Assiste.Forums

Sécurité informatique et protection de la vie privée sur Internet

Vers le contenu

Demande d'aide suite a une infection

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée
Sujet verrouillé

Demande d'aide suite a une infection

Messagede Nils » 26 Avr 2012, 16:55

Bonjour,

J'ai constaté il y a quelques jours sur mon PC l'apparition de la "Searchqu toolbar" sous Firefox (réputée semble-t-il pour transmettre des malware ou virus), ainsi qu'un changement intempestif de la page d'accueil (du style qui revient a chaque lancement même si je remets Google en page d'accueil). J'ai lancé Internet Explorer et c’était la même chose. Mon antivirus n'a rien détecté. Spybot S&D a détecté des malware et s'en est chargé, mais la Searchqu toolbar était encore présente.
Dans un premier temps j'ai cherché comment supprimer moi-même cette toolbar. En m'appuyant sur les recommandations de la page http://deletemalware.blogspot.fr/2011/0%20...%20guide.html (en partie seulement, je n'ai pas téléchargé l'antimalware qu'ils proposent en raison d'avis négatifs trouvés sur internet, et toutes les manips ne fonctionnaient pas exactement comme indiqué), j'ai réussi a faire disparaitre les symptômes (la page d'accueil reste Google, et la Searchqu Toolbar a disparu).
Toutefois, je souhaiterais être certain qu'il ne demeure pas de virus ou malware sur le PC, et cela dépasse mes compétences.

Je vous remercie par avance pour votre aide précieuse.
Désolé pour les éventuels problèmes d'accents. J'écris sur un qwerty.

Ma configuration est la suivante
PC portable Lenovo
Intel Core i7 CPU L620 @ 2.00GHz
RAM : @..GB
System: Windows 7 Professionnal 32-bit
Antivirus : ESET Smart Security, ainsi qu'un antivirus chinois auquel je ne comprends rien mais que mon épouse souhaite absolument conserver...
Résident : Teatimer de Spybot Search&Destroy, et peut-être un résident de l'antivirus chinois

Rapport Malwarebytes (Note : j'ai pu désactiver l'antivirus ESET -partie, ainsi que le résident de Spybot S&D, mais pas l'antivirus chinois)
Malwarebytes Anti-Malware 1.61.0.1400
http://www.malwarebytes.org

Version de la base de données: v2012.04.26.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
QIN :: QIN-PC [administrateur]

4/26/2012 11:00:33 PM
mbam-log-2012-04-26 (23-00-33).txt

Type d'examen: Examen rapide
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 189351
Temps écoulé: 3 minute(s), 27 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 0
(Aucun élément nuisible détecté)

(fin)
Dernière édition par Nils le 26 Avr 2012, 17:10, édité 1 fois.
Nils
 
Messages: 12
Inscription: 20 Avr 2012, 10:54
Haut

Re: Demande d'aide suite a une infection

Messagede Nils » 26 Avr 2012, 16:59

Voici le fichier OTL.txt en deux parties
Première partie

OTL logfile created on: 4/26/2012 11:14:47 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\QIN\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 52.16% Memory free
3.73 Gb Paging File | 2.45 Gb Available in Paging File | 65.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.73 Gb Total Space | 23.79 Gb Free Space | 48.82% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 89.26 Gb Free Space | 91.40% Space Free | Partition Type: NTFS
Drive E: | 86.40 Gb Total Space | 86.31 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

Computer Name: QIN-PC | User Name: QIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/04/20 17:47:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\QIN\Desktop\OTL.exe
PRC - [2012/03/30 19:50:18 | 000,864,856 | ---- | M] (360.cn) -- C:\Program Files\360\360Safe\safemon\360tray.exe
PRC - [2012/03/02 16:16:04 | 000,273,240 | ---- | M] (360.cn) -- C:\Program Files\360\360Safe\deepscan\ZhuDongFangYu.exe
PRC - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe
PRC - [2011/08/09 21:39:16 | 003,076,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET Smart Security\egui.exe
PRC - [2011/07/18 23:12:34 | 000,772,048 | ---- | M] () -- C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe
PRC - [2011/07/18 23:12:34 | 000,419,280 | ---- | M] () -- C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe
PRC - [2011/07/18 23:12:30 | 001,680,848 | ---- | M] () -- C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe
PRC - [2011/07/18 23:12:24 | 000,260,048 | ---- | M] () -- C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\IEWLauncher.exe
PRC - [2011/06/24 12:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/03/25 02:10:20 | 004,732,280 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\ISD\ISD_Tablet.exe
PRC - [2011/03/25 02:10:20 | 001,111,416 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\ISD\ISD_TabletUser.exe
PRC - [2011/03/25 02:10:20 | 000,241,016 | ---- | M] (Wacom Technology, Inc) -- C:\Program Files\Tablet\CalibrationAssistant.exe
PRC - [2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/12/09 04:18:56 | 000,057,168 | ---- | M] (UPEK Inc.) -- C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
PRC - [2010/11/20 20:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/10/20 05:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2010/10/20 05:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2010/05/04 03:54:36 | 002,533,400 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/05/04 03:54:32 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/05/04 03:54:28 | 001,522,200 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2010/03/30 11:26:00 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2010/01/13 09:58:48 | 000,086,016 | ---- | M] () -- C:\Program Files\CCBComponents\DMWZ\CCBCertificate.exe
PRC - [2010/01/12 17:03:09 | 000,053,388 | ---- | M] ( Beijing WatchData System Co., Ltd.) -- C:\Windows\System32\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exe
PRC - [2009/11/15 14:12:02 | 000,015,536 | ---- | M] (华大智宝电子系统有限公司) -- C:\Windows\System32\HZ_CommSrv.exe
PRC - [2009/11/03 10:14:50 | 000,057,344 | ---- | M] ( Beijing WatchData System Co., Ltd.) -- C:\Windows\System32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe
PRC - [2009/09/30 02:30:00 | 000,058,760 | ---- | M] (IBM Corp) -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe
PRC - [2009/09/30 02:29:06 | 003,397,000 | ---- | M] (IBM) -- C:\Program Files\IBM\Lotus\Notes\nsd.exe
PRC - [2009/04/20 10:31:56 | 000,101,888 | ---- | M] () -- C:\Program Files\CTC_Setup\CMUpdater\TelRun.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/09 02:41:02 | 000,048,640 | ---- | M] (China Beijing, HuaDazhiBao Electronic Systems Ltd ) -- C:\Program Files\HDZB_USB_KEY\USBKeyTools.exe
PRC - [2008/10/31 06:23:52 | 000,031,744 | ---- | M] (Ricoh co.,Ltd.) -- C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe


========== Modules (No Company Name) ==========

MOD - [2012/04/11 12:14:01 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MOD - [2012/04/11 12:13:54 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MOD - [2012/03/11 23:20:09 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012/03/11 23:19:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012/03/11 23:19:51 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2012/02/20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/10/14 23:57:51 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/07/18 23:12:34 | 000,772,048 | ---- | M] () -- C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe
MOD - [2011/07/18 23:12:34 | 000,419,280 | ---- | M] () -- C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe
MOD - [2011/07/18 23:12:30 | 001,680,848 | ---- | M] () -- C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe
MOD - [2011/07/18 23:12:24 | 000,260,048 | ---- | M] () -- C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\IEWLauncher.exe
MOD - [2011/07/18 23:08:02 | 000,182,784 | ---- | M] () -- C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\ProxyDetection.dll
MOD - [2011/06/02 06:42:44 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll
MOD - [2011/03/25 02:10:22 | 000,962,936 | ---- | M] () -- C:\Program Files\Tablet\ISD\libxml2.dll
MOD - [2010/01/13 09:58:48 | 000,086,016 | ---- | M] () -- C:\Program Files\CCBComponents\DMWZ\CCBCertificate.exe
MOD - [2009/12/13 06:12:03 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009/11/03 09:27:30 | 000,053,248 | ---- | M] () -- C:\Windows\System32\CCBKCSP.dll
MOD - [2009/04/20 10:31:56 | 000,101,888 | ---- | M] () -- C:\Program Files\CTC_Setup\CMUpdater\TelRun.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService)
SRV - [2012/04/16 04:31:42 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/03/02 16:16:04 | 000,273,240 | ---- | M] (360.cn) [Auto | Running] -- C:\Program Files\360\360Safe\deepscan\ZhuDongFangYu.exe -- (ZhuDongFangYu)
SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/24 23:05:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011/08/09 21:39:22 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2011/03/25 02:10:20 | 004,732,280 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\ISD\ISD_Tablet.exe -- (TabletServiceISD)
SRV - [2010/10/20 05:25:18 | 000,866,576 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2010/10/20 05:02:42 | 000,477,456 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2010/05/11 05:47:24 | 000,417,336 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\XAudio32.dll -- (HsfXAudioService)
SRV - [2010/05/04 03:54:36 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/05/04 03:54:32 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/11/15 14:12:02 | 000,015,536 | ---- | M] (华大智宝电子系统有限公司) [Auto | Running] -- C:\Windows\System32\HZ_CommSrv.exe -- (HZ_CommSrv)
SRV - [2009/11/03 10:14:50 | 000,057,344 | ---- | M] ( Beijing WatchData System Co., Ltd.) [Auto | Running] -- C:\Windows\System32\WatchData\Watchdata CCB CSP v3.2\WDKeyMonitorCCB.exe -- (WDMonitorCCB)
SRV - [2009/09/30 02:30:00 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2009/09/30 02:29:06 | 003,397,000 | ---- | M] (IBM) [Auto | Running] -- C:\Program Files\IBM\Lotus\Notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2009/07/14 09:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 09:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 09:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 09:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)


========== Driver Services (SafeList) ==========

DRV - [2012/03/16 19:36:42 | 000,174,936 | ---- | M] (360安全中心) [File_System | System | Running] -- C:\Windows\System32\drivers\360Box.sys -- (360Box)
DRV - [2012/03/11 13:59:38 | 000,147,824 | ---- | M] (360安全中心) [Kernel | System | Running] -- C:\Windows\System32\drivers\360SelfProtection.sys -- (360SelfProtection)
DRV - [2012/03/08 16:01:00 | 000,192,216 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\System32\drivers\qutmdrv.sys -- (qutmdserv)
DRV - [2012/02/27 18:22:52 | 000,036,184 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\System32\drivers\qutmipc.sys -- (qutmipc)
DRV - [2012/02/17 15:29:06 | 000,127,192 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\System32\drivers\BAPIDRV.SYS -- (BAPIDRV)
DRV - [2012/02/03 17:52:02 | 000,070,488 | ---- | M] (360安全中心) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hookport.sys -- (HookPort)
DRV - [2011/08/31 18:18:40 | 000,019,800 | ---- | M] (360安全中心) [Kernel | System | Running] -- C:\Windows\System32\drivers\efimon.sys -- (EfiMon)
DRV - [2011/08/09 13:57:10 | 000,163,424 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2011/08/04 09:20:38 | 000,147,480 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2011/08/04 09:20:38 | 000,050,624 | ---- | M] (ESET) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2011/08/04 09:20:38 | 000,033,656 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\EpfwLWF.sys -- (EpfwLWF)
DRV - [2011/08/04 09:20:36 | 000,118,104 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/07/18 23:08:06 | 000,066,432 | ---- | M] (ZTE) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\orange_zte_cdc_acm.sys -- (orange_zte_cdc_acm)
DRV - [2011/07/18 23:08:06 | 000,009,984 | ---- | M] (ZTE) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\orange_zte_cpo.sys -- (orange_zte_cpo)
DRV - [2011/06/02 06:42:56 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV - [2011/06/02 06:42:56 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2011/04/08 10:43:10 | 000,043,864 | ---- | M] (360.cn) [Kernel | System | Running] -- C:\Windows\System32\drivers\360netmon.sys -- (360netmon)
DRV - [2011/01/21 06:36:14 | 000,035,696 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wisdpen.sys -- (WISDPen)
DRV - [2011/01/14 05:04:50 | 000,122,992 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsX86.sys -- (Shockprf)
DRV - [2011/01/14 05:02:56 | 000,020,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ApsHM86.sys -- (TPDIGIMN)
DRV - [2011/01/14 02:18:50 | 000,132,608 | ---- | M] (Ricoh co.,Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\5U877.sys -- (5U877)
DRV - [2010/12/03 06:49:24 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010/12/03 06:49:20 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2010/11/20 20:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 20:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 20:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 18:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 17:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 17:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 17:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010/10/18 17:20:48 | 007,122,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETwNs32.sys -- (NETwNs32) ___ Intel(R)
DRV - [2010/07/23 00:38:06 | 000,215,208 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress) Intel(R)
DRV - [2010/05/11 05:47:34 | 000,015,416 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio32.sys -- (XAudio)
DRV - [2009/09/18 03:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2009/07/14 07:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 07:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/04/20 10:31:54 | 000,009,728 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2009/04/17 16:32:46 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgdccvousb.sys -- (zgdccvousb)
DRV - [2009/04/17 16:32:46 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgdccmdm.sys -- (zgdccmdm)
DRV - [2009/04/17 16:32:46 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgdccdiag.sys -- (zgdccdiag)
DRV - [2009/04/17 16:32:46 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zgdccat.sys -- (zgdccat)
DRV - [2009/03/14 04:47:26 | 000,012,560 | ---- | M] (UPEK Inc.) [Kernel | Auto | Running] -- C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -- (smihlp) SMI Helper Driver (smihlp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = http://dts.search-results.com/sr?src=ie ... 14&sr=0&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
IE - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B7 F9 3C B6 36 0E CD 01 [binary data]
IE - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = http://dts.search-results.com/sr?src=ie ... 14&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.selectedEngine: "Search Results"
FF - prefs.js..browser.startup.homepage: "http://www.google.fr"
FF - prefs.js..keyword.URL: "http://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.4: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/09 23:03:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/18 00:19:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/09/25 20:55:52 | 000,000,000 | ---D | M]

[2012/04/20 16:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\QIN\AppData\Roaming\mozilla\Extensions
[2012/04/20 20:24:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\QIN\AppData\Roaming\mozilla\Firefox\Profiles\ko75lnj0.default\extensions
[2012/03/09 09:09:29 | 000,000,000 | ---D | M] (WOT) -- C:\Users\QIN\AppData\Roaming\mozilla\Firefox\Profiles\ko75lnj0.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/03/25 13:34:33 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\QIN\AppData\Roaming\mozilla\Firefox\Profiles\ko75lnj0.default\extensions\firefox@ghostery.com
[2012/04/20 05:53:22 | 000,002,515 | ---- | M] () -- C:\Users\QIN\AppData\Roaming\Mozilla\Firefox\Profiles\ko75lnj0.default\searchplugins\Search_Results.xml
[2012/04/20 16:29:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\QIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KO75LNJ0.DEFAULT\EXTENSIONS\{AE93811A-5C9A-4D34-8462-F7B864FC4696}.XPI
() (No name found) -- C:\USERS\QIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KO75LNJ0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\QIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KO75LNJ0.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\QIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KO75LNJ0.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\USERS\QIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KO75LNJ0.DEFAULT\EXTENSIONS\ARTUR.DUBOVOY@GMAIL.COM.XPI
[2011/06/16 12:38:33 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/01/05 19:09:12 | 000,107,352 | ---- | M] (360.cn) -- C:\Program Files\mozilla firefox\plugins\np360MMPlugIn.dll
[2010/01/01 16:00:00 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010/01/01 16:00:00 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/01/01 16:00:00 | 000,001,154 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2012/04/20 05:53:22 | 000,002,515 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2010/01/01 16:00:00 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/01/01 16:00:00 | 000,000,956 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2009/06/11 05:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SafeMon Class) - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360\360Safe\safemon\safemon.dll (360.cn)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [360Safetray] C:\Program Files\360\360Safe\safemon\360Tray.exe (360.cn)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CCBCertificate] C:\Program Files\CCBComponents\DMWZ\CCBCertificate.exe ()
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [RotateImage] C:\Program Files\Integrated Camera Driver\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [Start_HSSModule] C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\HSSModule.exe ()
O4 - HKLM..\Run: [Start_Icon225_IEWLauncher] C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\IEWLauncher.exe ()
O4 - HKLM..\Run: [Start_SMSNotifier] C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\SmsNotifier.exe ()
O4 - HKLM..\Run: [Start_Statistics] C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\OrangeStats.exe ()
O4 - HKLM..\Run: [Start_Update] C:\Program Files\Orange\Orange Connection Manager\{67B2F852-03B0-4abd-B7DE-9BF0EA317D2C}\UpdteApp.exe ()
O4 - HKLM..\Run: [TelRun] C:\Program Files\CTC_Setup\CMUpdater\TelRun.exe ()
O4 - HKLM..\Run: [USBKeyTools] C:\Program Files\HDZB_USB_KEY\USBKeyTools.exe (China Beijing, HuaDazhiBao Electronic Systems Ltd )
O4 - HKLM..\Run: [USBKeyTools.exe] C:\Program Files\CCBComponents\HDZB\USBKeyTools.exe (北京华大智宝电子系统有限公司)
O4 - HKLM..\Run: [wdcertm_ccb] C:\Windows\System32\WatchData\Watchdata CCB CSP v3.2\WDCertM_CCB.exe ( Beijing WatchData System Co., Ltd.)
O4 - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\QIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NolowDiskSpaceChecks = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000\..Trusted Domains: ccb.cn ([b2b] https in Trusted sites)
O15 - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000\..Trusted Domains: ccb.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000\..Trusted Domains: ccb.com.cn ([ca2] https in Trusted sites)
O15 - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000\..Trusted Domains: ccb.com.cn ([ca3] https in Trusted sites)
O15 - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000\..Trusted Domains: ccb.com.cn ([ibsbjstar] https in Trusted sites)
O15 - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000\..Trusted Domains: ccb.com.cn ([mybank] https in Trusted sites)
O15 - HKU\S-1-5-21-1226608070-1869712518-1457183034-1000\..Trusted Domains: com.cn ([*.ccb] https in Trusted sites)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/Shar ... vSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00A2CDDE-15D4-416E-9D4F-739A24DBCA81}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE03C3EC-4BA9-498C-B4D4-F41B7421FD8B}: DhcpNameServer = 89.2.0.1 89.2.0.2
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 05:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{264ba0e5-7c39-11e1-b435-f0def1205e46}\Shell - "" = AutoRun
O33 - MountPoints2\{264ba0e5-7c39-11e1-b435-f0def1205e46}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{29d61724-e84e-11e0-852a-f0def1205e46}\Shell - "" = AutoRun
O33 - MountPoints2\{29d61724-e84e-11e0-852a-f0def1205e46}\Shell\AutoRun\command - "" = F:\WINDOWS\autorun.exe
O33 - MountPoints2\{29d61729-e84e-11e0-852a-f0def1205e46}\Shell - "" = AutoRun
O33 - MountPoints2\{29d61729-e84e-11e0-852a-f0def1205e46}\Shell\AutoRun\command - "" = F:\WINDOWS\autorun.exe
O33 - MountPoints2\{38ae1f98-a341-11e0-99a4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{38ae1f98-a341-11e0-99a4-806e6f6e6963}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{38ae1f98-a341-11e0-99a4-806e6f6e6963}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{38ae1f98-a341-11e0-99a4-806e6f6e6963}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{9fbcd761-a403-11e0-aaa0-f0def1205e46}\Shell - "" = AutoRun
O33 - MountPoints2\{9fbcd761-a403-11e0-aaa0-f0def1205e46}\Shell\AutoRun\command - "" = F:\HDZB_USBKEY_Setup.exe
O33 - MountPoints2\{ac373cd3-fc05-11e0-9542-f0def1205e46}\Shell - "" = AutoRun
O33 - MountPoints2\{ac373cd3-fc05-11e0-9542-f0def1205e46}\Shell\AutoRun\command - "" = F:\WINDOWS\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2012/04/26 22:11:48 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/26 22:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/04/26 22:11:11 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/04/26 21:51:23 | 000,000,000 | ---D | C] -- C:\Users\QIN\AppData\Roaming\Malwarebytes
[2012/04/26 21:51:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/26 21:51:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/26 21:51:17 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/26 21:51:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/04/26 21:46:23 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\QIN\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/26 21:33:18 | 000,000,000 | RHSD | C] -- C:\360SANDBOX
[2012/04/24 20:11:49 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/04/24 20:11:46 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/04/20 20:13:11 | 000,000,000 | ---D | C] -- C:\Users\QIN\AppData\Roaming\QuickScan
[2012/04/20 17:46:52 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\QIN\Desktop\OTL.exe
[2012/04/20 17:28:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/04/20 16:08:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/04/20 16:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/04/20 16:08:09 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/04/20 15:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012/04/20 05:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\Free Video Converter
[2012/04/16 04:31:41 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/13 23:19:48 | 000,000,000 | ---D | C] -- C:\Users\QIN\Desktop\TED
[2012/04/12 23:01:23 | 000,000,000 | ---D | C] -- C:\Users\QIN\Desktop\Sante
[2012/04/11 04:51:45 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/04/11 04:51:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/04/11 04:51:43 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/04/11 04:51:43 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/04/11 04:51:40 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/04/10 16:20:08 | 000,000,000 | ---D | C] -- C:\Users\QIN\AppData\Roaming\360mobilemgr
[2012/04/09 20:59:06 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/04/09 20:25:04 | 000,000,000 | ---D | C] -- C:\Users\QIN\AppData\Roaming\vlc
[2012/04/09 20:23:38 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/04/08 13:53:58 | 000,000,000 | ---D | C] -- C:\Users\QIN\AppData\Roaming\Apple Computer
[2012/04/08 13:53:58 | 000,000,000 | ---D | C] -- C:\Users\QIN\AppData\Local\Apple Computer
[2012/04/08 13:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/04/08 13:53:29 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\System32\GEARAspi.dll
[2012/04/08 13:53:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2012/04/08 13:52:48 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/04/08 13:52:47 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/04/08 13:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/04/08 13:52:47 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/04/08 13:51:22 | 000,000,000 | ---D | C] -- C:\Users\QIN\AppData\Local\Apple
[2012/04/08 13:51:16 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2012/04/08 13:50:19 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012/04/08 13:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012/04/08 13:49:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2012/04/07 16:12:16 | 000,000,000 | ---D | C] -- C:\Users\QIN\Documents\OneNote Notebooks
[2012/04/02 18:24:11 | 000,000,000 | ---D | C] -- C:\Users\QIN\AppData\Roaming\Skype
[2012/04/02 18:23:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/04/02 18:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/04/02 18:23:55 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/04/02 18:23:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/04/02 04:34:11 | 000,000,000 | ---D | C] -- C:\Users\QIN\AppData\Local\Orange
[2012/04/02 04:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Orange Connection Manager
[2012/04/02 04:33:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Orange
[2012/04/02 04:33:14 | 000,000,000 | ---D | C] -- C:\Program Files\Orange
[2012/04/02 04:31:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\QIN\Desktop\*.tmp files -> C:\Users\QIN\Desktop\*.tmp -> ]
Nils
 
Messages: 12
Inscription: 20 Avr 2012, 10:54
Haut

Re: Demande d'aide suite a une infection

Messagede Nils » 26 Avr 2012, 17:00

Deuxième partie du fichier OTL.txt
========== Files - Modified Within 30 Days ==========

[2012/04/26 23:17:15 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2012/04/26 23:16:26 | 000,015,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 23:16:26 | 000,015,680 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/26 22:44:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/26 22:11:28 | 000,001,078 | ---- | M] () -- C:\Users\QIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/04/26 22:11:12 | 000,000,898 | ---- | M] () -- C:\Users\QIN\Desktop\NTREGOPT.lnk
[2012/04/26 22:11:12 | 000,000,879 | ---- | M] () -- C:\Users\QIN\Desktop\ERUNT.lnk
[2012/04/26 21:51:19 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/26 21:47:49 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\QIN\Desktop\mbam-setup-1.61.0.1400.exe
[2012/04/26 21:44:10 | 000,198,449 | ---- | M] () -- C:\Users\QIN\Desktop\B6D20d01.pdf
[2012/04/26 21:33:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/26 21:33:17 | 1500,254,208 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/24 20:16:39 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/04/24 20:16:39 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/04/20 17:47:06 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\QIN\Desktop\OTL.exe
[2012/04/20 16:08:18 | 000,001,244 | ---- | M] () -- C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/20 16:08:15 | 000,001,220 | ---- | M] () -- C:\Users\QIN\Desktop\Spybot - Search & Destroy.lnk
[2012/04/16 04:31:41 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/04/16 04:31:41 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/04/02 18:23:58 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/02 04:33:53 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_orange_zte_cdc_acm_01009.Wdf
[2012/04/02 04:33:16 | 000,002,462 | ---- | M] () -- C:\Users\Public\Desktop\Orange Connection Manager.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\QIN\Desktop\*.tmp files -> C:\Users\QIN\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/04/26 23:17:15 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2012/04/26 22:11:28 | 000,001,078 | ---- | C] () -- C:\Users\QIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/04/26 22:11:12 | 000,000,898 | ---- | C] () -- C:\Users\QIN\Desktop\NTREGOPT.lnk
[2012/04/26 22:11:12 | 000,000,879 | ---- | C] () -- C:\Users\QIN\Desktop\ERUNT.lnk
[2012/04/26 21:51:19 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/26 21:44:17 | 000,198,449 | ---- | C] () -- C:\Users\QIN\Desktop\B6D20d01.pdf
[2012/04/20 16:08:18 | 000,001,244 | ---- | C] () -- C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/04/20 16:08:15 | 000,001,220 | ---- | C] () -- C:\Users\QIN\Desktop\Spybot - Search & Destroy.lnk
[2012/04/16 04:31:47 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/04/08 13:51:17 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012/04/02 18:23:58 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/04/02 04:33:53 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_orange_zte_cdc_acm_01009.Wdf
[2012/04/02 04:33:16 | 000,002,462 | ---- | C] () -- C:\Users\Public\Desktop\Orange Connection Manager.lnk
[2011/10/05 11:20:20 | 000,000,031 | ---- | C] () -- C:\Windows\Drv_opt.ini
[2011/09/23 21:37:50 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/07/28 18:24:21 | 000,116,656 | ---- | C] () -- C:\Windows\System32\WDCCB.dll
[2011/07/01 06:40:55 | 000,867,020 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011/07/01 06:40:54 | 000,105,608 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2011/07/01 06:40:54 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2011/07/01 06:40:53 | 000,128,204 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2011/07/01 06:40:52 | 013,787,648 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll
[2011/07/01 06:40:52 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll
[2011/07/01 06:40:52 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2011/07/01 06:11:15 | 003,406,888 | ---- | C] () -- C:\Windows\System32\wstbcoin.dll
[2011/07/01 06:11:15 | 001,826,856 | ---- | C] () -- C:\Windows\System32\tkbtnpn1.dll

========== LOP Check ==========

[2012/03/11 23:16:42 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\360chrome
[2012/04/26 22:46:09 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\360Desktop
[2012/04/13 20:20:05 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\360mobilemgr
[2011/09/15 22:29:09 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\360Notify
[2012/04/26 22:43:13 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\360safe
[2012/03/30 13:34:00 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\360se
[2011/10/05 11:39:03 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\Chinatelecom
[2011/09/25 21:05:16 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\ESET
[2011/07/01 05:26:20 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\Foxit Software
[2012/04/20 20:13:14 | 000,000,000 | ---D | M] -- C:\Users\QIN\AppData\Roaming\QuickScan
[2009/07/14 12:53:46 | 000,026,904 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\drivers\AGP440.sys
[2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 09:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\drivers\atapi.sys
[2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 09:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\System32\cngaudit.dll
[2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 09:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2009/07/14 09:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows.old\Windows\System32\ctfmon.exe
[2009/07/14 09:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
[2009/07/14 09:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\System32\ctfmon.exe
[2009/07/14 09:14:16 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=4A3CDCEF8ED41B221F3DBEF5792FB52D -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe

< MD5 for: EXPLORER.EXE >
[2011/02/26 13:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\explorer.exe
[2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009/07/14 09:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 13:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 13:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 13:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010/11/20 20:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 13:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 13:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 13:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 14:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: IASTORV.SYS >
[2011/03/11 13:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 13:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 13:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 13:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 13:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\drivers\iaStorV.sys
[2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2009/07/14 09:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 20:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 20:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 13:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2010/11/20 20:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 20:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\System32\netlogon.dll
[2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
[2009/07/14 09:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2011/03/11 13:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 13:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 13:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 13:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 13:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 13:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 20:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 20:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\drivers\nvstor.sys
[2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
[2009/07/14 09:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\System32\scecli.dll
[2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2009/07/14 09:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 20:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 20:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: USERINIT.EXE >
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 20:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\System32\userinit.exe
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 09:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WININIT.EXE >
[2009/07/14 09:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old\Windows\System32\wininit.exe
[2009/07/14 09:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
[2009/07/14 09:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 09:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/10/28 14:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 13:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 20:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 20:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009/07/14 09:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\System32\winlogon.exe
[2009/07/14 09:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009/07/14 09:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

========== Files - Unicode (All) ==========
[2012/04/26 22:46:09 | 000,002,119 | ---- | M] ()(C:\Users\QIN\Desktop\360????.lnk) -- C:\Users\QIN\Desktop\360软件管家.lnk
[2011/09/28 17:11:20 | 000,001,211 | ---- | M] ()(C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360????.lnk) -- C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360软件管家.lnk
[2011/09/28 17:11:20 | 000,001,067 | ---- | M] ()(C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360????.lnk) -- C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全卫士.lnk
[2011/09/28 17:11:20 | 000,001,043 | ---- | M] ()(C:\Users\QIN\Desktop\360????.lnk) -- C:\Users\QIN\Desktop\360安全卫士.lnk
[2011/09/28 16:46:28 | 000,000,274 | ---- | M] ()(C:\Windows\tasks\360????????????.job) -- C:\Windows\tasks\360开机加速延迟启动任务计划.job
[2011/09/16 21:40:43 | 000,000,274 | ---- | C] ()(C:\Windows\tasks\360????????????.job) -- C:\Windows\tasks\360开机加速延迟启动任务计划.job
[2011/07/28 18:25:47 | 001,544,079 | R--- | M] ()(C:\Users\QIN\Desktop\??????E?????????(??)-2.rar) -- C:\Users\QIN\Desktop\中国建设银行E路护航网银安全组件(华大)-2.rar
[2011/07/28 18:25:41 | 001,544,079 | R--- | C] ()(C:\Users\QIN\Desktop\??????E?????????(??)-2.rar) -- C:\Users\QIN\Desktop\中国建设银行E路护航网银安全组件(华大)-2.rar
[2011/07/02 06:23:52 | 000,002,119 | ---- | C] ()(C:\Users\QIN\Desktop\360????.lnk) -- C:\Users\QIN\Desktop\360软件管家.lnk
[2011/07/01 05:34:49 | 000,000,947 | ---- | M] ()(C:\Users\Public\Desktop\360????? 3.lnk) -- C:\Users\Public\Desktop\360安全浏览器 3.lnk
[2011/07/01 05:34:49 | 000,000,947 | ---- | C] ()(C:\Users\Public\Desktop\360????? 3.lnk) -- C:\Users\Public\Desktop\360安全浏览器 3.lnk
[2011/07/01 05:34:49 | 000,000,913 | ---- | M] ()(C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360????? 3.lnk) -- C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全浏览器 3.lnk
[2011/07/01 05:34:49 | 000,000,913 | ---- | C] ()(C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360????? 3.lnk) -- C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全浏览器 3.lnk
[2011/07/01 05:34:15 | 000,001,211 | ---- | C] ()(C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360????.lnk) -- C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360软件管家.lnk
[2011/07/01 05:34:15 | 000,001,067 | ---- | C] ()(C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360????.lnk) -- C:\Users\QIN\Application Data\Microsoft\Internet Explorer\Quick Launch\360安全卫士.lnk
[2011/07/01 05:34:15 | 000,001,043 | ---- | C] ()(C:\Users\QIN\Desktop\360????.lnk) -- C:\Users\QIN\Desktop\360安全卫士.lnk
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360????? 3) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全浏览器 3
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360安全中心
(C:\ProgramData\Microsoft\Windows\Start Menu\Programs\???????) -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\搜狗拼音输入法

< End of report >
Nils
 
Messages: 12
Inscription: 20 Avr 2012, 10:54
Haut

Re: Demande d'aide suite a une infection

Messagede Nils » 26 Avr 2012, 17:05

Contenu du fichier Extras.Txt
OTL Extras logfile created on: 4/26/2012 11:14:47 PM - Run 1
OTL by OldTimer - Version 3.2.40.0 Folder = C:\Users\QIN\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.86 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 52.16% Memory free
3.73 Gb Paging File | 2.45 Gb Available in Paging File | 65.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48.73 Gb Total Space | 23.79 Gb Free Space | 48.82% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 89.26 Gb Free Space | 91.40% Space Free | Partition Type: NTFS
Drive E: | 86.40 Gb Total Space | 86.31 Gb Free Space | 99.90% Space Free | Partition Type: NTFS

Computer Name: QIN-PC | User Name: QIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = 360seURL] -- C:\Users\QIN\AppData\Roaming\360se\bin\360se.exe (360.cn)

[HKEY_USERS\S-1-5-21-1226608070-1869712518-1457183034-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Users\QIN\AppData\Roaming\360se\bin\360se.exe" "%1" (360.cn)
https [open] -- "C:\Users\QIN\AppData\Roaming\360se\bin\360se.exe" "%1" (360.cn)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BA4F7A6-CF8B-4815-AEC0-C891D4AF68CA}" = Orange Connection Manager
"{1479472D-3FF7-450C-BC31-FC4F40405FFD}" = ESET Smart Security
"{1FD19FB9-2E53-4FAB-B670-8B0605E666E7}" = Lotus Notes 8.5.1 (Basic) zh
"{23B8A91D-680B-462B-87AD-3D70F7341731}" = iTunes
"{23F3F476-BE34-4f48-9C77-2806A8393EC4}" = 360安全浏览器 3.8 正式版
"{26903C89-780A-463E-8CBD-E47A73927254}" = ThinkPad Tablet Button Driver
"{38A3DA17-C44A-4DCA-B2B6-485F7B730B0F}" = CCB USB Key Tool
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{502EE63C-9A62-4330-8F8B-1EAB51B7BB46}" = ThinkVantage Fingerprint Software
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C3CD17B4-08B0-492D-8A4C-81716D33E520}" = Integrated Camera Driver Installer Package Ver.1.1.0.42
"{CE6010E9-FFB5-41EB-B2E9-2451D60207AA}" = USB KEY
"{D75AEB5B-FA18-4BD4-9EED-54CA46DB5AE8}" = Intel(R) PROSet/Wireless WiFi Software
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"360安全卫士" = 360安全卫士
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"C+WClient_is1" = ChinaNet client
"CCB "E Safety" Internet Banking security components Setup" = CCB "E Safety" Internet Banking security components Setup 3.0
"CCB Online e-Bank HDZB" = CCB Online e-Bank HDZB V3.6.7.9
"CNXT_MODEM_HDA_HSF" = ThinkPad Modem Adapter
"DMWZ CCB USBKey" = DMWZ CCB USBKey
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader" = Foxit Reader
"ISD Tablet Driver" = ISD Tablet
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 5.0 (x86 fr)" = Mozilla Firefox 5.0 (x86 fr)
"Office14.SingleImage" = Microsoft Office Professional 2010
"Power Management Driver" = ThinkPad Power Management Driver
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"Sogou Input" = 搜狗拼音输入法 6.0正式版
"VLC media player" = VLC media player 2.0.1
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/20/2012 6:49:45 AM | Computer Name = QIN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3635

Error - 4/20/2012 6:49:46 AM | Computer Name = QIN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/20/2012 6:49:46 AM | Computer Name = QIN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4633

Error - 4/20/2012 6:49:46 AM | Computer Name = QIN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4633

Error - 4/20/2012 6:49:47 AM | Computer Name = QIN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/20/2012 6:49:47 AM | Computer Name = QIN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5632

Error - 4/20/2012 6:49:47 AM | Computer Name = QIN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5632

Error - 4/20/2012 6:49:48 AM | Computer Name = QIN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 4/20/2012 6:49:48 AM | Computer Name = QIN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6786

Error - 4/20/2012 6:49:48 AM | Computer Name = QIN-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6786

[ System Events ]
Error - 4/20/2012 4:41:36 AM | Computer Name = QIN-PC | Source = Service Control Manager | ID = 7023
Description = The Security Center service terminated with the following error: %%1747

Error - 4/20/2012 4:43:36 AM | Computer Name = QIN-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 4/20/2012 5:40:41 AM | Computer Name = QIN-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 4/20/2012 6:30:41 AM | Computer Name = QIN-PC | Source = DCOM | ID = 10010
Description =

Error - 4/20/2012 6:32:09 AM | Computer Name = QIN-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 4/21/2012 5:10:07 AM | Computer Name = QIN-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 4/22/2012 9:21:46 AM | Computer Name = QIN-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 4/22/2012 9:04:03 PM | Computer Name = QIN-PC | Source = Tcpip | ID = 4199
Description = The system detected an address conflict for IP address 192.168.1.4
with the system having network hardware address 00-26-5E-50-E5-3B. Network operations
on this system may be disrupted as a result.

Error - 4/24/2012 9:03:47 AM | Computer Name = QIN-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 4/26/2012 9:33:41 AM | Computer Name = QIN-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom


< End of report >
Nils
 
Messages: 12
Inscription: 20 Avr 2012, 10:54
Haut

Re: Demande d'aide suite a une infection

Messagede nickW » 27 Avr 2012, 11:05

Bonjour,

Recherche de résidus de l'infection:


Étape 1: AdwCleaner (de Xplode), téléchargement
Télécharger AdwCleaner depuis la page ci-dessous:
http://general-changelog-team.fr/telech ... adwcleaner
Enregistrer le fichier adwcleaner.exe sur le Bureau.


Étape 2: AdwCleaner (de Xplode), analyse
Faire un clic droit sur adwcleaner.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal d'AdwCleaner s'affiche:
Image

Cliquer sur le bouton Recherche.

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer la fenêtre d'AdwCleaner.
Fermer le Bloc-notes.


Étape 3: Résultat
Envoyer en réponse:
*- le rapport d'analyse d'AdwCleaner (contenu du fichier %SystemDrive%\AdwCleaner[Rn].txt, n étant un numéro d'ordre).
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France
Haut

Re: Demande d'aide suite a une infection

Messagede Nils » 27 Avr 2012, 14:18

J'essaie de télécharger AdwCleaner mais ça plante à chaque fois.
Je l'ai téléchargé d'un autre PC et ça a fonctionné. Je me le suis envoyé par e-mail, mais au moment de le télécharger sur le PC portable, c'est bloqué automatiquement par l'antivirus chinois, qui l'identifie comme vérolé (il trouve un truc appelé "HEUR/Malware.QVM11.Gen").

Est-ce normal ? (J'espère que oui car je l'ai fait tourner sur l'autre PC...)

Merci.
Nils
 
Messages: 12
Inscription: 20 Avr 2012, 10:54
Haut

Re: Demande d'aide suite a une infection

Messagede nickW » 27 Avr 2012, 21:33

Bonsoir,

AdwCleaner est un programme sûr.

Il faut désactiver temporairement l'"antivirus chinois" pendant son utilisation.

Salut,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France
Haut

Re: Demande d'aide suite a une infection

Messagede Nils » 29 Avr 2012, 17:19

Bonjour nickW,

Voici ce que me donne Adwcleaner :

# AdwCleaner v1.604 - Logfile created 04/30/2012 at 00:15:00
# Updated 23/04/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : QIN - QIN-PC
# Running from : C:\Users\QIN\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Users\QIN\AppData\LocalLow\searchquband
File Found : C:\Users\QIN\AppData\Roaming\Mozilla\Firefox\Profiles\ko75lnj0.default\searchplugins\Search_Results.xml
File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml

***** [Registry] *****

Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar

***** [Registre - GUID] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v5.0 (fr)

Profile name : default
File : C:\Users\QIN\AppData\Roaming\Mozilla\Firefox\Profiles\ko75lnj0.default\prefs.js

Found : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=");

*************************

AdwCleaner[R1].txt - [1804 octets] - [30/04/2012 00:15:00]

########## EOF - C:\AdwCleaner[R1].txt - [1932 octets] ##########
Nils
 
Messages: 12
Inscription: 20 Avr 2012, 10:54
Haut

Re: Demande d'aide suite a une infection

Messagede nickW » 30 Avr 2012, 23:04

Bonsoir,

Nettoyage:


Je te conseille d'imprimer la procédure, ou d'en sélectionner toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC (Note: tu n'auras pas accès à Internet lors de l'étape 3).
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.


Étape 1: Pas de processus de contrôle d'intégrité
Désactiver TeaTimer de Spybot-S&D.
Dans la SysBarre (zone située juste à gauche de l'horloge) faire un clic droit sur l'icône du Résident de Spybot-S&D et choisir "Quitter Résident de Spybot-S&D".
Lancer Spybot-S&D, Mode avancé, Outils, Résident, décocher la case située devant Résident "TeaTimer". Fermer Spybot-S&D.
Faire redémarrer le PC.
Note:
Il ne faut pas réactiver TeaTimer avant la fin du nettoyage du PC (je te dirai quand et comment le faire).


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident des antivirus.
Image ESET: Voir ici
Image "Antivirus chinois": je te laisse faire :wink:


Étape 3: AdwCleaner (de Xplode), nettoyage

Fermer tous les navigateurs internet (Internet Explorer, Firefox, Opera, Google Chrome, etc).

Faire un clic droit sur adwcleaner.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal d'AdwCleaner s'affiche:
Image

Cliquer sur le bouton Suppression.

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer la fenêtre d'AdwCleaner.
Fermer le Bloc-notes.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident des antivirus.


Étape 5: OTL (de OldTimer), analyse rapide
Fermer toutes les fenêtres de programme ouvertes.

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Analyse rapide:
Image


Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 6: Résultats
Envoyer en réponse:
*- le rapport de nettoyage d'AdwCleaner (contenu du fichier %SystemDrive%\AdwCleaner[Sn].txt, n étant un numéro d'ordre).
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France
Haut

Re: Demande d'aide suite a une infection

Messagede Nils » 01 Mai 2012, 15:03

Bonjour,

J'ai suivi la procedure. Adwcleaner m'a fait redemarrer, je n'ai pas eu le choix.

Voici le rapport Adwcleaner :

# AdwCleaner v1.604 - Logfile created 05/01/2012 at 21:50:33
# Updated 23/04/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : QIN - QIN-PC
# Running from : C:\Users\QIN\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Users\QIN\AppData\LocalLow\searchquband
File Deleted : C:\Users\QIN\AppData\Roaming\Mozilla\Firefox\Profiles\ko75lnj0.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml

***** [Registry] *****

Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar

***** [Registre - GUID] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Registry is clean.

-\\ Mozilla Firefox v5.0 (fr)

Profile name : default
File : C:\Users\QIN\AppData\Roaming\Mozilla\Firefox\Profiles\ko75lnj0.default\prefs.js

Deleted : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&appid=0&systemid=414&sr=0&q=");

*************************

AdwCleaner[R1].txt - [1933 octets] - [30/04/2012 00:15:00]
AdwCleaner[S1].txt - [1888 octets] - [01/05/2012 21:50:33]

########## EOF - C:\AdwCleaner[S1].txt - [2016 octets] ##########
Nils
 
Messages: 12
Inscription: 20 Avr 2012, 10:54
Haut
Suivante
Sujet verrouillé

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 11 invités

Développé par phpBB® Forum Software © phpBB Group
Traduction par phpBB-fr.com