Deamade d'analyse suite à infection

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

Deamade d'analyse suite à infection

Messagede phrq » 30 Jan 2011, 23:20

Bonjour

Je vous sollicite suite à une infection récente, dont voici les symptômes:

1) Une navigation internet ralentie, avec ouverture intempestive de fenêtres vers des sites non sollicités
2) Activation d'un processus nommé eqd.exe, et qui m'a paru louche, qui accaparait une partie des ressources. En le désactivant, les choses allaient mieux.

Mon antivirus (GData) m'a signalé une infection par un certain Trojan.Generic.KDV. A toutes fins utiles, je joins les logs en fin de ce message.
Est aussi apparu dans la liste de démarrage, analysée par CCleaner, un certain erygya.exe qui m'était inconnu jusque là.

Peu rassuré, j'ai fait une analyse, par MalwareBytes, qui m'a trouvé et supprimé quelques crasses. Je joins le rapport en fin de ce message.

Je sais, je n'ai pas eu tout de suite le réflexe PAD. Shame on me! :oops:

A présent la machine semble se comporter normalement, mais je voudrais être sûr qu'elle est désinfectée correctement. Je viens donc de faire la PAD, et joins les rapports dans les messages suivants. Pouvez vous y jeter un coup d'oeil?

Merci d'avance pour votre aide

Philippe



-------------------------------
Journal de GData:
-------------------------------

Pendant l'ouverture du fichier "C:\WINDOWS\system32\sshnas21.dll", le virus "Trojan.Generic.KDV.118892 (Engine-A)" a été détecté. Accès refusé.
Pendant l'ouverture du fichier "C:\WINDOWS\Erygya.exe", le virus "Trojan.Generic.KDV.118937 (Engine-A)" a été détecté. Accès refusé.

Le fichier a été placé en quarantaine.

Fichier : C:\WINDOWS\system32\sshnas21.dll
Virus : Trojan.Generic.KDV.118892 (Engine-A)

Pendant l'ouverture du fichier "C:\Documents and Settings\Philippe\Local Settings\Temp\Eqd.exe", le virus "Trojan.Generic.KDV.118939 (Engine-A)" a été détecté. Accès refusé.

Le fichier a été placé en quarantaine.

Fichier : C:\WINDOWS\Erygya.exe
Virus : Trojan.Generic.KDV.118937 (Engine-A)


*** Processus ***

Processus: 1168
Nom de fichier: erygya.exe
Chemin d'accès: c:\windows\erygya.exe

Editeur: Editeur inconnu
Date de création: 01/27/11 23:18:38
Date de modification: 01/27/11 23:18:29

Démarrage à partir de: svchost.exe
Editeur: Editeur inconnu


*** Actions ***

L'analyse antivirus a constaté que c'est un fichier nuisible.
Un packer a été appliqué au fichier programme potentiellement pour masquer des contenus nuisibles.
L’enregistrement du programme a été modifié.


*** Quarantaine ***

Les fichiers suivants ont été envoyés en quarantaine :
c:\windows\erygya.exe

Les entrées de registre suivantes ont été supprimées :

Le fichier a été placé en quarantaine.

Fichier : C:\Documents and Settings\Philippe\Local Settings\Temp\Eqd.exe
Virus : Trojan.Generic.KDV.118939 (Engine-A)



------------------------------------------------------------------
Le 1er rapport mbam après désinfection
------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5632

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

28/01/2011 22:39:54
mbam-log-2011-01-28 (22-39-54).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 144757
Temps écoulé: 4 minute(s), 48 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\CL2GFOKBC9 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SSHNAS (Trojan.Renos) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
c:\WINDOWS\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
phrq
 
Messages: 140
Inscription: 07 Nov 2006, 18:38

Re: Demande d'analyse suite à infection: nouveau rapport mba

Messagede phrq » 30 Jan 2011, 23:22

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Version de la base de données: 5641

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

30/01/2011 22:01:35
mbam-log-2011-01-30 (22-01-35).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 145124
Temps écoulé: 4 minute(s), 16 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
phrq
 
Messages: 140
Inscription: 07 Nov 2006, 18:38

Re: Demande d'analyse suite à infection: Extras

Messagede phrq » 30 Jan 2011, 23:23

OTL Extras logfile created on: 30/01/2011 22:06:42 - Run 6
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Philippe\Bureau\Maintenance
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 47,85 Gb Total Space | 21,83 Gb Free Space | 45,63% Space Free | Partition Type: NTFS
Drive D: | 47,85 Gb Total Space | 26,25 Gb Free Space | 54,85% Space Free | Partition Type: NTFS
Drive E: | 47,85 Gb Total Space | 4,16 Gb Free Space | 8,69% Space Free | Partition Type: NTFS
Drive F: | 46,35 Gb Total Space | 26,54 Gb Free Space | 57,27% Space Free | Partition Type: NTFS
Drive I: | 465,75 Gb Total Space | 244,64 Gb Free Space | 52,53% Space Free | Partition Type: NTFS

Computer Name: ALNATH2 | User Name: Philippe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1957994488-1547161642-1801674531-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\SimpleCopier\simplecopier.exe" = C:\Program Files\SimpleCopier\simplecopier.exe:*:Enabled:SimpleCopier -- (Neogie Software)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server
"C:\Program Files\SimpleCopier\simplecopier.exe" = C:\Program Files\SimpleCopier\simplecopier.exe:*:Enabled:SimpleCopier -- (Neogie Software)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01000A03-E058-11D3-9C13-0000E220DC33}" = MiraScan V4.03
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{0F5B4A82-9DAF-3D13-8CB8-AEB25E4A614E}" = Microsoft .NET Framework 4 Client Profile FRA Language Pack
"{10CA154D-A9D5-4CE9-B739-2361518108C7}" = Diskeeper Home Edition
"{1EE88B84-7BE5-4FB5-8DEA-B81D5409D62E}" = Opera 11.00
"{266517E6-D866-439D-919C-B8B1A52E6080}" = OpenOffice.org 3.2
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216020F0}" = Java(TM) 6 Update 20
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{31B59248-4591-4ED7-BBE9-588C60F09FAC}" = G Data TotalCare 2011
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A4EE7A4-356E-43B7-A4A3-9C55B22A05B3}" = Ma-Config.com
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58FD9176-17BF-4D9A-8773-5ECA2947D391}" = Microsoft SQL Server Compact 3.5 SP1 - Français
"{5E39F2FB-0D5B-413E-903C-3F495017109C}" = EBP Utilitaire d'échanges 1.1
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A53DA64-BBAF-4FB6-BAFA-47C7DF175376}" = EBP Gestion de Contacts Pratic 2011 2.0
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{90AF040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{939740B5-0064-4779-854A-8C1086181C05}" = Macromedia FreeHand MXa
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}" = Nikon Scan
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAB84E83-C8DF-4752-9DFC-2E2A48EE5E9F}" = Nikon View 6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E583ED6F-BD99-4066-A420-C815BF692B69}" = Macromedia Fireworks MX 2004
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F17526BD-E738-440D-BAE1-81BBDC7454E2}" = EBP Devis et Facturation BE 2011 8.0
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"CCleaner" = CCleaner
"Cloneur Expert" = Cloneur Expert
"Defraggler" = Defraggler
"DMX5_is1" = DriverMax 5
"EBP Devis et Facturation BE 2011 8.0" = EBP Devis et Facturation BE 2011 8.0
"EBP Gestion de Contacts Pratic 2011 2.0" = EBP Gestion de Contacts Pratic 2011 2.0
"EBP Utilitaire d'échanges 1.1" = EBP Utilitaire d'échanges 1.1
"ERUNT_is1" = ERUNT 1.1j
"FileZilla Client" = FileZilla Client 3.3.5.1
"Foxit Reader" = Foxit Reader
"HomeBank Off-Line_is1" = HomeBank Off-Line 5.10
"hp deskjet 970c series" = hp deskjet 970c series (Supprimer uniquement)
"hp deskjet 970c series_Driver" = hp deskjet 970c series
"hp deskjet 990c series" = hp deskjet 990c series (Supprimer uniquement)
"hp deskjet 990c series_Driver" = hp deskjet 990c series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"Jigs@w Puzzle Promo Creator_is1" = Jigs@w Puzzle Promo Creator 2.1
"KeePass Password Safe_is1" = KeePass Password Safe 1.09
"Live Media" = Live Media Plugin (Todae)
"MagicScore_is1" = MagicScore
"MAGIX Video deluxe SE F" = MAGIX Video deluxe SE 6.0.5.0 (F)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile FRA Language Pack" = Module linguistique Microsoft .NET Framework 4 Client Profile FRA
"MozBackup_is1" = MozBackup 1.4.7
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"PrintPratic" = PrintPratic
"RealVNC_is1" = VNC Free Edition 4.1.3
"Recuva" = Recuva
"Services Off-line de Home'Bank_is1" = Services Off-line de Home'Bank 5.10
"SetBrowser" = SetBrowser (remove only)
"SimpleCopier_is1" = SimpleCopier
"Speccy" = Speccy
"SystemRequirementsLab" = System Requirements Lab
"Uninstall" = Uninstall
"VLC media player" = VLC media player 1.1.6
"WampServer 2_is1" = WampServer 2.0
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.97.8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1957994488-1547161642-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CAVOMATIC 2" = Cavomatic 2
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/01/2011 13:15:12 | Computer Name = ALNATH2 | Source = VSS | ID = 12289
Description = Erreur du service de cliché instantané des volumes : erreur inattendue
CreateFileW(\\?\Volume{12376d1d-dd71-11dc-8af5-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 04/01/2011 13:15:12 | Computer Name = ALNATH2 | Source = VSS | ID = 12289
Description = Erreur du service de cliché instantané des volumes : erreur inattendue
CreateFileW(\\?\Volume{12376d1e-dd71-11dc-8af5-806d6172696f},0xc0000000,0x00000003,...).
hr = 0x80070005.

Error - 05/01/2011 18:32:19 | Computer Name = ALNATH2 | Source = nview_info | ID = 11141121
Description =

Error - 05/01/2011 21:59:48 | Computer Name = ALNATH2 | Source = Application Error | ID = 1000
Description = Application défaillante , version 0.0.0.0, module défaillant unknown,
version 0.0.0.0, adresse de défaillance 0x00000000.

Error - 10/01/2011 04:13:46 | Computer Name = ALNATH2 | Source = Application Error | ID = 1000
Description = Application défaillante , version 0.0.0.0, module défaillant unknown,
version 0.0.0.0, adresse de défaillance 0x00000000.

Error - 18/01/2011 17:46:17 | Computer Name = ALNATH2 | Source = Application Hang | ID = 1002
Description = Application bloquée Dreamweaver.exe, version 7.0.1.2187, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 23/01/2011 05:55:16 | Computer Name = ALNATH2 | Source = nview_info | ID = 11141121
Description =

Error - 28/01/2011 17:40:08 | Computer Name = ALNATH2 | Source = Application Error | ID = 1000
Description = Application défaillante mbam.exe, version 1.50.1.3, module défaillant
unknown, version 0.0.0.0, adresse de défaillance 0x10078ac0.

Error - 28/01/2011 17:40:09 | Computer Name = ALNATH2 | Source = Microsoft IntelliPoint | ID = 1000
Description =

Error - 28/01/2011 17:40:17 | Computer Name = ALNATH2 | Source = Application Error | ID = 1000
Description = Application défaillante , version 0.0.0.0, module défaillant unknown,
version 0.0.0.0, adresse de défaillance 0x00000000.

[ System Events ]
Error - 29/01/2011 19:43:58 | Computer Name = ALNATH2 | Source = Service Control Manager | ID = 7000
Description = Le service ForceWare Intelligent Application Manager (IAM) n'a pas
pu démarrer en raison de l'erreur : %%2

Error - 30/01/2011 06:54:52 | Computer Name = ALNATH2 | Source = Service Control Manager | ID = 7000
Description = Le service Forceware Web Interface n'a pas pu démarrer en raison de
l'erreur : %%3

Error - 30/01/2011 06:54:52 | Computer Name = ALNATH2 | Source = Service Control Manager | ID = 7000
Description = Le service ForceWare user log service n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 30/01/2011 06:54:52 | Computer Name = ALNATH2 | Source = Service Control Manager | ID = 7000
Description = Le service ForceWare Intelligent Application Manager (IAM) n'a pas
pu démarrer en raison de l'erreur : %%2

Error - 30/01/2011 08:37:28 | Computer Name = ALNATH2 | Source = Service Control Manager | ID = 7000
Description = Le service Forceware Web Interface n'a pas pu démarrer en raison de
l'erreur : %%3

Error - 30/01/2011 08:37:28 | Computer Name = ALNATH2 | Source = Service Control Manager | ID = 7000
Description = Le service ForceWare user log service n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 30/01/2011 08:37:28 | Computer Name = ALNATH2 | Source = Service Control Manager | ID = 7000
Description = Le service ForceWare Intelligent Application Manager (IAM) n'a pas
pu démarrer en raison de l'erreur : %%2

Error - 30/01/2011 15:40:55 | Computer Name = ALNATH2 | Source = Service Control Manager | ID = 7000
Description = Le service Forceware Web Interface n'a pas pu démarrer en raison de
l'erreur : %%3

Error - 30/01/2011 15:40:55 | Computer Name = ALNATH2 | Source = Service Control Manager | ID = 7000
Description = Le service ForceWare user log service n'a pas pu démarrer en raison
de l'erreur : %%2

Error - 30/01/2011 15:40:55 | Computer Name = ALNATH2 | Source = Service Control Manager | ID = 7000
Description = Le service ForceWare Intelligent Application Manager (IAM) n'a pas
pu démarrer en raison de l'erreur : %%2


< End of report >
phrq
 
Messages: 140
Inscription: 07 Nov 2006, 18:38

Re: Demande d'analyse suite à infection Rapport OTL

Messagede phrq » 30 Jan 2011, 23:24

OTL logfile created on: 30/01/2011 22:06:42 - Run 6
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Philippe\Bureau\Maintenance
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 84,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 47,85 Gb Total Space | 21,83 Gb Free Space | 45,63% Space Free | Partition Type: NTFS
Drive D: | 47,85 Gb Total Space | 26,25 Gb Free Space | 54,85% Space Free | Partition Type: NTFS
Drive E: | 47,85 Gb Total Space | 4,16 Gb Free Space | 8,69% Space Free | Partition Type: NTFS
Drive F: | 46,35 Gb Total Space | 26,54 Gb Free Space | 57,27% Space Free | Partition Type: NTFS
Drive I: | 465,75 Gb Total Space | 244,64 Gb Free Space | 52,53% Space Free | Partition Type: NTFS

Computer Name: ALNATH2 | User Name: Philippe | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/30 20:55:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\Maintenance\OTL.exe
PRC - [2010/09/02 15:12:52 | 001,538,120 | ---- | M] (G Data Software AG) -- C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe
PRC - [2010/09/02 15:12:35 | 001,098,312 | ---- | M] (G Data Software AG) -- C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe
PRC - [2010/09/02 15:11:56 | 000,998,472 | ---- | M] (G Data Software AG) -- C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe
PRC - [2010/08/26 00:41:14 | 001,607,344 | ---- | M] (G Data Software AG) -- C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe
PRC - [2010/08/26 00:28:53 | 001,330,792 | ---- | M] () -- C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe
PRC - [2010/08/25 23:51:59 | 000,340,552 | ---- | M] (G Data Software AG) -- C:\Program Files\Fichiers communs\G DATA\GDScan\GDScan.exe
PRC - [2010/04/16 13:10:14 | 000,410,696 | ---- | M] (G Data Software AG) -- C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe
PRC - [2009/09/28 22:41:12 | 000,024,645 | ---- | M] (Apache Software Foundation) -- C:\wamp\bin\apache\Apache2.2.14\bin\httpd.exe
PRC - [2009/09/28 22:41:12 | 000,024,645 | ---- | M] (Apache Software Foundation) -- c:\wamp\bin\apache\Apache2.2.14\bin\httpd.exe
PRC - [2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/17 21:26:45 | 000,151,552 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe
PRC - [2008/02/17 21:26:45 | 000,061,440 | ---- | M] (Acronis) -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe
PRC - [2004/02/11 19:21:30 | 000,327,793 | ---- | M] (Executive Software International, Inc.) -- C:\Program Files\Executive Software\Diskeeper\DkService.exe
PRC - [2002/12/04 10:52:48 | 000,237,568 | ---- | M] (Nikon Corporation) -- C:\Program Files\Nikon\NkView6\NkvMon.exe
PRC - [2001/11/29 20:50:06 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe


========== Modules (SafeList) ==========

MOD - [2011/01/30 20:55:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Philippe\Bureau\Maintenance\OTL.exe
MOD - [2010/11/09 15:52:35 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbc32.dll
MOD - [2010/08/23 17:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2010/05/19 15:37:00 | 000,401,920 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
MOD - [2010/05/04 15:25:46 | 000,597,504 | ---- | M] (STLport Consulting, Inc.) -- C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll
MOD - [2010/04/06 03:52:46 | 002,462,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WMVCore.dll
MOD - [2009/08/13 14:56:14 | 001,748,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
MOD - [2008/10/07 13:33:00 | 001,486,848 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2008/10/07 13:33:00 | 000,327,680 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwrsfr.dll
MOD - [2008/10/07 13:33:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll
MOD - [2008/04/14 03:33:48 | 000,053,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winsta.dll
MOD - [2008/04/14 03:33:46 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\sti.dll
MOD - [2008/04/14 03:33:41 | 000,068,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\shgina.dll
MOD - [2008/04/14 03:33:36 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/14 03:33:35 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/14 03:33:35 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/14 03:33:34 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/14 03:33:31 | 001,007,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msgina.dll
MOD - [2008/04/14 03:33:29 | 000,586,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mlang.dll
MOD - [2008/04/14 03:33:23 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/14 03:33:22 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll
MOD - [2008/04/14 03:31:03 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cfgmgr32.dll
MOD - [2007/11/07 01:19:34 | 000,655,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
MOD - [2007/10/25 09:28:30 | 000,222,720 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wmasf.dll
MOD - [2007/03/28 13:56:42 | 000,098,304 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\odbcint.dll
MOD - [2006/10/18 21:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\PortableDeviceApi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (nSvcLog)
SRV - File not found [Auto | Stopped] -- -- (ForcewareWebInterface)
SRV - File not found [Auto | Stopped] -- -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2010/09/02 15:12:35 | 001,098,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\Fichiers communs\G DATA\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2010/08/26 00:41:14 | 001,607,344 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\G DATA\TotalCare\Firewall\GDFwSvc.exe -- (GDFwSvc)
SRV - [2010/08/26 00:28:53 | 001,330,792 | ---- | M] () [Auto | Running] -- C:\Program Files\G DATA\TotalCare\AVK\AVKWCtl.exe -- (AVKWCtl)
SRV - [2010/08/25 23:51:59 | 000,340,552 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files\Fichiers communs\G DATA\GDScan\GDScan.exe -- (GDScan)
SRV - [2010/05/05 08:26:22 | 000,901,192 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files\G DATA\TotalCare\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2010/04/16 13:10:14 | 000,410,696 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files\G DATA\TotalCare\AVK\AVKService.exe -- (AVKService)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 02:17:54 | 000,934,984 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files\G DATA\TotalCare\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)
SRV - [2009/09/28 22:41:12 | 000,024,645 | ---- | M] (Apache Software Foundation) [Auto | Running] -- c:\wamp\bin\apache\apache2.2.14\bin\httpd.exe -- (wampapache)
SRV - [2009/02/14 23:22:12 | 006,558,336 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.1.32\bin\mysqld.exe -- (wampmysqld)
SRV - [2008/11/17 08:05:32 | 000,195,752 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2008/02/19 22:30:01 | 000,069,632 | ---- | M] (Macromedia) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2008/02/17 21:26:45 | 000,151,552 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Fichiers communs\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/02/11 19:21:30 | 000,327,793 | ---- | M] (Executive Software International, Inc.) [Auto | Running] -- C:\Program Files\Executive Software\Diskeeper\DkService.exe -- (Diskeeper)


========== Driver Services (SafeList) ==========

DRV - [2010/12/28 23:43:43 | 000,068,976 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\GRD.sys -- (GRD)
DRV - [2010/12/28 23:40:45 | 000,051,400 | ---- | M] (G Data Software AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GDTdiIcpt.sys -- (GDTdiInterceptor)
DRV - [2010/12/28 23:40:45 | 000,029,640 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDNdisIc.sys -- (GDNdisIc)
DRV - [2010/12/28 23:40:44 | 000,038,600 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\HookCentre.sys -- (HookCentre)
DRV - [2010/12/28 23:40:43 | 000,062,024 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV - [2010/12/28 23:40:43 | 000,033,480 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\GDBehave.sys -- (GDBehave)
DRV - [2008/11/17 08:06:38 | 000,015,360 | ---- | M] (Ma-Config.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2008/10/07 13:33:00 | 006,133,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 20:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 20:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 20:46:10 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 19:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 19:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 19:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/02/17 21:26:43 | 000,210,400 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/02/17 21:26:43 | 000,081,280 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/02/17 21:26:43 | 000,028,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2006/10/19 05:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2006/04/14 20:09:06 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006/04/14 20:09:04 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006/04/14 20:08:56 | 000,101,888 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvtcp.sys -- (NVTCP)
DRV - [2005/07/26 07:01:56 | 000,415,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2005/07/26 06:58:30 | 000,053,376 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2005/01/20 14:13:20 | 000,024,911 | ---- | M] (DiamondCS) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\procguard.sys -- (procguard)
DRV - [2004/11/17 19:05:38 | 002,297,664 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/08/05 13:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/05 13:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/04/30 14:35:00 | 000,024,832 | ---- | M] (Advanced Card Systems Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\a38usbxp.sys -- (ACSSCR)
DRV - [2001/08/17 23:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1957994488-1547161642-1801674531-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://alnath.nuxit.net/mesliens.htm
IE - HKU\S-1-5-21-1957994488-1547161642-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.startup.homepage: "http://alnath.nuxit.net/mesliens.htm"
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1..
FF - prefs.js..extensions.enabledItems: {d57c9ff1-6389-48fc-b770-f78bd89b6e8a}:1.33
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.1
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/26 18:22:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/26 18:22:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/09 23:39:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/01/26 18:22:40 | 000,000,000 | ---D | M]

[2010/09/01 21:26:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Extensions
[2010/09/01 21:26:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/01/28 11:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\c0sjk2fz.default\extensions
[2011/01/03 19:45:21 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\c0sjk2fz.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/06/29 09:09:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\c0sjk2fz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/08 00:11:31 | 000,000,000 | ---D | M] (Web Developer) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\c0sjk2fz.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/01/07 12:06:34 | 000,000,000 | ---D | M] ("SearchStatus") -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\c0sjk2fz.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2011/01/06 18:31:25 | 000,000,000 | ---D | M] (Firebug) -- C:\Documents and Settings\Philippe\Application Data\Mozilla\Firefox\Profiles\c0sjk2fz.default\extensions\firebug@software.joehewitt.com
[2011/01/28 11:15:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/28 23:29:51 | 000,000,000 | ---D | M] (G Data Filtre Internet) -- C:\Program Files\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2011/01/14 10:53:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/21 08:41:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/08/20 14:09:16 | 000,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml
[2010/08/20 14:09:16 | 000,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/08/20 14:09:16 | 000,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml
[2010/08/20 14:09:16 | 000,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml
[2010/08/20 14:09:16 | 000,000,956 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2011/01/28 22:28:23 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)
O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G DATA\TotalCare\Webfilter\AvkWebIE.dll (G Data Software AG)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Fichiers communs\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G DATA\TotalCare\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files\G DATA\TotalCare\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKU\S-1-5-21-1957994488-1547161642-1801674531-1003..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NkvMon.exe.lnk.disabled ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1957994488-1547161642-1801674531-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_22.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.238.2.22 195.238.2.21
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/17 16:41:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: SSHNAS - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/01/30 20:41:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Philippe\Recent
[2011/01/26 18:36:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Bureau\Garmin
[2011/01/26 18:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2011/01/26 18:22:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\QuickTime
[2011/01/26 18:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Fichiers communs\Apple
[2011/01/26 18:20:56 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/01/26 18:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Application Data\vlc
[2011/01/26 18:06:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\VideoLAN
[2011/01/14 10:56:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Application Data\OpenOffice.org
[2011/01/14 10:54:29 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\OpenOffice.org 3.2
[2011/01/14 10:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2011/01/14 10:53:36 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011/01/14 10:53:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/01/14 10:53:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/01/14 10:53:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/01/14 10:07:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\XnView
[2011/01/14 10:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\XnView
[2011/01/03 20:03:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/01/03 19:52:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Application Data\GARMIN
[2011/01/02 12:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Bureau\Carton
[2011/01/01 13:54:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Philippe\Local Settings\Application Data\StimulsoftReportsResources

========== Files - Modified Within 30 Days ==========

[2011/01/30 22:03:06 | 000,191,394 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\00-PAD-nickW.pdf
[2011/01/30 21:22:00 | 000,001,058 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/30 21:20:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1547161642-1801674531-1003UA.job
[2011/01/30 20:41:13 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/30 20:40:32 | 000,195,534 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/01/30 20:40:23 | 000,001,054 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/30 20:40:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/28 09:20:00 | 000,001,106 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1957994488-1547161642-1801674531-1003Core.job
[2011/01/27 18:17:46 | 000,010,373 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\jap.odt
[2011/01/26 18:30:21 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/01/26 18:23:22 | 000,001,611 | ---- | M] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/01/26 18:06:39 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2011/01/24 16:59:12 | 000,001,552 | RHS- | M] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\SCPSS.DLL
[2011/01/24 13:47:23 | 024,452,132 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\2.png
[2011/01/17 15:19:10 | 000,000,556 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\RUSHES Gotham.lnk
[2011/01/15 23:39:41 | 000,000,049 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/01/14 22:52:48 | 000,239,944 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/01/14 10:54:30 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.2.lnk
[2011/01/13 18:02:44 | 000,015,360 | ---- | M] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/12 15:07:35 | 000,002,440 | ---- | M] () -- C:\Documents and Settings\Philippe\Bureau\Nouveau Texte Open Office (3).odt
[2011/01/10 18:31:47 | 012,931,072 | ---- | M] () -- D:\Mes documents\Demo2.0FR07_1b481f04-4150-4b87-9670-4512e5018fac.sdf
[2011/01/03 20:07:07 | 000,551,924 | ---- | M] () -- C:\WINDOWS\System32\perfh00C.dat
[2011/01/03 20:07:07 | 000,481,000 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/03 20:07:07 | 000,093,802 | ---- | M] () -- C:\WINDOWS\System32\perfc00C.dat
[2011/01/03 20:07:07 | 000,079,074 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2011/01/30 22:03:06 | 000,191,394 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\00-PAD-nickW.pdf
[2011/01/26 18:27:29 | 000,002,205 | ---- | C] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/01/26 18:27:29 | 000,001,854 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Safari.lnk
[2011/01/26 18:23:22 | 000,001,611 | ---- | C] () -- C:\Documents and Settings\Philippe\Application Data\Microsoft\Internet Explorer\Quick Launch\QuickTime Player.lnk
[2011/01/26 18:20:57 | 000,001,830 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Apple Software Update.lnk
[2011/01/26 18:06:39 | 000,000,726 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2011/01/24 12:28:10 | 024,452,132 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\2.png
[2011/01/17 15:19:12 | 000,000,556 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\RUSHES Gotham.lnk
[2011/01/14 14:15:34 | 000,001,552 | RHS- | C] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\SCPSS.DLL
[2011/01/14 10:54:30 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\OpenOffice.org 3.2.lnk
[2011/01/12 15:07:35 | 000,002,440 | ---- | C] () -- C:\Documents and Settings\Philippe\Bureau\Nouveau Texte Open Office (3).odt
[2011/01/04 04:19:12 | 000,183,074 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1957994488-1547161642-1801674531-1003-0.dat
[2011/01/04 04:19:11 | 000,183,074 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/12/11 14:25:11 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2010/09/27 23:10:31 | 000,704,680 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/04 16:32:13 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\RCDLL_Polish.dll
[2010/06/01 08:07:24 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/04/29 22:24:34 | 000,000,071 | ---- | C] () -- C:\WINDOWS\games.ini
[2009/03/25 14:44:10 | 000,006,525 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2009/02/20 06:14:15 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/12/15 13:44:02 | 000,003,072 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Config.nt.bak
[2008/12/15 13:44:02 | 000,002,009 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Autoexec.nt.bak
[2008/12/15 13:44:02 | 000,000,736 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\hosts.bak
[2008/09/01 14:17:26 | 000,000,049 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/02/25 00:15:29 | 000,015,360 | ---- | C] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/02/20 12:49:38 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\Dtctrace.dll
[2008/02/18 14:30:41 | 000,000,151 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/02/18 10:23:38 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/02/18 10:20:28 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/02/18 10:20:26 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/02/17 23:55:31 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\fusioncache.dat
[2008/02/17 21:26:43 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\setupnt.dll
[2008/02/17 17:26:13 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/12/05 01:41:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 01:41:00 | 001,486,848 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 01:41:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 01:41:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 01:41:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/09/14 23:04:28 | 000,002,548 | ---- | C] () -- C:\Documents and Settings\Philippe\Local Settings\Application Data\scpsv.dll
[2004/04/30 13:00:00 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\usbr38.dll

========== LOP Check ==========

[2010/12/28 14:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cavomatic
[2010/02/24 20:56:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ciel
[2010/12/31 17:26:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EBP
[2011/01/04 21:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\G DATA
[2010/01/28 09:47:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2008/12/04 22:46:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2008/02/19 21:17:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/02/01 10:54:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\phpDesigner
[2008/12/15 14:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/02/18 15:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2010/11/19 18:25:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{3E6FFBED-F04C-407C-81F0-DE370DEBB653}
[2010/12/31 17:27:02 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8956963B-1394-4A04-9DAE-F484AA0F8F4A}
[2010/12/31 17:44:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{DFE8A354-C5B5-409D-A3C2-48E962E84309}
[2008/06/18 10:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Alien Skin
[2011/01/26 21:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Cavomatic 2
[2011/01/25 11:01:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\FileZilla
[2011/01/03 19:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\GARMIN
[2009/12/14 23:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\GetRightToGo
[2008/02/17 21:28:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Micro Application
[2009/12/14 22:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\NCH Swift Sound
[2008/03/25 10:05:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Nikon
[2011/01/14 10:56:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\OpenOffice.org
[2008/02/18 21:09:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Opera
[2010/02/01 11:05:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\phpDesigner
[2008/12/03 22:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\SystemRequirementsLab
[2010/09/01 21:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Thunderbird
[2010/05/17 22:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\Todae
[2008/02/18 15:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\TuneUp Software
[2009/03/12 22:53:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\vghd
[2011/01/27 17:46:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Philippe\Application Data\XnView

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010/03/05 15:05:05 | 000,293,376 | ---- | M] () -- C:\uu397dp9.exe


< MD5 for: AGP440.SYS >
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/09/24 11:01:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/09/24 11:01:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/05 13:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/24 11:01:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/09/24 11:01:28 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Philippe\Bureau\Maintenance\Driver Max\Sauvergarde drivers 280110\hdc\primary_ide_channel\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Documents and Settings\Philippe\Bureau\Maintenance\Driver Max\Sauvergarde drivers 280110\hdc\secondary_ide_channel\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/05 13:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CTFMON.EXE >
[2004/08/05 13:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5584247B568C2E53934873F4B655FE6A -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
[2008/04/14 03:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008/04/14 03:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe

< MD5 for: EVENTLOG.DLL >
[2004/08/05 13:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2007/06/13 14:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 14:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 03:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 13:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATA.SYS >
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\Win2K\sata_ide\nvata.sys
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\WinXP\sata_ide\nvata.sys
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\nvata.sys
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\nvata.sys
[2005/05/17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\drivers\nvata.sys
[2005/05/17 17:45:08 | 000,092,800 | ---- | M] (NVIDIA Corporation) MD5=DCE353985C988BFB7E84FD942068151F -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\nvata.sys

< MD5 for: NVATABUS.SYS >
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\Win2K\legacy\nvatabus.sys
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\Win2K\sataraid\nvatabus.sys
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\WinXP\legacy\nvatabus.sys
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\NVIDIA\nForceWin2KXP\6.86\IDE\WinXP\sataraid\nvatabus.sys
[2006/04/24 17:52:28 | 000,100,736 | ---- | M] (NVIDIA Corporation) MD5=C03E15101F6D9E82CD9B0E7D715F5DE3 -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 13:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/05 13:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 03:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/05 13:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 03:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34

< End of report >
phrq
 
Messages: 140
Inscription: 07 Nov 2006, 18:38

Re: Deamade d'analyse suite à infection

Messagede nickW » 31 Jan 2011, 01:47

Bonsoir,

Je ne vois plus de trace d'infection, mais tu dois surveiller si de nouveaux symptômes n'apparaissent pas dans les prochains jours.


Par contre, deux éléments de sécurité sont à corriger:

ImageUn conseil important:

Java de Oracle
Installer la dernière version de Java de Oracle.

Version actuelle: Java SE Runtime Environment (JRE) 6 Update 23 - JRE 6 Update 23
*- http://www.oracle.com/technetwork/java/ ... index.html

Dans le paragraphe "Java Platform, Standard Edition", cliquer sur Download JRE.

Sur la page suivante, dans le paragraphe "Select Platform and Language for your download", choisir la plateforme (Windows), cocher la case située devant "I agree to the Java SE Runtime Environment 6u23 with JavaFX 1 License Agreement.", puis cliquer sur le bouton Continue >>

Sur la nouvelle page, sous "Windows Offline Installation", télécharger le fichier jre-6u23-windows-i586.exe, 15,79 MB

Fermer tous les navigateurs (Internet Explorer, Firefox, etc), puis faire un double clic sur jre-6u23-windows-i586.exe pour lancer l'installation.

Après l'installation de la nouvelle version, il est impératif de désinstaller toutes les versions obsolètes dont les failles sont utilisées par les "malveillants".
Pour ce faire:

JavaRa (de Fred de Vries et Paul McLain)
Aller sur le site http://raproducts.org/
Cliquer sur l'onglet Software
Télécharger JavaRa: Dans le paragraphe JavaRa, cliquer sur Download Windows Binary (.zip file).
Enregistrer le fichier JavaRa.zip sur le Bureau.
Créer un nouveau dossier nommé JavaRa et y décompresser la totalité de l'archive (clic droit, puis Extraire tout).
Ouvrir le dossier JavaRa puis faire un double clic sur JavaRa.exe pour lancer l'outil.

Sous "Select the language of your choice below" choisir (via la liste déroulante) Français et cliquer sur le bouton Select.

Cliquer sur le bouton Effacer les anciennes versions et valider ce choix en cliquant sur Oui ("Êtes-vous sûr de vouloir poursuivre?").

Cliquer deux fois sur OK.
Un rapport va s'afficher dans le Bloc-notes. Fermer le Bloc-notes.
Fermer JavaRa.



ImageUn conseil:
Désactiver la fonction de lancement automatique ("autorun") sur les lecteurs amovibles.
Voir ce sujet de Gof:
Guide sécurisation Windows face aux menaces infectieuses USB
viewtopic.php?t=25228
Le fichier de désactivation est téléchargeable depuis ce lien

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: Demande d'analyse suite à infection

Messagede phrq » 31 Jan 2011, 19:01

Bonjour NickW

Merci de ta réponse.

J'ai fait ce que tu m'as indiqué, et vais donc surveiller la bête pendant quelques jours.

Un grand merci pour ton aide :D

Philippe
phrq
 
Messages: 140
Inscription: 07 Nov 2006, 18:38


Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 25 invités