[OK] description détaillée des symptômes d'infection

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] description détaillée des symptômes d'infection

Messagede mortar » 19 Mai 2011, 13:33

Bonjour,
je soupçonne une infestion sur mon pc et je joint un fichier rapport de Malwarebytes' Anti-Malware
Merci pour la lecture et l'aide

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Version de la base de données: 6616

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

19/05/11 13:40:36
mbam-log-2011-05-19 (13-40-32).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 177365
Temps écoulé: 4 minute(s), 0 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988} (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31A59636-0FA3-4A56-954D-DB7AD02840D8} (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FA917B9-DF69-477F-9E4F-B60D929DE79F} (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C875948-9C60-4381-9248-0DF180542D53} (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99410CDE-6F16-42CE-9D49-3807F78F0287} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DECEAAA2-370A-49BB-9362-68C3A58DDC62} (Adware.180Solutions) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F919FBD3-A96B-4679-AF26-F551439BB5FD} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ZangoToolbar 4.8.3 (Adware.Zango) -> Value: ZangoToolbar 4.8.3 -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Dossier(s) infecté(s):
c:\documents and settings\Armand\application data\spamblocker (Adware.Hotbar) -> No action taken.
c:\documents and settings\Armand\application data\spamblockerutility (Adware.Hotbar) -> No action taken.
c:\documents and settings\Armand\application data\spamblockerutility\v3.0 (Adware.Hotbar) -> No action taken.
c:\documents and settings\Armand\application data\spamblockerutility\v3.0\spamblockerutility (Adware.Hotbar) -> No action taken.
c:\documents and settings\Armand\application data\spamblockerutility\v3.0\spamblockerutility\static (Adware.Hotbar) -> No action taken.
c:\documents and settings\Armand\application data\spamblockerutility\v3.0\spamblockerutility\static\1 (Adware.Hotbar) -> No action taken.

Fichier(s) infecté(s):
c:\documents and settings\Armand\application data\spamblockerutility\v3.0\spamblockerutility\static\1\btntrans.idx (Adware.Hotbar) -> No action taken.
mortar
 
Messages: 18
Inscription: 19 Mai 2011, 13:09

Re: description détaillée des symptômes d'infection

Messagede mortar » 19 Mai 2011, 13:37

Bonjour,
en suivant les recommandations voici la suite: contenu des fichiers OTL.Txt
Merci

OTL logfile created on: 19/05/11 13:46:50 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Armand\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yy

1 023,00 Mb Total Physical Memory | 551,00 Mb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189,91 Gb Total Space | 74,62 Gb Free Space | 39,29% Space Free | Partition Type: NTFS

Computer Name: MORTIER | User Name: Armand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/19 13:00:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTL.exe
PRC - [2011/04/08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/22 20:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/02/04 12:08:57 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/04 12:08:48 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/04 12:08:48 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/10/29 15:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2010/04/02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/24 19:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/01/14 21:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/16 16:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/06/10 18:19:38 | 000,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005/06/10 16:20:06 | 001,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004/07/20 15:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/19 13:00:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTL.exe
MOD - [2011/02/04 16:54:38 | 000,701,440 | ---- | M] (Agnitum Ltd.) -- c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll
MOD - [2011/02/04 16:54:34 | 000,283,736 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Firewall Pro\op_shell.dll
MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/07/12 00:02:02 | 000,653,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
MOD - [2009/07/12 00:02:00 | 000,569,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
MOD - [2008/04/14 04:33:36 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll
MOD - [2008/04/14 04:33:35 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll
MOD - [2008/04/14 04:33:35 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll
MOD - [2008/04/14 04:33:34 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll
MOD - [2008/04/14 04:33:23 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll
MOD - [2008/04/14 04:33:22 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Planificateur LiveUpdate automatique)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [On_Demand | Stopped] -- -- (Acsvcvcvnpq.50)
SRV - [2011/04/08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/02/04 17:30:04 | 002,040,144 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv)
SRV - [2011/02/04 12:08:57 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/02/04 12:08:48 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/24 15:49:34 | 000,310,640 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/06/10 18:19:38 | 000,869,888 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004/07/20 15:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011/02/04 12:09:08 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/02/04 12:09:08 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/02/02 16:52:40 | 000,710,824 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2011/02/02 16:51:26 | 000,072,352 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - [2010/09/27 16:40:28 | 000,267,624 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2010/08/30 12:19:54 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2010/06/17 14:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/04/20 16:05:16 | 000,034,280 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/11/12 18:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/09/24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/08/01 12:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 12:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 20:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_51)
DRV - [2008/04/13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/07/01 23:42:58 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/06/10 18:12:12 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/06/10 18:11:50 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/06/10 16:11:44 | 000,028,160 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/12/14 17:55:22 | 000,009,472 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2004/12/07 10:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004/08/05 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/05 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/07/20 15:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2003/12/05 11:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 23:04:48 | 000,171,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv30.sys -- (Camdrv30)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://portail.free.fr/
IE - HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
IE - HKU\S-1-5-21-790525478-527237240-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3


[2010/04/24 10:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Armand\Application Data\Mozilla\Firefox\Profiles\9l1fqquo.default\extensions
[2010/04/24 10:11:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Armand\Application Data\Mozilla\Firefox\Profiles\9l1fqquo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\GOOGLE-CJK@PARTNERS.MOZILLA.COM
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG

O1 HOSTS File: ([2007/07/14 09:01:06 | 000,050,834 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 123spywar.com
O1 - Hosts: 0.0.0.0 www.123spywar.com
O1 - Hosts: 0.0.0.0 1clickspyclean.com
O1 - Hosts: 0.0.0.0 www.1clickspyclean.com
O1 - Hosts: 0.0.0.0 1clicksuite.net
O1 - Hosts: 0.0.0.0 www.1clicksuite.net
O1 - Hosts: 0.0.0.0 1spyware-removal.com
O1 - Hosts: 0.0.0.0 www.1spyware-removal.com
O1 - Hosts: 0.0.0.0 1spywarekiller.com
O1 - Hosts: 0.0.0.0 www.1spywarekiller.com
O1 - Hosts: 0.0.0.0 1stantivirus.com
O1 - Hosts: 0.0.0.0 www.1stantivirus.com
O1 - Hosts: 0.0.0.0 1stspywar.com
O1 - Hosts: 0.0.0.0 www.1stspywar.com
O1 - Hosts: 0.0.0.0 2-antispyware.com
O1 - Hosts: 0.0.0.0 www.2-antispyware.com
O1 - Hosts: 0.0.0.0 3bsoftware.com
O1 - Hosts: 0.0.0.0 www.3bsoftware.com
O1 - Hosts: 0.0.0.0 actualresearch.com
O1 - Hosts: 0.0.0.0 www.actualresearch.com
O1 - Hosts: 0.0.0.0 abletostop.com
O1 - Hosts: 0.0.0.0 www.abletostop.com
O1 - Hosts: 0.0.0.0 aboutblankremover.com
O1 - Hosts: 0.0.0.0 www.aboutblankremover.com
O1 - Hosts: 1735 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-790525478-527237240-1801674531-1004..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKU\S-1-5-21-790525478-527237240-1801674531-1004..\Run: [PowerBar] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-790525478-527237240-1801674531-1004..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Documents and Settings\Armand\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-790525478-527237240-1801674531-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll (Agnitum Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/fr/securityadvisor/vi ... ebscan.cab (WScanCtl Class)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://www.ma-config.com/plugins/MaConfig_5_1_0_5.cab ("Ma-Config.com control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Armand/LOCALS~1/Temp/msohtml1/04/clip_image001.jpg
O24 - Desktop Components:1 () - file:///C:/DOCUME~1/Armand/LOCALS~1/Temp/msohtml1/10/clip_image002.jpg
O24 - Desktop Components:2 () - http://img111.imageshack.us/img111/764/ ... ansoa9.jpg
O24 - Desktop Components:3 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2005/11/02 01:23:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/07/22 15:28:29 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{66b55dcc-28c0-11de-8f93-0016384f7675}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{66b55dcc-28c0-11de-8f93-0016384f7675}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011/05/19 13:26:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/19 13:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ERUNT
[2011/05/19 13:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/19 13:19:40 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Program Files\erunt-setup.exe
[2011/05/19 13:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\Malwarebytes
[2011/05/19 13:06:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/19 13:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2011/05/19 13:06:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/19 13:05:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/19 13:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/19 13:03:29 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Armand\Bureau\mbam-setup-1.50.1.1100.exe
[2011/05/19 13:00:43 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTL.exe
[2011/05/19 12:36:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Armand\Recent
[2011/05/19 12:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\Cinema
[2011/05/15 16:11:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\Jack Bruce_1970 - Things We Like & McLaughlin
[2011/05/13 16:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Bureau\Johnny Griffin - 1957 - A Blowin´ Session (& Art Blakey)
[2011/05/13 14:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\Avira
[2011/05/13 14:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Avira
[2011/05/13 14:01:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/05/13 14:01:55 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/13 14:01:55 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/05/13 14:01:55 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/05/13 14:01:55 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/05/13 14:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/13 14:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/05/03 14:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Menu Démarrer\Programmes\FoxTab Audio Converter
[2011/05/03 14:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabAudioConverter
[2011/04/30 14:33:57 | 000,000,000 | ---D | C] -- C:\v2d
[2011/04/30 14:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Total Video2Dvd
[2011/04/30 14:02:06 | 001,343,488 | ---- | C] (MultiMedia Soft) -- C:\WINDOWS\System32\AdjMmsEng.dll
[2011/04/30 14:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pianosoft
[2011/04/30 13:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\NewLive All Audio To Mp3 Converter
[2011/04/26 20:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\VideoLAN
[2011/04/24 21:20:23 | 000,000,000 | ---D | C] -- C:\Nouveau dossier
[2011/04/20 18:53:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2011/04/20 18:49:57 | 000,944,232 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvdispco3220140.dll
[2011/04/20 18:49:57 | 000,855,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvgenco322060.dll
[2011/04/19 14:06:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\CDex
[2011/04/19 14:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\CDex
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/19 13:47:36 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/05/19 13:26:15 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Armand\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2011/05/19 13:26:02 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\NTREGOPT.lnk
[2011/05/19 13:26:02 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\ERUNT.lnk
[2011/05/19 13:20:15 | 000,005,024 | ---- | M] () -- C:\Program Files\erunt-loc_fr.zip
[2011/05/19 13:19:42 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Program Files\erunt-setup.exe
[2011/05/19 13:09:00 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/19 13:06:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/05/19 13:03:42 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Armand\Bureau\mbam-setup-1.50.1.1100.exe
[2011/05/19 13:00:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTL.exe
[2011/05/19 11:21:07 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/19 11:19:58 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/19 11:19:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/14 13:41:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/05/14 13:16:23 | 000,237,568 | ---- | M] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/13 14:02:09 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2011/05/13 13:46:06 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/12 22:35:54 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
[2011/05/10 10:23:26 | 000,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/03 14:55:19 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\FoxTab Audio Converter.lnk
[2011/04/30 14:39:58 | 000,000,028 | ---- | M] () -- C:\WINDOWS\v2d.INI
[2011/04/30 12:56:06 | 005,653,224 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/04/26 20:44:42 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2011/04/20 19:03:15 | 000,260,448 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/04/20 19:03:15 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/04/20 19:03:14 | 000,260,440 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/19 13:47:36 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/05/19 13:26:15 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Armand\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2011/05/19 13:26:02 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\NTREGOPT.lnk
[2011/05/19 13:26:02 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\ERUNT.lnk
[2011/05/19 13:24:39 | 000,004,613 | ---- | C] () -- C:\Program Files\ERUNT.LOC
[2011/05/19 13:24:39 | 000,003,491 | ---- | C] () -- C:\Program Files\ERDNTWIN.LOC
[2011/05/19 13:24:39 | 000,003,042 | ---- | C] () -- C:\Program Files\ERDNTDOS.LOC
[2011/05/19 13:24:39 | 000,002,035 | ---- | C] () -- C:\Program Files\NTREGOPT.LOC
[2011/05/19 13:20:15 | 000,005,024 | ---- | C] () -- C:\Program Files\erunt-loc_fr.zip
[2011/05/19 13:06:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/05/13 14:02:09 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2011/05/08 15:18:28 | 000,002,585 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Microsoft Office Word Viewer 2003.lnk
[2011/05/03 14:55:19 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\FoxTab Audio Converter.lnk
[2011/04/30 14:38:07 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2011/04/30 14:02:07 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\Faac.exe
[2011/04/30 14:02:06 | 000,098,708 | ---- | C] () -- C:\WINDOWS\System32\activesoundeditor.tlb
[2011/04/26 20:44:42 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2011/04/20 18:49:57 | 000,003,629 | ---- | C] () -- C:\WINDOWS\System32\nvinfo.pb
[2011/02/26 20:37:41 | 000,000,094 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/02/23 01:48:45 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/02/23 01:48:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/02/23 01:48:41 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/04 12:04:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/04 03:38:14 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/01/04 00:55:39 | 000,260,448 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/04 00:55:30 | 000,260,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/04 00:55:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/06 22:47:32 | 000,027,223 | ---- | C] () -- C:\Documents and Settings\Armand\Application Data\Carnet d'adresses personnel.ADR
[2010/07/10 06:38:00 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/10/05 21:47:38 | 000,014,048 | ---- | C] () -- C:\WINDOWS\System32\SMOOTH16.DLL
[2009/10/05 21:47:38 | 000,009,984 | ---- | C] () -- C:\WINDOWS\System32\BTDESIGN.DLL
[2009/10/05 21:24:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DXFIN.DLL
[2009/10/05 20:52:58 | 000,254,976 | ---- | C] () -- C:\WINDOWS\System32\SMSEQ.DLL
[2009/10/05 20:52:58 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SMOOTHS.DLL
[2009/10/05 20:52:58 | 000,010,720 | ---- | C] () -- C:\WINDOWS\System32\SCRLIB.DLL
[2009/07/14 21:12:04 | 000,420,640 | ---- | C] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\isusw_nav.dat
[2009/07/14 21:12:04 | 000,003,444 | ---- | C] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\isusw.dat
[2009/07/14 21:12:04 | 000,001,409 | ---- | C] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\isusw_navps.dat
[2009/03/31 12:27:51 | 000,352,754 | ---- | C] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\egyko_nav.dat
[2009/03/31 12:27:17 | 000,002,956 | ---- | C] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\egyko.dat
[2009/03/31 12:27:17 | 000,000,451 | ---- | C] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\egyko_navps.dat
[2008/10/10 17:04:19 | 000,280,584 | ---- | C] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\mkuqkik_nav.dat
[2008/10/10 17:04:19 | 000,006,879 | ---- | C] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\mkuqkik.dat
[2008/10/10 17:04:19 | 000,000,568 | ---- | C] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\mkuqkik_navps.dat
[2008/02/24 21:06:28 | 005,653,224 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2007/09/24 19:46:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2007/07/31 18:06:45 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2007/07/17 22:17:24 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\fusioncache.dat
[2007/04/15 20:35:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/04/14 12:30:51 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2007/04/08 18:18:50 | 000,000,190 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/12/18 09:24:08 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-Ogg Vorbis aoTuV b4 SSE2.dat
[2006/06/09 17:39:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2006/03/18 01:43:52 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\nLame.dll
[2006/03/13 22:31:00 | 000,000,653 | ---- | C] () -- C:\WINDOWS\dicobat.ini
[2006/01/11 22:02:00 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/12/09 19:59:01 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2005/12/09 19:58:38 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2005/11/20 02:19:07 | 000,000,418 | ---- | C] () -- C:\WINDOWS\SOLITUDE.INI
[2005/11/12 19:18:27 | 000,237,568 | ---- | C] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/09 22:18:31 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005/11/07 18:47:14 | 000,000,497 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/06 01:34:50 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe
[2005/11/05 14:52:46 | 000,061,677 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2005/11/05 12:51:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/04 04:07:26 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI
[2005/11/04 04:07:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\LXBLSET.EXE
[2005/11/04 04:07:22 | 000,004,608 | ---- | C] () -- C:\WINDOWS\DelShell.exe
[2005/11/04 04:05:49 | 000,000,588 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/11/02 02:11:56 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/02 02:10:42 | 000,169,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/02 01:55:57 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2005/11/02 01:42:31 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2005/11/02 01:42:31 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2005/11/02 01:42:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ATKCheckDispIDs.dll
[2005/11/02 01:37:43 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/02 01:37:43 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/11/02 01:30:03 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2005/11/02 01:25:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/11/02 01:20:36 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/02/24 01:32:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2004/08/05 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/05 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/05 14:00:00 | 000,510,752 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2004/08/05 14:00:00 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/05 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2004/08/05 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/05 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/05 14:00:00 | 000,084,954 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2004/08/05 14:00:00 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/05 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/05 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2004/08/05 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/05 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/05 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/05 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/05 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/07/19 18:48:22 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\OggEnc.exe
[2002/03/26 10:19:42 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll
[1997/06/14 12:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1996/04/17 11:48:40 | 000,000,250 | ---- | C] () -- C:\WINDOWS\System32\3dr.ini

========== LOP Check ==========

[2009/01/26 20:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2011/01/03 20:39:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/04 00:59:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2011/01/03 21:59:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/01/04 00:59:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2011/01/03 20:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2011/01/04 12:03:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2011/01/04 12:24:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/01/03 20:53:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2011/01/03 20:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2011/01/04 10:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2011/01/04 01:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverBoost
[2007/07/15 21:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/03/09 16:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2011/04/30 14:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pianosoft
[2011/04/29 11:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skyline
[2009/01/22 19:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/06 13:28:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2011/01/04 13:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\Canon
[2011/01/03 21:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\Canon Easy-WebPrint EX
[2011/02/24 17:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\CD-LabelPrint
[2008/02/24 21:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\dBpoweramp
[2011/01/04 00:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\ElevatedDiagnostics
[2009/01/07 21:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\EoRezo
[2007/04/20 23:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\MSNInstaller
[2006/01/25 22:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\SpamBlocker
[2006/02/20 20:40:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\SpamBlockerUtility
[2010/02/06 13:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\Uniblue
[2008/09/08 22:00:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Invité\Application Data\Grisoft
[2011/05/14 13:41:00 | 000,000,492 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/10/03 12:39:35 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/10/03 12:39:35 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/05 14:00:00 | 018,779,217 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/10/03 12:39:35 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/10/03 12:39:35 | 023,892,017 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/05 14:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys

< MD5 for: CTFMON.EXE >
[2004/08/05 14:00:00 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=5584247B568C2E53934873F4B655FE6A -- C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
[2008/04/14 04:33:59 | 000,015,360 | ---- | M] (Microsoft Corporation) MD5=59DC5BB82E4C8E0B3EADCFDBC44BA6E4 -- C:\WINDOWS\system32\ctfmon.exe

< MD5 for: EVENTLOG.DLL >
[2004/08/05 14:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=21E83876A6287F15538EF187D286FE11 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 04:33:24 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: EXPLORER.EXE >
[2007/06/13 15:10:53 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=B795475444D6D57A572C14B9E1A29839 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 15:22:28 | 001,037,312 | ---- | M] (Microsoft Corporation) MD5=D0288319660EDCFED07C7E74C4EA38A5 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\explorer.exe
[2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) MD5=F2317622D29F9FF0F88AEECD5F60F0DD -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe

< MD5 for: NETLOGON.DLL >
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 04:33:34 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/05 14:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=FAF07FDCDE76000621A28D19F8E2E8EB -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2004/12/07 10:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) MD5=E4F1F95A6BBBFBBFF9A713C6063AA2CB -- C:\WINDOWS\system32\drivers\nvatabus.sys
[2004/12/07 10:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) MD5=E4F1F95A6BBBFBBFF9A713C6063AA2CB -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\nvatabus.sys
[2004/12/07 10:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) MD5=E4F1F95A6BBBFBBFF9A713C6063AA2CB -- C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\nvatabus.sys

< MD5 for: NVGTS.SYS >
[2008/11/12 18:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=75E2E77C5497F34E60491D27BF03F1CB -- C:\NVIDIA\nForceWinXPInt\20.14\IDE\WinXP\sata_ide\nvgts.sys
[2008/11/12 18:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=75E2E77C5497F34E60491D27BF03F1CB -- C:\WINDOWS\system32\drivers\nvgts.sys
[2008/11/12 18:59:06 | 000,145,952 | ---- | M] (NVIDIA Corporation) MD5=8EB82606FCD8C5D039ADA33BD46FE7F8 -- C:\NVIDIA\nForceWinXPInt\20.14\IDE\WinXP\sataraid\nvgts.sys

< MD5 for: NVRD32.SYS >
[2008/11/12 18:59:08 | 000,133,152 | ---- | M] (NVIDIA Corporation) MD5=6B1B4E25277A99A6B515CF124D6060E0 -- C:\NVIDIA\nForceWinXPInt\20.14\IDE\WinXP\sataraid\nvrd32.sys

< MD5 for: SCECLI.DLL >
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 04:33:40 | 000,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll
[2004/08/05 14:00:00 | 000,186,368 | ---- | M] (Microsoft Corporation) MD5=DEC0397F35D027874804EC72979D03CC -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

< MD5 for: USERINIT.EXE >
[2004/08/05 14:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D6D65EA32B190401B57EDB6706F29669 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 04:34:26 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=E74DDB12188C2FF57A78624DBF7332FC -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/05 14:00:00 | 000,506,368 | ---- | M] (Microsoft Corporation) MD5=D2DE785AEAB0BB8CA4C14A8A199DBE4E -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 04:34:28 | 000,512,000 | ---- | M] (Microsoft Corporation) MD5=DD73D6B9F6B4CB630CF35B438B540174 -- C:\WINDOWS\system32\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/14 04:33:21 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll
[4 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


Merci encore
mortar
 
Messages: 18
Inscription: 19 Mai 2011, 13:09

Re: description détaillée des symptômes d'infection

Messagede mortar » 19 Mai 2011, 13:41

Bonjour(re)
suite du rapport:

OTL Extras logfile created on: 19/05/11 13:46:50 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Armand\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yy

1 023,00 Mb Total Physical Memory | 551,00 Mb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189,91 Gb Total Space | 74,62 Gb Free Space | 39,29% Space Free | Partition Type: NTFS

Computer Name: MORTIER | User Name: Armand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"18775:TCP" = 18775:TCP:*:Disabled:BitComet 18775 TCP
"18775:UDP" = 18775:UDP:*:Disabled:BitComet 18775 UDP
"4662:TCP" = 4662:TCP:*:Disabled:127.0.0.1
"4672:UDP" = 4672:UDP:*:Disabled:127.0.0.1
"48113:TCP" = 48113:TCP:LocalSubNet:Enabled:maconfig_tcp
"48113:UDP" = 48113:UDP:LocalSubNet:Enabled:maconfig_udp

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.5

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.EXE" = C:\Program Files\Microsoft Games\Age of Empires II\EMPIRES2.EXE:*:Disabled:Age of Empires II
"C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe" = C:\Program Files\Microsoft Games\Age of Empires II\age2_x1\age2_x1.exe:*:Disabled:Age of Empires II Expansion
"C:\Program Files\BitComet\BitComet.exe" = C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client
"C:\Program Files\Zapu\Zapu\wDivi.exe" = C:\Program Files\Zapu\Zapu\wDivi.exe:*:Disabled:Zapu Control -- (IPortent)
"C:\Program Files\Microsoft Games\Age of Empires\Empires.exe" = C:\Program Files\Microsoft Games\Age of Empires\Empires.exe:*:Disabled:Age of Empires
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Disabled:eMule
"C:\WINDOWS\system32\LEXPPS.EXE" = C:\WINDOWS\system32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE
"C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe" = C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe:*:Disabled:Media Player Classic
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Disabled:MSN Messenger 7.5
"C:\Documents and Settings\Armand\Local Settings\Temp\WZSE0.TMP\SymNRT.exe" = C:\Documents and Settings\Armand\Local Settings\Temp\WZSE0.TMP\SymNRT.exe:*:Disabled:Norton Removal Tool
"C:\Program Files\Winamp Remote\bin\Orb.exe" = C:\Program Files\Winamp Remote\bin\Orb.exe:*:Disabled:Orb
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe" = C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Disabled:Orb Stream Client
"C:\Program Files\Winamp Remote\bin\OrbTray.exe" = C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Disabled:OrbTray
"C:\Program Files\ma-config.com\maconfservice.exe" = C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice -- (CybelSoft)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)
"C:\Documents and Settings\Armand\Mes documents\Downloads\MusicConverterSetup.exe" = C:\Documents and Settings\Armand\Mes documents\Downloads\MusicConverterSetup.exe:*:Enabled:InstallCore™


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5200_series" = Canon MG5200 series MP Drivers
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Multimedia Launcher
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24
"{315ACD04-BCEB-478B-9B1D-5431D0E6CB11}" = ASUS Enhanced Display Driver
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6901DD22-527A-41EF-9059-E81FEDE9E494}" = Windows Presentation Foundation Language Pack (FRA)
"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA
"{81E95872-8357-4363-A764-8F98B28340C5}" = Ma-Config.com
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{9011040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{9030040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{9085040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A394342-4A68-4EBA-85A6-55B559F4E700}" = Microsoft .NET Framework 1.1 French Language Pack
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A90000000001}" = Adobe Reader 9 - Français
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panneau de configuration NVIDIA 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Pilote graphique 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Mises à jour NVIDIA 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B97CF5C3-0487-11D8-A36E-0050BAE317E1}" = DVD Solution
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3C080B0-23F5-49AF-89F8-8E8DBC89E659}" = Microsoft .NET Framework 3.0 French Language Pack
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 3.13
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agnitum Outpost Firewall Pro_is1" = Outpost Firewall Pro 7.1
"Atlas mondial Encarta 2.0" = Atlas Mondial Microsoft Encarta
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CCleaner" = CCleaner
"CDex" = CDex - Open Source Digital Audio CD Extractor
"CSCLIB" = Canon Camera Support Core Library
"Dicobat version 1.1" = Dicobat version 1.1
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Enregistrement utilisateur de Canon MG5200 series" = Enregistrement utilisateur de Canon MG5200 series
"EOS Utility" = Canon Utilities EOS Utility
"ERUNT_is1" = ERUNT 1.1j
"Full Pack" = Full Pack Codecs
"Google Chrome" = Google Chrome
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InCD!UninstallKey" = InCD
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.9.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.0 French Language Pack" = Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Nero OEM
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"QuicktimeAlt_is1" = QuickTime Alternative 2.7.0
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealAlt_is1" = Real Alternative 1.9.0
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Solitude for Windows" = Solitude for Windows
"Stellarium_is1" = Stellarium 0.8.2
"VLC media player" = VLC media player 1.1.9
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Lecteur Windows Media 11
"Windows XP Service" = Windows XP Service Pack 3
"WinRAR archiver" = Archiveur WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Z0 - Music Converter" = FoxTab Music Converter (remove only)
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-790525478-527237240-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Détection de l'application Winamp

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/04/11 12:47:48 | Computer Name = MORTIER | Source = .NET Runtime Optimization Service | ID = 1101
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Failed to compile: C:\Program Files\DriverBoost\DriverBoost\DriverBoost.exe .
Error code = 0x80131047

Error - 19/04/11 08:15:39 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée CDex.exe, version 1.7.0.4, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 22/04/11 06:36:54 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée chrome.exe, version 0.0.0.0, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 24/04/11 06:08:06 | Computer Name = MORTIER | Source = VSS | ID = 5013
Description = Erreur du service de cliché instantané des volumes : l'enregistreur
de cliché instantané RemovableStorageManager a appelé la routine OpenNtmsSessionW
qui a échoué avec le statut 0x800708ca (converti en 0x800423f4).

Error - 30/04/11 08:35:47 | Computer Name = MORTIER | Source = Application Error | ID = 1000
Description = Application défaillante v2d.exe, version 3.3.0.226, module défaillant
ntdll.dll, version 5.1.2600.6055, adresse de défaillance 0x00019af2.

Error - 02/05/11 06:45:55 | Computer Name = MORTIER | Source = Application Error | ID = 1000
Description = Application défaillante cdex.exe, version 1.7.0.4, module défaillant
cdex.exe, version 1.7.0.4, adresse de défaillance 0x000f3670.

Error - 02/05/11 06:51:55 | Computer Name = MORTIER | Source = Application Error | ID = 1000
Description = Application défaillante cdex.exe, version 1.7.0.4, module défaillant
unknown, version 0.0.0.0, adresse de défaillance 0x00000000.

Error - 06/05/11 06:06:49 | Computer Name = MORTIER | Source = VSS | ID = 5013
Description = Erreur du service de cliché instantané des volumes : l'enregistreur
de cliché instantané RemovableStorageManager a appelé la routine OpenNtmsSessionW
qui a échoué avec le statut 0x800708ca (converti en 0x800423f4).

Error - 10/05/11 06:08:10 | Computer Name = MORTIER | Source = VSS | ID = 5013
Description = Erreur du service de cliché instantané des volumes : l'enregistreur
de cliché instantané RemovableStorageManager a appelé la routine OpenNtmsSessionW
qui a échoué avec le statut 0x800708ca (converti en 0x800423f4).

Error - 13/05/11 08:08:32 | Computer Name = MORTIER | Source = Application Hang | ID = 1002
Description = Application bloquée notepad.exe, version 5.1.2600.5512, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

[ System Events ]
Error - 14/05/11 07:13:24 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 14/05/11 13:27:43 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 15/05/11 05:00:37 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 16/05/11 03:08:34 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 17/05/11 03:01:38 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 17/05/11 09:24:14 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 17/05/11 11:16:58 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 18/05/11 12:06:54 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 19/05/11 03:22:35 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd

Error - 19/05/11 05:20:31 | Computer Name = MORTIER | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : Lbd


< End of report >

Merci encore et encore
mortar
 
Messages: 18
Inscription: 19 Mai 2011, 13:09

Re: description détaillée des symptômes d'infection

Messagede mortar » 20 Mai 2011, 21:40

Bonjour, en demandant une aide pour la lecture des logs j'ai oublié d'identifier le matériel :oops: j'espère que c'est suffisant pour l'investigation
Merci

Date de la détection 09/03/2011 15:30

Nom de la machine

Modules
Système d'exploitation Windows XP Edition familliale (build 2600) Service Pack 3
Navigateur web par défaut:
Client e-mail par défaut: Microsoft Outlook
Client de groupes de discussions par défaut: Microsoft Outlook
Antivirus: AntiVir Desktop 10.0.1.56
Pare-feu:Outpost Firewall Pro 7.1

Carte mère SMBios version 2.3
MICRO-STAR INTERNATIONAL CO., LTD MS-7125 1.0
Bios: Phoenix Technologies, LTD 6.00 PG 06/23/2005 taille: 512Kb

Chipset Northbridge: NVIDIA nForce4
Southbridge: NVIDIA nForce4 MCP

Processeur AMD Athlon 64 3200+ Venice Socket 939 (@90 nm) 2000 Mhz ( L1I: 64 Ko, L1D: 64 Ko, L2: 512 Ko )

Mémoire Mémoire physique totale: 1024 Mo, Type: DDR, @167.5MHz, 2.5-3-3-7-2T
DDR CEON5125340 512 Mo PC3200 (200 Mhz) (2.5-3-3-8)
DDR CEON5125340 512 Mo PC3200 (200 Mhz) (2.5-3-3-8)

Carte Graphique NVIDIA GeForce 6600 (NV43,,128 Mo)

Périphériques IDE Maxtor 6L200M0 BANC1G10 (SATA, 189.92 Go, tampon: 8 Mo)

Lecteurs CD/DVD HL-DT-STDVDRAM GSA-4165BDL05 (DVD-RAM Recorder)
HL-DT-STDVD-ROM DH16NS100L04 (DVD-ROM)

Disque dur Maxtor 6 L200M0 SCSI Disk Device

Cartes PCI/AGP Stockage
nVidia Corporation:CK804 IDE:
nVidia Corporation:CK804 Serial ATA Controller:
nVidia Corporation:CK804 Serial ATA Controller:

Affichage
nVidia Corporation:NV43 [GeForce 6600]:

Multimedia
nVidia Corporation:CK804 AC97 Audio Controller:

Mémoires
nVidia Corporation:CK804 Memory Controller:

Ponts
nVidia Corporation:CK804 ISA Bridge:
nVidia Corporation:CK804 PCI Bridge
nVidia Corporation:CK804 Ethernet Controller:
nVidia Corporation:CK804 PCIE Bridge
nVidia Corporation:CK804 PCIE Bridge
nVidia Corporation:CK804 PCIE Bridge
nVidia Corporation:CK804 PCIE Bridge
Advanced Micro Devices [AMD]:K8 [Athlon64/Opteron] HyperTransport Technology Configuration
Advanced Micro Devices [AMD]:K8 [Athlon64/Opteron] Address Map
Advanced Micro Devices [AMD]:K8 [Athlon64/Opteron] DRAM Controller
Advanced Micro Devices [AMD]:K8 [Athlon64/Opteron] Miscellaneous Control

Bus Series
nVidia Corporation:CK804 SMBus:
nVidia Corporation:CK804 USB Controller:
nVidia Corporation:CK804 USB Controller:

Clavier Clavier standard 101/102 touches ou clavier Microsoft Natural Keyboard PS/2

Souris Souris compatible PS/2

Ecran(s) Écran Plug-and-Play(LG Electronics Inc. (GoldStar Technology, Inc.) L1730S)
mortar
 
Messages: 18
Inscription: 19 Mai 2011, 13:09

Re: description détaillée des symptômes d'infection

Messagede nickW » 21 Mai 2011, 22:37

Bonsoir,

Malgré le titre de ton sujet, je ne vois strictement aucune description des symptômes d'infection! :twisted:


Premiers nettoyages:


Étape 1: rkill (de Grinler), téléchargement
Remarque importante:
rkill est parfois, à tort, détecté comme nuisible. Si nécessaire, désactiver l'antivirus lors de son téléchargement.

Télécharger rkill via un clic droit suivi de Enregistrer la cible du lien sous ... depuis l'un des liens ci-dessous:

Lien 1
Lien 2
Lien 3

Enregistrer le fichier sur le Bureau.


Étape 2: Navilog1 (de IL-MAFIOSO)
Télécharger Navilog1 par un clic droit sur le lien ci-dessous:
http://pagesperso-orange.fr/il.mafioso/ ... vilog1.exe
Enregistrer le fichier sur le Bureau.

Fermer toutes les applications actives (comme traitement de texte, navigateur).
Faire un double clic sur le fichier Navilog1.exe présent sur le Bureau.

Suivre les indications affichées.
Sur le menu principal, choisir l'option 1 et valider.
(ne pas choisir l'option 2 sans mon avis/accord)

L'outil peut annoncer qu'il va effectuer un redémarrage du PC: Appuyer sur une touche comme demandé.
Si le PC ne redémarre pas automatiquement, lancer manuellement le redémarrage, en choisissant la session habituelle.

Attendre jusqu'au message :
*** Scan Termine le ..... ***
Appuyer sur une touche comme demandé, le Bloc-notes va s'ouvrir.
Note: Dans le Bloc-notes, vérifier dans le menu Format (en haut) que l'option "Retour automatique à la ligne" n'est pas cochée.
Enregistrer ce fichier sous le nom navi1-110521.txt
Fermer le Bloc-notes.


Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
Image Avira Antivir: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"


Étape 4: rkill (de Grinler), exécution
Faire un double clic sur le fichier rkill téléchargé pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
En fin d'exécution, enregistrer le fichier rkill.log

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des trois liens ci-dessus (Étape 2) et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les trois liens ci-dessus ne semble fonctionner, télécharger une version renommée de rkill depuis iExplore.exe ou eXplorer.exe et essayer de le lancer.

Si aucun des cinq outils téléchargés ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

Ne pas faire redémarrer le PC.


Étape 5: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher, comme ceci:

Image

Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats":
Image


Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection": Image

Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 6: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 7: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 8: Résultats
Envoyer en réponse:
*- le rapport de Navilog1, Option 1 (contenu du fichier navi1-110521.txt)
*- le rapport de rkill (contenu du fichier rkill.log situé dans le dossier %SystemDrive%\)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-****-**-** (**-**-**).txt situé dans le dossier %SystemDrive%\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs où ****-** (**-**-**) représente la date [année-mois-jour] et l'heure [hh-mn-ss])
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: description détaillée des symptômes d'infection

Messagede mortar » 22 Mai 2011, 10:41

Bonjour Nick, en symptômes d'infection : une souris "folle" qui se déplace à son gré et qui n'est pas toujours contrôlable... à 100%, le pc reste souvent bloqué avec internet, Avira ne réussi plus les m.à.j. "une erreur est survenue lors du téléchargement du fichier" j'ai désinstallé et réinstallé une nouvelle version de l'antivirus le problème s'est résolu puis est réapparu? :evil: avec alerte de sécurité de Window "antivirus périmé" et souvent une alerte Avira "autorun bloqué"
Actuellement la souris ne se positionne pas toujours où je veux!
voici les rapports demandés:

navi1-110521
Fix Navipromo version 4.1.0 commencé le 22/05/11 10:18:38,26

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\navilog1

Mise à jour le 20.04.2011 à 09h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Athlon(tm) 64 Processor 3200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Armand ( Not Administrator ! )
BOOT : Normal boot

Antivirus : AntiVir Desktop 10.0.1.56 (Activated)
Firewall : Outpost Firewall Pro 7.1 (Activated)

A:\ (USB)
C:\ (Local Disk) - NTFS - Total:189 Go (Free:77 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur


C:\WINDOWS\pack.epk supprimé !
c:\docume~1\armand\locals~1\applic~1\egyko.dat supprimé !
c:\docume~1\armand\locals~1\applic~1\egyko_nav.dat supprimé !
c:\docume~1\armand\locals~1\applic~1\egyko_navps.dat supprimé !
c:\docume~1\armand\locals~1\applic~1\isusw.dat supprimé !
c:\docume~1\armand\locals~1\applic~1\isusw_nav.dat supprimé !
c:\docume~1\armand\locals~1\applic~1\isusw_navps.dat supprimé !
c:\docume~1\armand\locals~1\applic~1\mkuqkik.dat supprimé !
c:\docume~1\armand\locals~1\applic~1\mkuqkik_nav.dat supprimé !
c:\docume~1\armand\locals~1\applic~1\mkuqkik_navps.dat supprimé !


Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Armand\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !


*** Scan terminé 22/05/11 10:22:51,59 ***

________________________________________________________________________________________________________________________________________________________
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 22/05/11 at 10:26:36.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

C:\WINDOWS\system32\wuauclt.exe


Rkill completed on 22/05/11 at 10:26:56.
_____________________________________________________________________________________________________________________________________________________

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Version de la base de données: 6639

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

22/05/11 10:35:05
mbam-log-2011-05-22 (10-35-05).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 177613
Temps écoulé: 3 minute(s), 52 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 9
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{09F1ADAC-76D8-4D0F-99A5-5C907DADB988} (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31A59636-0FA3-4A56-954D-DB7AD02840D8} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FA917B9-DF69-477F-9E4F-B60D929DE79F} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD31ED6-7C94-4BBC-8E95-F927F4D3A949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C875948-9C60-4381-9248-0DF180542D53} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{99410CDE-6F16-42CE-9D49-3807F78F0287} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} (Rogue.WinAntiVirus) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DECEAAA2-370A-49BB-9362-68C3A58DDC62} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F919FBD3-A96B-4679-AF26-F551439BB5FD} (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ZangoToolbar 4.8.3 (Adware.Zango) -> Value: ZangoToolbar 4.8.3 -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
c:\documents and settings\Armand\application data\spamblocker (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\Armand\application data\spamblockerutility (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\Armand\application data\spamblockerutility\v3.0 (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\Armand\application data\spamblockerutility\v3.0\spamblockerutility (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\Armand\application data\spamblockerutility\v3.0\spamblockerutility\static (Adware.Hotbar) -> Quarantined and deleted successfully.
c:\documents and settings\Armand\application data\spamblockerutility\v3.0\spamblockerutility\static\1 (Adware.Hotbar) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
c:\documents and settings\Armand\application data\spamblockerutility\v3.0\spamblockerutility\static\1\btntrans.idx (Adware.Hotbar) -> Quarantined and deleted successfully.

Bon j'espère que c'est OK j'ai un doute sur le log rkill

Merci
mortar
 
Messages: 18
Inscription: 19 Mai 2011, 13:09

Re: description détaillée des symptômes d'infection

Messagede mortar » 22 Mai 2011, 11:00

Bonjour(re) voici la suite:

OTL logfile created on: 22/05/11 10:47:30 - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Armand\Bureau
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yy

1 023,00 Mb Total Physical Memory | 549,00 Mb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 3072 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 189,91 Gb Total Space | 77,35 Gb Free Space | 40,73% Space Free | Partition Type: NTFS

Computer Name: MORTIER | User Name: Armand | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/19 13:00:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTL.exe
PRC - [2011/04/08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/03/22 20:37:06 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2011/02/04 12:08:57 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/02/04 12:08:48 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/02/04 12:08:48 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/10/29 15:49:28 | 000,249,064 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
PRC - [2010/04/02 11:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/24 19:50:00 | 002,516,296 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2010/01/14 21:11:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008/04/14 04:34:03 | 001,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/16 16:28:22 | 000,577,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\soundman.exe
PRC - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2005/06/10 18:19:38 | 000,869,888 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2005/06/10 16:20:06 | 001,397,760 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCD.exe
PRC - [2004/07/20 15:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) -- C:\WINDOWS\ATKKBService.exe


========== Modules (SafeList) ==========

MOD - [2011/05/19 13:00:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTL.exe
MOD - [2011/02/04 16:54:38 | 000,701,440 | ---- | M] (Agnitum Ltd.) -- c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll
MOD - [2010/08/23 18:12:39 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (Planificateur LiveUpdate automatique)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [On_Demand | Stopped] -- -- (Acsvcvcvnpq.50)
SRV - [2011/04/08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/02/04 17:30:04 | 002,040,144 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Firewall Pro\acs.exe -- (acssrv)
SRV - [2011/02/04 12:08:57 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/02/04 12:08:48 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/24 15:49:34 | 000,310,640 | ---- | M] (CybelSoft) [On_Demand | Stopped] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2006/03/30 09:15:44 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/06/10 18:19:38 | 000,869,888 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004/07/20 15:15:20 | 000,090,112 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- C:\WINDOWS\ATKKBService.exe -- (ATKKeyboardService)
SRV - [2003/07/28 20:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - [2011/02/04 12:09:08 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/02/04 12:09:08 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/02/02 16:52:40 | 000,710,824 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2011/02/02 16:51:26 | 000,072,352 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - [2010/09/27 16:40:28 | 000,267,624 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2010/08/30 12:19:54 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand | Stopped] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2010/06/17 14:28:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:52 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/04/20 16:05:16 | 000,034,280 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/11/12 18:58:38 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2008/09/24 11:40:22 | 004,122,368 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/08/01 12:36:26 | 000,022,016 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2008/08/01 12:36:20 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2008/04/13 20:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_51)
DRV - [2008/04/13 20:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 20:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/04/16 22:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2006/07/01 23:42:58 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/06/10 18:12:12 | 000,099,584 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2005/06/10 18:11:50 | 000,029,696 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2005/06/10 16:11:44 | 000,028,160 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/12/14 17:55:22 | 000,009,472 | R--- | M] (ASUSTeK Computer Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\EIO.sys -- (EIO)
DRV - [2004/12/07 10:15:54 | 000,087,936 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2004/08/05 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/05 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/07/20 15:19:16 | 000,020,096 | ---- | M] (ASUSTeK COMPUTER INC.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\atkkbnt.sys -- (asuskbnt)
DRV - [2003/12/05 11:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2001/08/17 23:04:48 | 000,171,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\camdrv30.sys -- (Camdrv30)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\Aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://portail.free.fr/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3


[2010/04/24 10:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Armand\Application Data\Mozilla\Firefox\Profiles\9l1fqquo.default\extensions
[2010/04/24 10:11:45 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Armand\Application Data\Mozilla\Firefox\Profiles\9l1fqquo.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}(2)
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\GOOGLE-CJK@PARTNERS.MOZILLA.COM
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG

O1 HOSTS File: ([2007/07/14 09:01:06 | 000,050,834 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 0.0.0.0 123spywar.com
O1 - Hosts: 0.0.0.0 www.123spywar.com
O1 - Hosts: 0.0.0.0 1clickspyclean.com
O1 - Hosts: 0.0.0.0 www.1clickspyclean.com
O1 - Hosts: 0.0.0.0 1clicksuite.net
O1 - Hosts: 0.0.0.0 www.1clicksuite.net
O1 - Hosts: 0.0.0.0 1spyware-removal.com
O1 - Hosts: 0.0.0.0 www.1spyware-removal.com
O1 - Hosts: 0.0.0.0 1spywarekiller.com
O1 - Hosts: 0.0.0.0 www.1spywarekiller.com
O1 - Hosts: 0.0.0.0 1stantivirus.com
O1 - Hosts: 0.0.0.0 www.1stantivirus.com
O1 - Hosts: 0.0.0.0 1stspywar.com
O1 - Hosts: 0.0.0.0 www.1stspywar.com
O1 - Hosts: 0.0.0.0 2-antispyware.com
O1 - Hosts: 0.0.0.0 www.2-antispyware.com
O1 - Hosts: 0.0.0.0 3bsoftware.com
O1 - Hosts: 0.0.0.0 www.3bsoftware.com
O1 - Hosts: 0.0.0.0 actualresearch.com
O1 - Hosts: 0.0.0.0 www.actualresearch.com
O1 - Hosts: 0.0.0.0 abletostop.com
O1 - Hosts: 0.0.0.0 www.abletostop.com
O1 - Hosts: 0.0.0.0 aboutblankremover.com
O1 - Hosts: 0.0.0.0 www.aboutblankremover.com
O1 - Hosts: 1735 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe (Nero AG)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Firewall Pro\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [NBJ] C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
O4 - HKCU..\Run: [PowerBar] File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] File not found
O4 - Startup: C:\Documents and Settings\Armand\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Réglage rapide de Outpost Firewall Pro - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll (Agnitum Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/ ... ontrol.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mvadvd.cab (Reg Error: Key error.)
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} http://www.ca.com/fr/securityadvisor/vi ... ebscan.cab (WScanCtl Class)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://www.ma-config.com/plugins/MaConfig_5_1_0_5.cab ("Ma-Config.com control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/sh ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Firewall Pro\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Armand/LOCALS~1/Temp/msohtml1/04/clip_image001.jpg
O24 - Desktop Components:1 () - file:///C:/DOCUME~1/Armand/LOCALS~1/Temp/msohtml1/10/clip_image002.jpg
O24 - Desktop Components:2 () - http://img111.imageshack.us/img111/764/ ... ansoa9.jpg
O24 - Desktop Components:3 (Ma page d'accueil) - About:Home
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2005/11/02 01:23:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/07/22 15:28:29 | 000,000,000 | ---D | M] - C:\autorun.inf -- [ NTFS ]
O33 - MountPoints2\{66b55dcc-28c0-11de-8f93-0016384f7675}\Shell\Auto\command - "" = AdobeR.exe e
O33 - MountPoints2\{66b55dcc-28c0-11de-8f93-0016384f7675}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/22 10:17:36 | 000,000,000 | ---D | C] -- C:\Navilog1
[2011/05/21 21:07:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Armand\Recent
[2011/05/19 13:26:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/19 13:25:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ERUNT
[2011/05/19 13:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/05/19 13:19:40 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Program Files\erunt-setup.exe
[2011/05/19 13:06:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\Malwarebytes
[2011/05/19 13:06:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/19 13:06:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Malwarebytes' Anti-Malware
[2011/05/19 13:06:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/19 13:05:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/19 13:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/19 13:03:29 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Armand\Bureau\mbam-setup-1.50.1.1100.exe
[2011/05/19 13:00:43 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTL.exe
[2011/05/13 14:04:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Application Data\Avira
[2011/05/13 14:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Avira
[2011/05/13 14:01:57 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/05/13 14:01:55 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/05/13 14:01:55 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/05/13 14:01:55 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/05/13 14:01:55 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/05/13 14:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/05/13 14:01:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/05/03 14:55:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Armand\Menu Démarrer\Programmes\FoxTab Audio Converter
[2011/05/03 14:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\FoxTabAudioConverter
[2011/04/30 14:33:57 | 000,000,000 | ---D | C] -- C:\v2d
[2011/04/30 14:33:29 | 000,000,000 | ---D | C] -- C:\Program Files\Total Video2Dvd
[2011/04/30 14:02:06 | 001,343,488 | ---- | C] (MultiMedia Soft) -- C:\WINDOWS\System32\AdjMmsEng.dll
[2011/04/30 14:01:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Pianosoft
[2011/04/30 13:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\NewLive All Audio To Mp3 Converter
[2011/04/26 20:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\VideoLAN
[2011/04/24 21:20:23 | 000,000,000 | ---D | C] -- C:\Nouveau dossier
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/22 10:39:21 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/22 10:38:17 | 000,001,052 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/22 10:38:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/22 10:11:40 | 000,231,562 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\Navilog1.exe
[2011/05/22 10:09:14 | 000,001,056 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/22 10:07:22 | 001,007,108 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\rkill.scr
[2011/05/21 17:19:36 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/20 20:01:30 | 000,242,688 | ---- | M] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/19 13:47:36 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011/05/19 13:26:15 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Armand\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2011/05/19 13:26:02 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\NTREGOPT.lnk
[2011/05/19 13:26:02 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\ERUNT.lnk
[2011/05/19 13:20:15 | 000,005,024 | ---- | M] () -- C:\Program Files\erunt-loc_fr.zip
[2011/05/19 13:19:42 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Program Files\erunt-setup.exe
[2011/05/19 13:06:05 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/05/19 13:03:42 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Armand\Bureau\mbam-setup-1.50.1.1100.exe
[2011/05/19 13:00:47 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Armand\Bureau\OTL.exe
[2011/05/13 14:02:09 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2011/05/12 22:35:54 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Chrome.lnk
[2011/05/10 10:23:26 | 000,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/03 14:55:19 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Armand\Bureau\FoxTab Audio Converter.lnk
[2011/04/30 14:39:58 | 000,000,028 | ---- | M] () -- C:\WINDOWS\v2d.INI
[2011/04/30 12:56:06 | 005,653,224 | ---- | M] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/04/26 20:44:42 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/22 10:11:47 | 000,231,562 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\Navilog1.exe
[2011/05/22 10:07:17 | 001,007,108 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\rkill.scr
[2011/05/19 13:47:36 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011/05/19 13:26:15 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Armand\Menu Démarrer\Programmes\Démarrage\ERUNT AutoBackup.lnk
[2011/05/19 13:26:02 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\NTREGOPT.lnk
[2011/05/19 13:26:02 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\ERUNT.lnk
[2011/05/19 13:24:39 | 000,004,613 | ---- | C] () -- C:\Program Files\ERUNT.LOC
[2011/05/19 13:24:39 | 000,003,491 | ---- | C] () -- C:\Program Files\ERDNTWIN.LOC
[2011/05/19 13:24:39 | 000,003,042 | ---- | C] () -- C:\Program Files\ERDNTDOS.LOC
[2011/05/19 13:24:39 | 000,002,035 | ---- | C] () -- C:\Program Files\NTREGOPT.LOC
[2011/05/19 13:20:15 | 000,005,024 | ---- | C] () -- C:\Program Files\erunt-loc_fr.zip
[2011/05/19 13:06:05 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2011/05/13 14:02:09 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Avira AntiVir Control Center.lnk
[2011/05/08 15:18:28 | 000,002,585 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Microsoft Office Word Viewer 2003.lnk
[2011/05/03 14:55:19 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Armand\Bureau\FoxTab Audio Converter.lnk
[2011/04/30 14:38:07 | 000,000,028 | ---- | C] () -- C:\WINDOWS\v2d.INI
[2011/04/30 14:02:07 | 000,076,800 | ---- | C] () -- C:\WINDOWS\System32\Faac.exe
[2011/04/30 14:02:06 | 000,098,708 | ---- | C] () -- C:\WINDOWS\System32\activesoundeditor.tlb
[2011/04/26 20:44:42 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\VLC media player.lnk
[2011/02/26 20:37:41 | 000,000,094 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/02/23 01:48:45 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/02/23 01:48:44 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/02/23 01:48:41 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/01/04 12:04:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/04 03:38:14 | 000,004,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/01/04 00:55:39 | 000,260,448 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/04 00:55:30 | 000,260,440 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/04 00:55:30 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/11/06 22:47:32 | 000,027,223 | ---- | C] () -- C:\Documents and Settings\Armand\Application Data\Carnet d'adresses personnel.ADR
[2010/07/10 06:38:00 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/10/05 21:47:38 | 000,014,048 | ---- | C] () -- C:\WINDOWS\System32\SMOOTH16.DLL
[2009/10/05 21:47:38 | 000,009,984 | ---- | C] () -- C:\WINDOWS\System32\BTDESIGN.DLL
[2009/10/05 21:24:47 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\DXFIN.DLL
[2009/10/05 20:52:58 | 000,254,976 | ---- | C] () -- C:\WINDOWS\System32\SMSEQ.DLL
[2009/10/05 20:52:58 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SMOOTHS.DLL
[2009/10/05 20:52:58 | 000,010,720 | ---- | C] () -- C:\WINDOWS\System32\SCRLIB.DLL
[2008/02/24 21:06:28 | 005,653,224 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2007/09/24 19:46:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2007/07/31 18:06:45 | 000,000,040 | ---- | C] () -- C:\WINDOWS\NAVIGMA.INI
[2007/07/17 22:17:24 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\fusioncache.dat
[2007/04/15 20:35:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/04/14 12:30:51 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2007/04/08 18:18:50 | 000,000,190 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2006/12/18 09:24:08 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-Ogg Vorbis aoTuV b4 SSE2.dat
[2006/06/09 17:39:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\lgfwup.ini
[2006/03/18 01:43:52 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\nLame.dll
[2006/03/13 22:31:00 | 000,000,653 | ---- | C] () -- C:\WINDOWS\dicobat.ini
[2006/01/11 22:02:00 | 000,000,112 | ---- | C] () -- C:\WINDOWS\ActiveSkin.INI
[2005/12/09 19:59:01 | 000,000,050 | ---- | C] () -- C:\WINDOWS\Winamp.ini
[2005/12/09 19:58:38 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2005/11/20 02:19:07 | 000,000,418 | ---- | C] () -- C:\WINDOWS\SOLITUDE.INI
[2005/11/12 19:18:27 | 000,242,688 | ---- | C] () -- C:\Documents and Settings\Armand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/11/09 22:18:31 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2005/11/07 18:47:14 | 000,000,497 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/11/06 01:34:50 | 000,145,408 | ---- | C] () -- C:\WINDOWS\System32\Lame.exe
[2005/11/05 14:52:46 | 000,061,677 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2005/11/05 12:51:27 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/11/04 04:07:26 | 000,000,022 | ---- | C] () -- C:\WINDOWS\FLASHKSK.INI
[2005/11/04 04:07:22 | 000,021,504 | ---- | C] () -- C:\WINDOWS\LXBLSET.EXE
[2005/11/04 04:07:22 | 000,004,608 | ---- | C] () -- C:\WINDOWS\DelShell.exe
[2005/11/04 04:05:49 | 000,000,588 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/11/02 02:11:56 | 000,004,205 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/11/02 02:10:42 | 000,169,096 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/11/02 01:55:57 | 000,040,960 | ---- | C] () -- C:\Program Files\Uninstall_CDS.exe
[2005/11/02 01:42:31 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\ATKOSDMini.DLL
[2005/11/02 01:42:31 | 000,000,018 | ---- | C] () -- C:\WINDOWS\System32\atkid.ini
[2005/11/02 01:42:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\ATKCheckDispIDs.dll
[2005/11/02 01:37:43 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/11/02 01:37:43 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/11/02 01:30:03 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\raidmgmt.ini
[2005/11/02 01:25:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/11/02 01:20:36 | 000,021,892 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/02/24 01:32:00 | 000,540,672 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2004/08/05 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/05 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/05 14:00:00 | 000,510,752 | ---- | C] () -- C:\WINDOWS\System32\perfh00C.dat
[2004/08/05 14:00:00 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/05 14:00:00 | 000,322,810 | ---- | C] () -- C:\WINDOWS\System32\perfi00C.dat
[2004/08/05 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/05 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/05 14:00:00 | 000,084,954 | ---- | C] () -- C:\WINDOWS\System32\perfc00C.dat
[2004/08/05 14:00:00 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/05 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/05 14:00:00 | 000,034,108 | ---- | C] () -- C:\WINDOWS\System32\perfd00C.dat
[2004/08/05 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/05 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/05 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/05 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/05 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002/07/19 18:48:22 | 000,157,696 | ---- | C] () -- C:\WINDOWS\System32\OggEnc.exe
[2002/03/26 10:19:42 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll
[1997/06/14 12:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[1996/04/17 11:48:40 | 000,000,250 | ---- | C] () -- C:\WINDOWS\System32\3dr.ini

========== LOP Check ==========

[2009/01/26 20:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2011/01/03 20:39:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/04 00:59:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2011/01/03 21:59:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/01/04 00:59:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2011/01/03 20:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2011/01/04 12:03:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMyPrinter
[2011/01/04 12:24:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/01/03 20:53:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJSolutionMenuEX
[2011/01/03 20:42:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2011/01/04 10:47:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Driver Mender
[2011/01/04 01:51:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverBoost
[2007/07/15 21:27:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/03/09 16:11:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2011/04/30 14:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pianosoft
[2011/04/29 11:15:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skyline
[2009/01/22 19:45:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/02/06 13:28:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{BC9FCCF7-E686-494B-8C9B-55C9A39A7CA9}
[2011/01/04 13:31:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\Canon
[2011/01/03 21:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\Canon Easy-WebPrint EX
[2011/02/24 17:16:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\CD-LabelPrint
[2008/02/24 21:24:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\dBpoweramp
[2011/01/04 00:10:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\ElevatedDiagnostics
[2009/01/07 21:20:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\EoRezo
[2007/04/20 23:03:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\MSNInstaller
[2010/02/06 13:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Armand\Application Data\Uniblue

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

la souris a l'air plus docile Avira refuse toujours les M.à.j. (il y a un log également je pourrai le poster si nécessaire) ou essayer un autre antivirus!?

Merci pour l'aide précieuse
mortar
 
Messages: 18
Inscription: 19 Mai 2011, 13:09

Re: description détaillée des symptômes d'infection

Messagede nickW » 23 Mai 2011, 00:39

Bonsoir,

1/ Peux-tu faire analyser le fichier C:\PhysicalMBR.bin ?

VirusTotal
Aller sur le site http://www.virustotal.com/ - Note: Javascript doit être activé ainsi que l'acceptation des cookies du site.

Dans l'onglet Upload a file, cliquer sur le bouton Parcourir
Dans la fenêtre "Envoi du fichier", naviguer jusqu'au dossier C:\, puis sélectionner le fichier PhysicalMBR.bin et cliquer sur le bouton Ouvrir

Cliquer sur Send file.

Le fichier est envoyé. Si Virustotal annonce que le fichier a déjà été analysé (affichage de: File already submitted), cliquer sur le bouton Reanalyse

Il est possible que l'analyse soit mise en file d'attente (affichage de: Current status: queued) (si de nombreuses demandes d'analyse sont en cours). Il faut dans ce cas patienter, sans Actualiser la page.

Laisser l'analyse se dérouler (affichage de: Current status: analysing).

Lorsque l'analyse est terminée (affichage de: Current status: finished), cliquer sur Image Compact

Il y a ouverture d'une nouvelle fenêtre du navigateur. Cliquer sur l'onglet BBCode.

Sélectionner toutes les lignes du tableau, faire un clic droit et choisir Copier.

Revenir sur le forum, dans ton sujet, cliquer sur le bouton Répondre, puis faire un clic droit dans la zone de saisie du message et choisir Coller.



2/ Utilisation de deux autres outils d'analyse:

Étape 1: Rootkit Unhooker (de DiabloNova), téléchargement
Télécharger Rootkit Unhooker depuis le lien ci-dessous:
http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE

Enregistrer ce fichier sur le Bureau.


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.


Étape 3: Rootkit Unhooker (de DiabloNova), exécution
Faire un double clic sur RKUnhookerLE.EXE pour lancer l'exécution de l'outil.

Cliquer sur l'onglet Report:
Image

Cliquer sur le bouton Scan:
Image

Cocher les cases Drivers et Stealth Code, et dé-cocher les autres, puis cliquer sur le bouton OK, comme ceci:
Image

Attendre la fin de l'analyse (les fichiers analysés sont affichés en bas sur la gauche de la fenêtre).
Lorsque le rapport est affiché (dans l'onglet Report), cliquer en haut sur le Menu File et choisir Save Report.
Enregistrer le rapport sur le Bureau sous le nom Report-RKU-110522.txt
Fermer RKU en cliquant sur le bouton Close, puis en confirmant en cliquant sur le bouton Oui (message Hmm, are you sure? :)).

Note - Cet avertissement peut parfois être affiché:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
Il faut l'ignorer en cliquant sur OK.


Étape 4: aswMBR (de gmer/avast), exécution
Faire un double clic sur aswMBR.exe pour lancer l'exécution de l'outil.

Cliquer sur le bouton Scan pour lancer l'analyse:
Image

Attendre l'affichage de la ligne Image

Cliquer sur le bouton Image et enregistrer le fichier sous le nom aswMBR-110522.txt sur le Bureau.


Étape 5: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus.


Étape 6: Résultats
Envoyer en réponse:
*- le rapport de Rootkit Unhooker (contenu du fichier Report-RKU-110522.txt situé sur le Bureau).
*- le rapport de aswMBR (contenu du fichier aswMBR-110522.txt situé sur le Bureau).

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: description détaillée des symptômes d'infection

Messagede mortar » 23 Mai 2011, 12:34

Bonjour,
voici la suite: la souris est maintenant contrôlable à 100%


RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xF57C3000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 12505088 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 270.61 )
0xF64E1000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 4124672 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xBD012000 C:\WINDOWS\System32\nv4_disp.dll 4112384 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 270.61 )
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2071424 bytes (Microsoft Corporation, Noyau et système NT)
0x804D7000 PnpManager 2071424 bytes
0x804D7000 RAW 2071424 bytes
0x804D7000 WMIxWDM 2071424 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Pilote Win32 multi-utilisateurs)
0xF63B0000 C:\WINDOWS\system32\DRIVERS\NVNRM.SYS 958464 bytes (NVIDIA Corporation, NVIDIA Network Resource Manager.)
0xEDC29000 C:\WINDOWS\system32\drivers\SandBox.sys 700416 bytes (Agnitum Ltd., Host Protection Component)
0xF71E6000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEC8C6000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF56C4000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEF50B000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB19EE000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBD3FE000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB1A6E000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF574A000 C:\WINDOWS\system32\drivers\afwcore.sys 262144 bytes (Agnitum Ltd., Agnitum Firewall Core Driver)
0xEF483000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)
0xF7357000 ACPI.sys 192512 bytes (Microsoft Corporation, Pilote ACPI pour NT)
0xB1AFF000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF71B9000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB1015000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEC936000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xEF4E3000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xEC440000 C:\WINDOWS\system32\DRIVERS\avipbb.sys 155648 bytes (Avira GmbH, Avira Driver for Security Enhancement)
0xEF43B000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB264A000 C:\WINDOWS\System32\Drivers\dump_nvgts.sys 151552 bytes
0xF72D4000 nvgts.sys 151552 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) Sata Performance Driver)
0xF64BD000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF68D0000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF649A000 C:\WINDOWS\system32\drivers\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xEF461000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806D1000 ACPI_HAL 131840 bytes
0x806D1000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF729C000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7327000 ftdisk.sys 126976 bytes (Microsoft Corporation, Pilote de disque à FT)
0xF719F000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xEF577000 C:\WINDOWS\System32\Drivers\InCDfs.SYS 102400 bytes (Nero AG, InCD File System Driver)
0xF730F000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xF72BC000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF7273000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF5733000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xF72F9000 nvatabus.sys 90112 bytes (NVIDIA Corporation, NVIDIA® nForce(TM) IDE Performance Driver)
0xB1B7C000 C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys 90112 bytes (Microsoft Corporation, NWLINK2 IPX Protocol Driver)
0xB1B92000 C:\WINDOWS\system32\DRIVERS\avgntflt.sys 86016 bytes (Avira GmbH, Avira Minifilter Driver)
0xB1540000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF578A000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Pilote de port parallèle)
0xF57AF000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEF564000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBD000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF728A000 sr.sys 73728 bytes (Microsoft Corporation, Pilote de filtre de système de fichiers pour la restauration du système)
0xF7346000 pci.sys 69632 bytes (Microsoft Corporation, Énumérateur Plug-and-Play PCI pour NT)
0xF5722000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF579E000 C:\WINDOWS\system32\DRIVERS\serial.sys 69632 bytes (Microsoft Corporation, Pilote de périphérique série)
0xF75A7000 C:\WINDOWS\system32\DRIVERS\AmdK8.sys 65536 bytes (Advanced Micro Devices, AMD Processor Driver)
0xEC726000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF75D7000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xECDCD000 C:\WINDOWS\system32\DRIVERS\nwlnknb.sys 65536 bytes (Microsoft Corporation, NWLINK2 IPX Netbios Protocol Driver)
0xF75B7000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF75E7000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Pilote de filtre audio Livre rouge)
0xB170E000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF6974000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7607000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 57344 bytes (Microsoft Corporation, Pilote de port i8042)
0xF4ABA000 C:\WINDOWS\system32\DRIVERS\NVENETFD.sys 57344 bytes (NVIDIA Corporation, NVIDIA Networking Function Driver.)
0xB2BA9000 C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys 57344 bytes (Microsoft Corporation, NWLINK2 SPX Protocol Driver)
0xF74A7000 VolSnap.sys 57344 bytes (Microsoft Corporation, Pilote de cliché instantané du volume)
0xF74C7000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF7627000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7647000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xECFF7000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, Pilote de cryptographie FIPS)
0xF75C7000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7497000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7637000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7487000 isapnp.sys 40960 bytes (Microsoft Corporation, Pilote de bus PNP ISA)
0xF7507000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF75F7000 C:\WINDOWS\system32\DRIVERS\nvnetbus.sys 40960 bytes (NVIDIA Corporation, NVIDIA Networking Bus Driver.)
0xF74D7000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xF7667000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF74B7000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF4283000 C:\WINDOWS\system32\drivers\ip6fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)
0xF7657000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF4273000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB15C5000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xEFC94000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF77E7000 C:\WINDOWS\System32\DRIVERS\InCDPass.sys 32768 bytes (Nero AG, Ahead RW Filter Driver)
0xF3709000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF77D7000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7807000 C:\WINDOWS\system32\DRIVERS\afw.sys 28672 bytes (Agnitum Ltd., Agnitum Firewall NDIS Driver)
0xF77EF000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xF77DF000 C:\WINDOWS\System32\Drivers\incdrm.SYS 28672 bytes (Nero AG, Ahead MRW Filter Driver)
0xF77FF000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Pilote de la classe Clavier)
0xF7707000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF77F7000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Pilote de la classe Souris)
0xF36E9000 C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 24576 bytes (Avira GmbH, AVIRA SnapShot Driver)
0xF41B8000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xEC9C9000 C:\WINDOWS\system32\drivers\atkkbnt.sys 20480 bytes (ASUSTeK COMPUTER INC., ASUS Help driver For Keyboard Service.)
0xF41F0000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xF41B0000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF770F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7817000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF781F000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF780F000 C:\WINDOWS\system32\drivers\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF77CF000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xEC9A1000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB1AF7000 C:\WINDOWS\System32\Drivers\Aspi32.SYS 16384 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xB36DC000 C:\WINDOWS\System32\Drivers\dump_diskdump.sys 16384 bytes
0xF791F000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xF56B0000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7913000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xF7897000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xB3231000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB1ADF000 C:\WINDOWS\system32\drivers\EIO.sys 12288 bytes (ASUSTeK Computer Inc., ASUS Kernel Mode Driver for NT )
0xF7933000 C:\WINDOWS\System32\Drivers\InCDrec.SYS 12288 bytes (Nero AG, InCD File System Recognizer)
0xF791B000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6FF8000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus(R) ASPI Shell)
0xF4DE9000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF700C000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xF79A1000 C:\Program Files\Avira\AntiVir Desktop\avgio.sys 8192 bytes (Avira GmbH, Avira AntiVir Support for Minifilter)
0xF7A1B000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A19000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7987000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7A1D000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7A21000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, Pilote parallèle VDM)
0xF7A1F000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF79C7000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF79D7000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7989000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7BB9000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7B7D000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7B3B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7A4F000 pciide.sys 4096 bytes (Microsoft Corporation, Pilote de bus générique PCI IDE)
==============================================
>Stealth
==============================================

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-23 13:16:55
-----------------------------
13:16:55.718 OS Version: Windows 5.1.2600 Service Pack 3
13:16:55.718 Number of processors: 1 586 0x2F00
13:16:55.718 ComputerName: MORTIER UserName: Armand
13:16:56.265 Initialize success
13:16:58.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port1Path0Target0Lun0
13:16:58.031 Disk 0 Vendor: Maxtor_6 BANC Size: 194481MB BusType: 3
13:16:58.031 Disk 0 MBR read successfully
13:16:58.031 Disk 0 MBR scan
13:16:58.031 Disk 0 unknown MBR code
13:16:58.031 Disk 0 scanning sectors +398267415
13:16:58.062 Disk 0 scanning C:\WINDOWS\system32\drivers
13:17:02.984 Service scanning
13:17:03.953 Disk 0 trace - called modules:
13:17:03.984 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys
13:17:03.984 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f51ab8]
13:17:03.984 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\00000078[0x86f44bb0]
13:17:03.984 5 ACPI.sys[f735d620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port1Path0Target0Lun0[0x86f83a38]
13:17:03.984 Scan finished successfully
13:18:08.546 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Armand\Bureau\MBR.dat"
13:18:08.546 The log file has been saved successfully to "C:\Documents and Settings\Armand\Bureau\aswMBR-110522.txt"

:mrgreen: je pense à une chose j'ai un disque dur externe, il faudrait peut être le scanner aussi!
Merci encore pour l'aide
mortar
 
Messages: 18
Inscription: 19 Mai 2011, 13:09

Re: description détaillée des symptômes d'infection

Messagede nickW » 26 Mai 2011, 00:00

Bonsoir,

Tu peux en effet analyser le disque dur externe en lançant un Examen complet avec Malwarebytes' Anti-Malware:
*- brancher le disque externe
*- lancer MBAM, faire une mise à jour puis choisir Examen complet
*- attendre patiemment (c'est assez long ... :wink:)




As-tu essayé de faire une mise à jour manuelle de Avira Antivir (clic droit sur l'icône dans la SysBarre - à coté de l'horloge)?

Quels sont les messages d'erreur?

As-tu vérifié que Outpost ne bloquait pas ces tentatives de mise à jour?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 35 invités