\LANDesk\LDClient\issuser.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
C:\Program Files\LANDesk\LDClient\amtmon.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\LANDesk\LDClient\softmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\PROGRA~1\LANDesk\LDClient\collector.exe
C:\Program Files\USBDLM\USBDLM.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\PROGRA~1\LANDesk\LDClient\rcgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
c:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\PROGRA~1\TUN\contain\EskCntr.exe
C:\PROGRA~1\TUN\contain\EskCntr.exe
C:\PROGRA~1\TUN\contain\EskCntr.exe
C:\PROGRA~1\TUN\contain\EskCntr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\JBuilderX\bin\JBuilderW.exe
C:\PROGRA~1\TUN\contain\EskCntr.exe
C:\PROGRA~1\TUN\contain\EskCntr.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MICROS~2\Office12\OUTLOOK.EXE
C:\Program_Files\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://intranet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 172.17.2.110 vserie_tno
O1 - Hosts: 172.20.2.150 vserie_tpo
O1 - Hosts: 172.18.2.101 as400
O1 - Hosts: 172.16.1.171 startus_6500
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7726D850-5F6E-4704-AD82-6C6F57245516} - c:\windows\system32\dlo58.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [MplSetUp] C:\Program Files\RDS\RMClient\MplSetUp.exe
O4 - HKLM\..\Run: [JobHisInit] C:\Program Files\RDS\RMClient\JobHisInit.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10i_Plugin.exe -update plugin
O4 - Startup: firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe
O4 - Startup: OutLook.lnk = C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted IP range: http://172.20.201.1
O15 - Trusted IP range: http://172.20.201.2
O15 - Trusted IP range: http://172.20.201.3
O15 - ESC Trusted Zone: http://runonce.msn.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = t-n.fr
O17 - HKLM\Software\..\Telephony: DomainName = t-n.fr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = t-n.fr
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = t-n.fr
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Symantec pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: LANDesk(R) Management Agent (CBA8) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\Shared Files\residentagent.exe
O23 - Service: Esker License Control (EskerLicenseControl) - Esker S.A. - C:\Program Files\Esker\Common\ESLCBcst.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe
O23 - Service: Intel Local Scheduler Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\LocalSch.EXE
O23 - Service: Intel PDS - LANDesk Software Ltd. - C:\WINDOWS\system32\CBA\pds.exe
O23 - Service: Multicast LANDesk ciblÚ (Intel Targeted Multicast) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\tmcsvc.exe
O23 - Service: Service de contr¶le Ó distance LANDesk (ISSUSER) - LANDesk Software, Ltd. - C:\PROGRA~1\LANDesk\LDClient\issuser.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LANDesk Policy Invoker - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\policy.client.invoker.exe
O23 - Service: LANDesk(R) Out-of-Band Monitor Service - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\amtmon.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: Personal Secure Drive service for encrypted drives (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: LANDesk(R) Software Monitoring Service (Softmon) - LANDesk Software, Ltd. - C:\Program Files\LANDesk\LDClient\softmon.exe
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: USBDLM - Uwe Sieber - www.uwe-sieber.de - C:\Program Files\USBDLM\USBDLM.exe

--
End of file - 9134 bytes
toutatafr
 
Messages: 22
Inscription: 06 Oct 2010, 10:24

Messagede toutatafr » 06 Oct 2010, 11:23

quelques log antivir:

24/09/2010

Virus or unwanted program 'TR/Spy.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\zetscap.dll.
Action performed: Allow access
______________________________________________________

Virus or unwanted program 'TR/Spy.Gen [trojan]'
detected in file 'C:\WINDOWS\system32\zetscap.dll.
Action performed: Deny access
_______________________________________________________

The file 'C:\WINDOWS\system32\zetscap.dll'
contained a virus or unwanted program 'TR/Spy.Gen' [trojan]
Action(s) taken:
The registration entry <HKEY_LOCAL_MACHINE> was removed successfully.
The registration entry <HKEY_LOCAL_MACHINE> was removed successfully.
The file was deleted!
__________________________________________________________



04/10/2010

Virus or unwanted program 'HTML/Infected.WebPage.Gen [virus]'
detected in file 'C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\TPW77AOW\gzip_test[1].htm.
Action performed: Deny access
________________________________________________________________


06/10/2010

Virus or unwanted program 'HTML/Infected.WebPage.Gen [virus]'
detected in file 'C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\EWAT7D0L\gzip_test[1].htm.
Action performed: Deny access
toutatafr
 
Messages: 22
Inscription: 06 Oct 2010, 10:24

Messagede nickW » 07 Oct 2010, 00:48

Bonsoir,

Question préliminaire:

Qui t'a demandé d'utiliser ComboFix?

Quel en a été le résultat?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede toutatafr » 07 Oct 2010, 09:45

QUI? personne en particulier! Cela devait être conseillé sur un forum. Pourquoi c'est mal ? :wink:

voici les log:

ComboFix 10-09-13.02 - Administrateur 14/09/2010 16:53:19.1.2 - x86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.994.456 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur.TN400\Mes documents\Téléchargements\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\tpojMy_Name\Application Data\Dossier de téléchargement Share-to-Web

----- BITS: Il y a peut-être des sites infectés -----

hxxp://info-co-wsus
c:\windows\system32\drivers\SafeBoot.sys . . . est infecté!! . . . Impossible de trouver un substitut valide.
Une copie infectée de c:\windows\system32\winlogon.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\winlogon.exe

Une copie infectée de c:\windows\explorer.exe a été trouvée et désinfectée
Copie restaurée à partir de - c:\windows\ServicePackFiles\i386\explorer.exe

.
((((((((((((((((((((((((((((( Fichiers créés du 2010-08-14 au 2010-09-14 ))))))))))))))))))))))))))))))))))))
.

2010-09-14 12:26 . 2010-09-14 12:26 -------- d-----w- c:\documents and settings\Administrateur.TN400\Local Settings\Application Data\Mozilla
2010-09-14 12:24 . 2010-09-14 12:24 -------- d-----w- c:\documents and settings\Administrateur.TN400\Application Data\Malwarebytes
2010-09-14 11:55 . 2010-09-14 11:55 -------- d-----w- c:\documents and settings\jMy_Name\Application Data\Malwarebytes
2010-09-14 08:15 . 2000-07-14 22:00 101888 ----a-w- c:\windows\system32\VB6STKIT.DLL
2010-09-14 08:15 . 2010-09-14 08:15 -------- d-----w- c:\program files\Terminaux de Normandie
2010-09-14 07:36 . 2010-09-14 07:36 183808 ----a-w- c:\windows\Ilutya.exe
2010-09-06 09:51 . 2010-09-06 09:51 -------- d-----w- c:\program files\Recuva
2010-08-31 23:00 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-14 12:52 . 2009-07-17 07:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-14 12:17 . 2008-07-30 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-14 07:46 . 2010-09-14 07:46 0 ----a-w- c:\windows\system32\dlo58.tmp
2010-09-07 11:34 . 2009-11-16 16:17 29648 ----a-w- c:\documents and settings\jMy_Name\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-06 10:06 . 2008-07-30 05:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-06 10:05 . 2008-07-30 05:31 -------- d-----w- c:\program files\Microsoft Works
2010-09-03 10:03 . 2006-05-08 16:33 85644 ----a-w- c:\windows\system32\perfc00C.dat
2010-09-03 10:03 . 2006-05-08 16:33 513498 ----a-w- c:\windows\system32\perfh00C.dat
2010-08-10 06:57 . 2010-05-19 08:29 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-08-02 08:35 . 2008-07-31 07:21 -------- d-----w- c:\program files\CCleaner
2010-06-30 12:32 . 2004-08-19 23:09 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:17 . 2004-08-19 23:09 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:17 . 2004-08-19 23:09 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:17 . 2004-08-19 23:09 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-24 09:02 . 2004-08-19 23:00 1852032 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2004-08-04 06:14 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2004-08-19 23:09 80384 ----a-w- c:\windows\system32\iccvid.dll
2006-05-03 10:06 . 2010-01-04 08:44 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2010-01-04 08:44 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 . 2010-01-04 08:44 216064 --sh--r- c:\windows\system32\nbDX.dll
.
Code: Tout sélectionner
<pre>
c:\program files\Crystal Reports pour Borland JBuilder\UninstallerData\Désinstallation de Crystal Reports pour Borland JBuilder .exe
</pre>


((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-13 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-13 162584]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-07 408344]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-04-18 677408]
"JobHisInit"="c:\program files\RDS\RMClient\JobHisInit.exe" [2005-11-01 151552]
"MplSetUp"="c:\program files\RDS\RMClient\MplSetUp.exe" [2005-06-01 40960]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\jMy_Name\Menu D‚marrer\Programmes\D‚marrage\
firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2010-6-14 910296]
OutLook.lnk - c:\program files\Microsoft Office\Office12\OUTLOOK.EXE [2010-5-20 12978544]

c:\documents and settings\tpojMy_Name\Menu D‚marrer\Programmes\D‚marrage\
Outlook.lnk - c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\outicon.exe [2008-7-30 845584]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2006-02-24 10:00 8704 ----a-w- c:\windows\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli

[HKLM\~\startupfolder\C:^Documents and Settings^tpojMy_Name^Menu Démarrer^Programmes^Démarrage^CCleaner.lnk]
path=c:\documents and settings\tpojMy_Name\Menu Démarrer\Programmes\Démarrage\CCleaner.lnk
backup=c:\windows\pss\CCleaner.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SetRefresh"=c:\program files\Compaq\SetRefresh\SetRefresh.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ws-ftp\\WS_FTP32.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\LANDesk\\Shared Files\\residentagent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"40778:TCP"= 40778:TCP:Trend Micro OfficeScan Listener
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [13/06/2007 17:53 101167]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [09/10/2006 13:31 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [14/06/2007 16:22 13184]
R0 zvukxfus;zvukxfus;c:\windows\system32\drivers\zvukxfus.sys --> c:\windows\system32\drivers\zvukxfus.sys [?]
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [18/04/2007 19:32 39080]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [13/06/2007 17:53 5808]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [19/05/2010 10:29 108289]
R2 ASBroker;Courtier de session de connexion;c:\windows\System32\svchost.exe -k Cognizance [20/08/2004 01:10 14336]
R2 ASChannel;Canal de communication local;c:\windows\System32\svchost.exe -k Cognizance [20/08/2004 01:10 14336]
R2 CBA8;LANDesk(R) Management Agent;c:\program files\LANDesk\Shared Files\residentAgent.exe [29/11/2007 21:32 155648]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [09/07/2007 17:03 221184]
R2 LANDesk Policy Invoker;LANDesk Policy Invoker;c:\program files\LANDesk\LDClient\policy.client.invoker.exe [29/07/2008 19:50 118784]
R2 LANDesk(R) Out-of-Band Monitor Service;LANDesk(R) Out-of-Band Monitor Service;c:\program files\LANDesk\LDClient\amtmon.exe [29/07/2008 19:50 983040]
R2 Softmon;LANDesk(R) Software Monitoring Service;c:\program files\LANDesk\LDClient\SoftMon.exe [29/07/2008 19:50 331776]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [29/07/2008 18:49 2521880]
R2 USBDLM;USBDLM;c:\program files\USBDLM\USBDLM.exe [19/10/2007 12:21 134656]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [30/07/2008 03:24 41216]
R3 ldblank;Screen Blanking driver for Remote Control;c:\windows\system32\drivers\ldblank.sys [29/07/2008 19:50 11904]
R3 ldmirror;ldmirror;c:\windows\system32\drivers\ldmirror.sys [29/07/2008 19:50 3328]
R3 mirrorflt;Mirror Filter Driver for Uninstall;c:\windows\system32\drivers\mirrorflt.sys [29/07/2008 19:50 3712]
S0 ybukak;ybukak; [x]
S2 ilbobbbe;Serenum Filter Helper;c:\windows\System32\svchost.exe -k netsvcs [20/08/2004 01:10 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ilbobbbe
.
Contenu du dossier 'Tâches planifiées'

2010-08-23 c:\windows\Tasks\close_outlook.job
- C:\close_outlook.vbs [2009-03-24 10:21]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.hp.com
FF - ProfilePath - c:\documents and settings\Administrateur.TN400\Application Data\Mozilla\Firefox\Profiles\qlv3yigz.default\
FF - prefs.js: browser.startup.homepage - hxxps://172.18.2.8:4100/?action=fw_logo ... ype=status
FF - plugin: c:\program files\Mozilla Firefox\plugins\npiexec.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- Associations de fichier -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{7726D850-5F6E-4704-AD82-6C6F57245516} - c:\windows\system32\dlo58.dll
ShellIconOverlayIdentifiers-{7726D850-5F6E-4704-AD82-6C6F57245516} - c:\windows\system32\dlo58.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-14 17:27
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x860BBEC5]<<kernel> CLASSPNP.SYS @ 0xf763ff28
\Driver\ACPI -> ACPI.sys @ 0xf74c1cb8
\Driver\atapi -> atapi.sys @ 0xf7453852
\Driver\iaStor -> iaStor.sys @ 0xf7278918
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) 82566DM Gigabit Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf734cbb0
PacketIndicateHandler -> NDIS.sys @ 0xf7359a21
SendHandler -> NDIS.sys @ 0xf733787b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'lsass.exe'(792)
c:\windows\SbHpNp.dll
c:\program files\Bonjour\mdnsNSP.dll

- - - - - - - > 'explorer.exe'(1740)
c:\windows\system32\APSHook.dll
c:\windows\system32\dlo58.dll
c:\windows\system32\msi.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_fre.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\libssl32.dll
c:\windows\system32\LIBEAY32.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Esker\Common\ESLCBcst.exe
c:\windows\system32\ifxtcs.exe
c:\program files\LANDesk\LDClient\LocalSch.EXE
c:\windows\system32\CBA\pds.exe
c:\program files\LANDesk\LDClient\tmcsvc.exe
c:\progra~1\LANDesk\LDClient\issuser.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\IfxPsdSv.exe
c:\progra~1\LANDesk\LDClient\collector.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\progra~1\LANDesk\LDClient\rcgui.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
.
**************************************************************************
.
Heure de fin: 2010-09-14 17:33:08 - La machine a redémarré
ComboFix-quarantined-files.txt 2010-09-14 15:33

Avant-CF: 6 054 830 080 octets libres
Après-CF: 5 915 361 280 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

- - End Of File - - B5236F76791448B21D1E4ECC811C6922

_________________________________________________________________________

ComboFix-quarantined-files.txt:


2010-09-14 15:30:34 . 2010-09-14 15:30:35 709 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellIconOverlayIdentifiers-{7726D850-5F6E-4704-AD82-6C6F57245516}.reg.dat
2010-09-14 15:30:30 . 2010-09-14 15:30:30 521 ----a-w- C:\Qoobox\Quarantine\Registry_backups\BHO-{7726D850-5F6E-4704-AD82-6C6F57245516}.reg.dat
2010-09-14 15:01:11 . 2010-09-14 15:01:11 5,216 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-09-14 14:39:54 . 2010-09-14 14:51:12 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2008-07-29 16:54:44 . 2010-09-10 12:57:28 4,232 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat.vir
2008-07-29 16:54:44 . 2010-09-10 12:57:11 5,739 ----a-w- C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat.vir
2004-08-19 23:10:06 . 2008-04-13 17:34:30 512,000 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir
2004-08-19 23:09:54 . 2008-04-13 17:34:04 1,037,824 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir
__________________________________________________________________________________________________________

Merci.
toutatafr
 
Messages: 22
Inscription: 06 Oct 2010, 10:24

Messagede nickW » 08 Oct 2010, 00:53

Bonsoir,

Rappel:

Vous ne devez pas utiliser ComboFix sans qu'un assistant vous demande expressément de le faire. De plus, en raison de la puissance de cet outil, il vous est fortement conseillé de ne pas essayer de traiter les informations affichées par ComboFix sans l'aide de quelqu'un qui a suivi une formation adéquate. Si vous le faites quand même, seul, sachez qu'une mauvaise utilisation du programme pourrait entraîner des problèmes dans le fonctionnement normal de votre ordinateur.

http://www.bleepingcomputer.com/combofi ... r-combofix


Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nickW » 08 Oct 2010, 00:58

Re-,

Quelques nettoyages:


Étape 1: rkill (de Grinler), téléchargement
Remarque importante:
rkill est parfois, à tort, détecté comme nuisible. Si nécessaire, désactiver l'antivirus lors de son téléchargement.

Télécharger rkill via un clic droit suivi de Enregistrer la cible du lien sous ... depuis l'un des liens ci-dessous:

Lien 1
Lien 2
Lien 3

Enregistrer le fichier sur le Bureau.


Étape 2: OTL (de OldTimer), préparation de la correction
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
SRV - [2010/09/20 18:48:52 | 000,000,007 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\dlo58.dll -- (ilbobbbe)
O2 - BHO: () - {7726D850-5F6E-4704-AD82-6C6F57245516} - C:\WINDOWS\System32\dlo58.dll ()
NetSvcs: ilbobbbe - C:\WINDOWS\System32\dlo58.dll ()

:Files
C:\WINDOWS\System32\dlo58.dll
c:\windows\system32\dlo58.tmp

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur: toutatafr.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 4: rkill (de Grinler), exécution
Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
En fin d'exécution, enregistrer le fichier rkill.log

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des trois liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les trois liens ci-dessus ne semble fonctionner, télécharger une version renommée de rkill depuis iExplore.exe ou eXplorer.exe et essayer de le lancer.

Si aucun des cinq outils téléchargés ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

Ne pas faire redémarrer le PC.


Étape 5: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image


Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection": Image

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. La suite est donc dans le message suivant.
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede nickW » 08 Oct 2010, 00:59

Un dysfonctionnement des serveurs de free et/ou du forum m'empêche d'envoyer de "gros" messages. Ceci est la suite du message précédent.


Étape 6: Pas de processus de contrôle en temps réel
Si le PC a redémarré, et si l'antivirus a été réactivé, il faut de nouveau le désactiver.


Étape 7: OTL (de OldTimer), correction

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Correction: Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 8: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 9: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 10: Résultats
Envoyer en réponse:
*- le rapport de rkill (contenu du fichier rkill.log situé dans le dossier SystemDrive\)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de correction de OTL (contenu du fichier SystemDrive\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 31 invités