[OK] TrojanDownloader:Win32/Unruy.H

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

[OK] TrojanDownloader:Win32/Unruy.H

Messagede laurentfib » 01 Fév 2011, 13:59

Bonjour,

Depuis une semaine j'ai des problèmes avec mon PC au bureau.
Je plante tout le temps, sur la compta, sur Outlook, etc.
Rédémarrages intempestifs, services qui bugs, fermeture d'application, etc.
Et mon antivirus ne m'a pas alerté.

J'ai très peur que quelqu'un ait pu prendre "possession" de mon ordinateur.
J'ai vu une page internet s'ouvrir et des données saisies en live.

Est-ce que quelqu'un peut me guider svp ?

Voici mes logs :

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Version de la base de données: 5652

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

01/02/2011 10:51:26
mbam-log-2011-02-01 (10-51-26).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 178869
Temps écoulé: 5 minute(s), 45 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

===========================================

OTL logfile created on: 01/02/2011 11:42:38 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\LATTIACH\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 134,94 Gb Total Space | 89,79 Gb Free Space | 66,54% Space Free | Partition Type: NTFS
Drive D: | 12,05 Gb Total Space | 6,35 Gb Free Space | 52,70% Space Free | Partition Type: NTFS
Drive E: | 1,95 Gb Total Space | 1,74 Gb Free Space | 89,34% Space Free | Partition Type: NTFS
Drive G: | 136,89 Gb Total Space | 30,41 Gb Free Space | 22,21% Space Free | Partition Type: NTFS
Drive P: | 136,89 Gb Total Space | 30,41 Gb Free Space | 22,21% Space Free | Partition Type: NTFS
Drive U: | 230,23 Gb Total Space | 120,16 Gb Free Space | 52,19% Space Free | Partition Type: NTFS
Drive V: | 230,23 Gb Total Space | 120,16 Gb Free Space | 52,19% Space Free | Partition Type: NTFS

Computer Name: CL07 | User Name: lattiach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/01 11:07:52 | 000,035,340 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerAssistant .exe
PRC - [2011/01/31 20:05:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\LATTIACH\Desktop\OTL.exe
PRC - [2011/01/31 16:30:50 | 000,035,332 | ---- | M] () -- C:\Program Files\Intel\AMT\atchk.exe
PRC - [2010/09/23 13:36:04 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
PRC - [2010/01/27 15:54:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/01/12 16:21:50 | 004,994,856 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/01/12 15:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/11/17 03:42:38 | 000,947,496 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon .exe
PRC - [2009/11/16 09:50:02 | 001,337,488 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe
PRC - [2009/11/16 09:39:46 | 001,299,752 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe
PRC - [2009/11/12 13:48:58 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/05/29 07:06:32 | 000,106,546 | ---- | M] () -- C:\PVSW\Bin\w3dbsmgr.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/23 21:06:50 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\CNTAoSMgr.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/03/07 17:22:18 | 000,093,320 | ---- | M] () -- C:\Windows\SMINST\Scheduler.exe
PRC - [2007/01/10 05:21:14 | 000,183,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/01/10 05:21:12 | 000,404,288 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk .exe
PRC - [2007/01/09 14:52:36 | 000,145,184 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/07 16:08:48 | 000,032,768 | ---- | M] () -- C:\PVSW\Bin\WGE_SRV.EXE
PRC - [2006/12/06 13:12:50 | 000,098,304 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2006/11/13 15:19:20 | 000,173,600 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2006/11/13 15:11:54 | 000,136,736 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\IfxPsdSv.exe
PRC - [2006/11/09 11:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync .exe


========== Modules (SafeList) ==========

MOD - [2011/01/31 20:05:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\LATTIACH\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/05/04 20:13:07 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009/10/26 08:33:32 | 000,004,608 | ---- | M] () -- C:\Program Files\Unlocker\UnlockerHook.dll
MOD - [2009/04/11 07:28:25 | 000,712,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009/04/11 07:28:23 | 002,226,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009/04/11 07:28:19 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009/04/11 07:28:18 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2009/04/11 07:28:18 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2008/01/19 08:36:40 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2008/01/19 08:35:58 | 000,063,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2008/01/19 08:34:07 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008/01/19 08:33:42 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2006/11/02 10:46:04 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/01 10:54:44 | 000,727,040 | ---- | M] (whrjecmixm Corporation) [Auto | Running] -- C:\Windows\System32\gveyczcc.dll -- (iyblrxpe)
SRV - [2010/01/27 15:54:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/12 15:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/11/16 09:50:02 | 001,337,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2009/11/16 09:39:46 | 001,299,752 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2009/11/12 13:48:58 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/07/15 16:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008/01/19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/01/10 05:21:14 | 000,183,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel(R)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/07 16:08:48 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\PVSW\Bin\WGE_SRV.EXE -- (Pervasive.SQL Workgroup)
SRV - [2006/12/07 16:08:48 | 000,032,768 | ---- | M] () [Disabled | Stopped] -- C:\PVSW\Bin\WGE_SRV.EXE -- (EBP Pervasive.SQL)
SRV - [2006/12/06 13:12:50 | 000,098,304 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2006/11/13 15:11:54 | 000,136,736 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Windows\System32\IfxPsdSv.exe -- (PersonalSecureDriveService)


========== Driver Services (SafeList) ==========

DRV - [2010/09/06 10:26:20 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/12/04 15:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2009/12/04 15:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys -- (TmPreFilter)
DRV - [2009/12/04 15:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys -- (VSApiNt)
DRV - [2009/11/12 13:48:58 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\windows\System32\StarOpen.sys -- (StarOpen)
DRV - [2009/07/15 16:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/01/19 08:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) Module de plateforme sécurisée (TPM)
DRV - [2008/01/19 05:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Pilote de la connexion réseau Intel(R)
DRV - [2008/01/02 16:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/12/13 02:34:22 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2006/12/06 13:12:56 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006/11/08 20:09:24 | 001,647,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 08:30:53 | 000,167,936 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2006/11/02 00:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/31 14:46:36 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastor.sys -- (iaStor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
IE - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: gmailthis@lazyrussian.com:2.3.0
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:5.8.0.1092

FF - HKLM\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\FirefoxExtension [2011/01/31 15:43:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/05 14:54:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/05 14:54:54 | 000,000,000 | ---D | M]

[2010/04/12 10:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LATTIACH\AppData\Roaming\mozilla\Extensions
[2011/01/05 15:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LATTIACH\AppData\Roaming\mozilla\Firefox\Profiles\5jjvib2v.default\extensions
[2010/09/06 17:31:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LATTIACH\AppData\Roaming\mozilla\Firefox\Profiles\5jjvib2v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/22 17:36:25 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\LATTIACH\AppData\Roaming\mozilla\Firefox\Profiles\5jjvib2v.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2011/01/05 14:59:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\LATTIACH\AppData\Roaming\mozilla\Firefox\Profiles\5jjvib2v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/05 15:23:49 | 000,000,000 | ---D | M] (Email This! Bookmarklet Extension) -- C:\Users\LATTIACH\AppData\Roaming\mozilla\Firefox\Profiles\5jjvib2v.default\extensions\gmailthis@lazyrussian.com
[2011/01/26 19:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/01/31 15:43:30 | 000,000,000 | ---D | M] (Trend Micro NSC Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\CLIENT SERVER SECURITY AGENT\BHO\1003\FIREFOXEXTENSION
[2010/11/30 18:29:29 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/11/30 18:29:29 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/11/30 18:29:29 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/11/30 18:29:29 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/11/30 18:29:29 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: () - {6FD8C489-CD44-6AA7-BA2E-B6EC70CE73D6} - C:\Windows\System32\gveyczcc.dll (whrjecmixm Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe ()
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe ()
O4 - HKLM..\Run: [OE] C:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe ()
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RtHDVCpl] C:\windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant .exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\Windows\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\LATTIACH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} https://static.impots.gouv.fr/abos/stat ... rtdgi1.cab (Module de délivrance de certificat MINEFI)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.251
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fib-sa.priv
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/06/23 17:52:22 | 000,000,023 | ---- | M] () - C:\autohook.bat -- [ NTFS ]
O32 - AutoRun File - [2007/06/01 16:00:45 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{56954671-de01-11df-b1a0-001a4be38dca}\Shell - "" = AutoRun
O33 - MountPoints2\{56954671-de01-11df-b1a0-001a4be38dca}\Shell\AutoRun\command - "" = H:\Loader.EXE
O33 - MountPoints2\{5db16f25-c99d-11df-9e1b-001a4be38dca}\Shell\Shell00\Command - "" = H:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: iyblrxpe - C:\Windows\System32\gveyczcc.dll (whrjecmixm Corporation)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/02/01 10:54:44 | 000,727,040 | ---- | C] (whrjecmixm Corporation) -- C:\windows\System32\gveyczcc.dll
[2011/01/31 20:05:22 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\LATTIACH\Desktop\OTL.exe
[2011/01/31 19:47:53 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\LATTIACH\Desktop\HThis.exe
[2011/01/31 17:42:08 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/01/31 17:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/01/31 17:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/01/31 17:31:41 | 000,000,000 | ---D | C] -- C:\Users\LATTIACH\Desktop\DIVERS
[2011/01/26 19:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Fun4IM
[2011/01/26 19:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar
[2011/01/26 19:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Fun4IM
[2011/01/25 14:06:02 | 000,000,000 | ---D | C] -- C:\windows\pss
[2011/01/25 13:12:34 | 000,000,000 | ---D | C] -- C:\Users\LATTIACH\AppData\Roaming\ED22ADD787FF1173B9FDA06F019CD652
[2011/01/12 02:58:06 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbc32.dll
[2011/01/12 02:58:02 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdclt.exe
[2011/01/04 22:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/01/04 21:48:48 | 000,000,000 | ---D | C] -- C:\Users\LATTIACH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Satsuki Decoder Pack
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/01 11:40:00 | 000,000,430 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{A40F617A-B334-4C5B-BA3F-A47A0624285C}.job
[2011/02/01 11:35:18 | 000,005,849 | ---- | M] () -- C:\windows\cfgall.ini
[2011/02/01 11:15:01 | 000,001,054 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/01 11:05:49 | 000,001,050 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/01 11:05:06 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2011/02/01 11:03:54 | 000,003,168 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/01 11:03:54 | 000,003,168 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/01 11:03:40 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/02/01 11:00:00 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At84.job
[2011/02/01 11:00:00 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At60.job
[2011/02/01 11:00:00 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At36.job
[2011/02/01 11:00:00 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At132.job
[2011/02/01 11:00:00 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At12.job
[2011/02/01 11:00:00 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At108.job
[2011/02/01 10:54:52 | 000,030,431 | ---- | M] () -- C:\Users\LATTIACH\Desktop\Trojan.jpg
[2011/02/01 10:54:44 | 000,727,040 | ---- | M] (whrjecmixm Corporation) -- C:\windows\System32\gveyczcc.dll
[2011/02/01 10:52:15 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At99.job
[2011/02/01 10:52:15 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At98.job
[2011/02/01 10:52:15 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At97.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At144.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At143.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At142.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At141.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At140.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At139.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At138.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At137.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At136.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At135.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At134.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At133.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At131.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At130.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At129.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At128.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At127.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At126.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At125.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At124.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At123.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At122.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At121.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At120.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At119.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At118.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At117.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At116.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At115.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At114.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At113.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At112.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At111.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At110.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At109.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At107.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At106.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At105.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At104.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At103.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At102.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At101.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At100.job
[2011/02/01 10:44:31 | 000,079,362 | ---- | M] () -- C:\ProgramData\G6v1PnIV.exe
[2011/02/01 10:44:31 | 000,000,112 | ---- | M] () -- C:\ProgramData\Sx6L4Gp.dat
[2011/02/01 10:44:16 | 000,804,910 | ---- | M] () -- C:\windows\System32\perfh00C.dat
[2011/02/01 10:44:16 | 000,722,710 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/02/01 10:44:16 | 000,166,910 | ---- | M] () -- C:\windows\System32\perfc00C.dat
[2011/02/01 10:44:16 | 000,144,578 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At96.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At95.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At94.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At93.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At92.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At91.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At90.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At89.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At88.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At87.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At86.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At85.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At83.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At82.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At81.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At80.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At79.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At78.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At77.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At76.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At75.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At74.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At73.job
[2011/01/31 20:38:57 | 000,000,036 | ---- | M] () -- C:\Users\LATTIACH\AppData\Local\housecall.guid.cache
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At9.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At8.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At70.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At7.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At69.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At68.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At61.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At6.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At59.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At58.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At57.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At56.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At55.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At54.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At53.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At52.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At51.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At50.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At5.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At49.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At48.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At47.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At46.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At45.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At44.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At43.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At42.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At41.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At40.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At4.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At39.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At38.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At37.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At35.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At34.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At33.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At32.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At31.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At30.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At3.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At29.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At28.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At27.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At26.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At25.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At24.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At23.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At22.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At21.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At20.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At2.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At19.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At18.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At17.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At16.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At15.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At14.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At13.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At11.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At10.job
[2011/01/31 20:21:26 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At1.job
[2011/01/31 20:05:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\LATTIACH\Desktop\OTL.exe
[2011/01/31 20:00:59 | 000,377,080 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/01/31 19:49:13 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\LATTIACH\Desktop\HThis.exe
[2011/01/31 19:14:32 | 000,000,680 | ---- | M] () -- C:\Users\LATTIACH\AppData\Local\d3d9caps.dat
[2011/01/31 18:55:05 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At71.job
[2011/01/31 18:55:05 | 000,000,268 | ---- | M] () -- C:\windows\tasks\At72.job
[2011/01/31 18:54:58 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At67.job
[2011/01/31 18:54:57 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At66.job
[2011/01/31 18:54:56 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At65.job
[2011/01/31 18:54:56 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At64.job
[2011/01/31 18:54:55 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At63.job
[2011/01/31 18:54:54 | 000,000,336 | ---- | M] () -- C:\windows\tasks\At62.job
[2011/01/31 17:41:45 | 000,000,913 | ---- | M] () -- C:\Users\LATTIACH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/31 17:41:19 | 000,000,733 | ---- | M] () -- C:\Users\LATTIACH\Desktop\NTREGOPT.lnk
[2011/01/31 17:41:19 | 000,000,714 | ---- | M] () -- C:\Users\LATTIACH\Desktop\ERUNT.lnk
[2011/01/31 17:37:06 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/31 16:31:32 | 000,002,711 | ---- | M] () -- C:\Users\LATTIACH\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/01/31 15:48:28 | 000,000,434 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{5C022778-487A-45D0-AEBC-C4C2423B14F4}.job
[2011/01/06 14:56:35 | 000,002,665 | ---- | M] () -- C:\Users\LATTIACH\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2011/01/05 15:04:39 | 000,033,579 | ---- | M] () -- C:\tempSendPage____Modules_pour_Firefox.html
[2011/01/05 14:55:03 | 000,001,748 | ---- | M] () -- C:\Users\LATTIACH\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/01/04 21:44:15 | 000,027,136 | ---- | M] () -- C:\Users\LATTIACH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
laurentfib
 
Messages: 27
Inscription: 31 Jan 2011, 18:37
Localisation: Paris

Re: TrojanDownloader:Win32/Huruy.H

Messagede laurentfib » 01 Fév 2011, 14:02

(suite)

========== Files Created - No Company Name ==========

[2011/02/01 10:48:06 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At144.job
[2011/02/01 10:48:04 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At143.job
[2011/02/01 10:47:59 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At142.job
[2011/02/01 10:47:55 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At141.job
[2011/02/01 10:47:48 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At140.job
[2011/02/01 10:47:47 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At139.job
[2011/02/01 10:47:46 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At138.job
[2011/02/01 10:47:45 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At137.job
[2011/02/01 10:47:44 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At136.job
[2011/02/01 10:47:43 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At135.job
[2011/02/01 10:47:41 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At134.job
[2011/02/01 10:47:40 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At133.job
[2011/02/01 10:47:39 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At132.job
[2011/02/01 10:47:39 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At131.job
[2011/02/01 10:47:38 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At130.job
[2011/02/01 10:47:37 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At129.job
[2011/02/01 10:47:36 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At128.job
[2011/02/01 10:47:35 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At127.job
[2011/02/01 10:47:34 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At126.job
[2011/02/01 10:47:33 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At125.job
[2011/02/01 10:47:32 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At124.job
[2011/02/01 10:47:31 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At123.job
[2011/02/01 10:47:30 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At122.job
[2011/02/01 10:47:30 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At121.job
[2011/02/01 10:45:27 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At120.job
[2011/02/01 10:45:26 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At119.job
[2011/02/01 10:45:25 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At118.job
[2011/02/01 10:45:24 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At117.job
[2011/02/01 10:45:24 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At116.job
[2011/02/01 10:45:23 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At115.job
[2011/02/01 10:45:23 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At114.job
[2011/02/01 10:45:22 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At113.job
[2011/02/01 10:45:21 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At112.job
[2011/02/01 10:45:21 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At111.job
[2011/02/01 10:45:20 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At110.job
[2011/02/01 10:45:19 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At109.job
[2011/02/01 10:45:17 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At108.job
[2011/02/01 10:45:15 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At107.job
[2011/02/01 10:45:14 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At106.job
[2011/02/01 10:45:12 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At105.job
[2011/02/01 10:45:10 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At104.job
[2011/02/01 10:45:09 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At103.job
[2011/02/01 10:45:08 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At102.job
[2011/02/01 10:45:07 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At101.job
[2011/02/01 10:44:51 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At100.job
[2011/02/01 10:44:49 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At99.job
[2011/02/01 10:44:48 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At98.job
[2011/02/01 10:44:46 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At97.job
[2011/01/31 21:05:01 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At96.job
[2011/01/31 21:05:00 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At95.job
[2011/01/31 21:04:59 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At94.job
[2011/01/31 21:04:58 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At93.job
[2011/01/31 21:04:58 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At92.job
[2011/01/31 21:04:57 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At91.job
[2011/01/31 21:04:56 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At90.job
[2011/01/31 21:04:55 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At89.job
[2011/01/31 21:04:55 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At88.job
[2011/01/31 21:04:54 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At87.job
[2011/01/31 21:04:53 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At86.job
[2011/01/31 21:04:52 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At85.job
[2011/01/31 21:04:51 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At84.job
[2011/01/31 21:04:50 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At83.job
[2011/01/31 21:04:49 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At82.job
[2011/01/31 21:04:48 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At81.job
[2011/01/31 21:04:46 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At80.job
[2011/01/31 21:04:45 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At79.job
[2011/01/31 21:04:44 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At78.job
[2011/01/31 21:04:43 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At77.job
[2011/01/31 21:04:43 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At76.job
[2011/01/31 21:04:42 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At75.job
[2011/01/31 21:04:41 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At74.job
[2011/01/31 21:04:41 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At73.job
[2011/01/31 19:01:24 | 000,000,680 | ---- | C] () -- C:\Users\LATTIACH\AppData\Local\d3d9caps.dat
[2011/01/31 18:55:05 | 000,000,268 | ---- | C] () -- C:\windows\tasks\At72.job
[2011/01/31 18:55:01 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At71.job
[2011/01/31 18:55:00 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At70.job
[2011/01/31 18:54:59 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At69.job
[2011/01/31 18:54:58 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At68.job
[2011/01/31 18:54:57 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At67.job
[2011/01/31 18:54:56 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At66.job
[2011/01/31 18:54:56 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At65.job
[2011/01/31 18:54:55 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At64.job
[2011/01/31 18:54:55 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At63.job
[2011/01/31 18:54:54 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At62.job
[2011/01/31 18:54:53 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At61.job
[2011/01/31 18:54:53 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At60.job
[2011/01/31 18:54:52 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At59.job
[2011/01/31 18:54:51 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At58.job
[2011/01/31 18:54:51 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At57.job
[2011/01/31 18:54:50 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At56.job
[2011/01/31 18:54:49 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At55.job
[2011/01/31 18:54:49 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At54.job
[2011/01/31 18:54:48 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At53.job
[2011/01/31 18:54:48 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At52.job
[2011/01/31 18:54:47 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At51.job
[2011/01/31 18:54:47 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At50.job
[2011/01/31 18:54:46 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At49.job
[2011/01/31 18:52:38 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At48.job
[2011/01/31 18:52:38 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At47.job
[2011/01/31 18:52:37 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At46.job
[2011/01/31 18:52:36 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At45.job
[2011/01/31 18:52:35 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At44.job
[2011/01/31 18:52:34 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At43.job
[2011/01/31 18:52:31 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At42.job
[2011/01/31 18:52:30 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At41.job
[2011/01/31 18:52:30 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At40.job
[2011/01/31 18:52:29 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At39.job
[2011/01/31 18:52:28 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At38.job
[2011/01/31 18:52:27 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At37.job
[2011/01/31 18:52:26 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At36.job
[2011/01/31 18:52:25 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At35.job
[2011/01/31 18:52:25 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At34.job
[2011/01/31 18:52:24 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At33.job
[2011/01/31 18:52:23 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At32.job
[2011/01/31 18:52:23 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At31.job
[2011/01/31 18:52:21 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At30.job
[2011/01/31 18:52:20 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At29.job
[2011/01/31 18:52:20 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At28.job
[2011/01/31 18:52:19 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At27.job
[2011/01/31 18:52:19 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At26.job
[2011/01/31 18:52:18 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At25.job
[2011/01/31 18:49:07 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At24.job
[2011/01/31 18:49:06 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At23.job
[2011/01/31 18:49:06 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At22.job
[2011/01/31 18:49:05 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At21.job
[2011/01/31 18:49:05 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At20.job
[2011/01/31 18:49:05 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At19.job
[2011/01/31 18:49:04 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At18.job
[2011/01/31 18:49:03 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At17.job
[2011/01/31 18:49:03 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At16.job
[2011/01/31 18:49:03 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At15.job
[2011/01/31 18:49:02 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At14.job
[2011/01/31 18:49:02 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At13.job
[2011/01/31 18:49:01 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At12.job
[2011/01/31 18:49:01 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At11.job
[2011/01/31 18:48:59 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At9.job
[2011/01/31 18:48:59 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At10.job
[2011/01/31 18:48:58 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At8.job
[2011/01/31 18:48:58 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At7.job
[2011/01/31 18:48:57 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At6.job
[2011/01/31 18:48:57 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At5.job
[2011/01/31 18:48:56 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At4.job
[2011/01/31 18:48:56 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At3.job
[2011/01/31 18:48:55 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At2.job
[2011/01/31 18:48:55 | 000,000,336 | ---- | C] () -- C:\windows\tasks\At1.job
[2011/01/31 17:41:45 | 000,000,913 | ---- | C] () -- C:\Users\LATTIACH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/31 17:41:19 | 000,000,733 | ---- | C] () -- C:\Users\LATTIACH\Desktop\NTREGOPT.lnk
[2011/01/31 17:41:19 | 000,000,714 | ---- | C] () -- C:\Users\LATTIACH\Desktop\ERUNT.lnk
[2011/01/31 17:37:06 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/31 16:35:27 | 000,030,431 | ---- | C] () -- C:\Users\LATTIACH\Desktop\Trojan.jpg
[2011/01/31 16:31:52 | 000,000,112 | ---- | C] () -- C:\ProgramData\Sx6L4Gp.dat
[2011/01/31 16:31:50 | 000,079,362 | ---- | C] () -- C:\ProgramData\G6v1PnIV.exe
[2011/01/25 15:08:04 | 000,005,000 | ---- | C] () -- C:\Users\LATTIACH\AppData\Local\6FD8C489-CD44-6AA7-BA2E-B6EC70CE73D6.txt
[2011/01/13 12:03:15 | 000,001,134 | ---- | C] () -- C:\Users\LATTIACH\ebp.errors.txt
[2011/01/05 15:04:39 | 000,033,579 | ---- | C] () -- C:\tempSendPage____Modules_pour_Firefox.html
[2011/01/05 14:28:41 | 000,001,748 | ---- | C] () -- C:\Users\LATTIACH\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/15 21:16:50 | 000,070,144 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/11/09 18:42:28 | 000,000,938 | ---- | C] () -- C:\windows\Kaluach3.INI
[2010/07/23 13:46:48 | 000,000,043 | ---- | C] () -- C:\windows\gswin32.ini
[2010/05/27 23:33:25 | 000,005,993 | ---- | C] () -- C:\windows\cfgspyps.ini
[2010/05/27 23:33:24 | 000,006,414 | ---- | C] () -- C:\windows\cfgps.ini
[2010/05/26 21:09:55 | 000,000,015 | ---- | C] () -- C:\Users\LATTIACH\AppData\Roaming\4787de44
[2010/05/26 18:05:41 | 000,000,036 | ---- | C] () -- C:\Users\LATTIACH\AppData\Local\housecall.guid.cache
[2010/02/22 12:59:43 | 000,000,184 | ---- | C] () -- C:\windows\bti.ini
[2010/01/26 16:26:35 | 000,043,760 | ---- | C] () -- C:\windows\System32\nwlocale.dll
[2010/01/14 16:49:22 | 000,027,136 | ---- | C] () -- C:\Users\LATTIACH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/13 20:07:47 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2010/01/08 19:31:24 | 000,005,849 | ---- | C] () -- C:\windows\cfgall.ini
[2009/11/12 13:48:58 | 000,005,504 | ---- | C] () -- C:\windows\System32\StarOpen.sys
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\windows\System32\igklg450.dll
[2008/01/02 16:47:22 | 000,104,636 | ---- | C] () -- C:\windows\System32\igmedcompkrn.dll
[2007/11/20 16:51:28 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2007/07/10 15:43:52 | 000,002,416 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/06/02 00:08:10 | 000,910,304 | ---- | C] () -- C:\windows\System32\igmedkrn.dll
[2007/06/02 00:08:10 | 000,204,800 | ---- | C] () -- C:\windows\System32\igfxCoIn_v1244.dll
[2007/06/01 15:48:18 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2007/06/01 15:48:18 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2007/06/01 15:48:18 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2007/06/01 15:48:18 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2007/06/01 15:48:18 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2007/06/01 15:48:18 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[1998/05/07 03:10:00 | 000,069,632 | R--- | C] () -- C:\windows\System32\ODMA32.dll

========== LOP Check ==========

[2007/06/25 08:42:17 | 000,000,000 | ---D | M] -- C:\Users\Admin DDCMP\AppData\Roaming\Infineon
[2007/06/25 08:30:48 | 000,000,000 | ---D | M] -- C:\Users\Admin DDCMP\AppData\Roaming\SampleView
[2010/01/08 18:45:16 | 000,000,000 | ---D | M] -- C:\Users\Administrateur.CL07\AppData\Roaming\Infineon
[2010/03/04 15:46:59 | 000,000,000 | ---D | M] -- C:\Users\LATTIACH\AppData\Roaming\Canneverbe Limited
[2010/01/26 16:11:22 | 000,000,000 | ---D | M] -- C:\Users\LATTIACH\AppData\Roaming\EBP
[2011/01/25 16:11:19 | 000,000,000 | ---D | M] -- C:\Users\LATTIACH\AppData\Roaming\ED22ADD787FF1173B9FDA06F019CD652
[2010/01/08 19:40:07 | 000,000,000 | ---D | M] -- C:\Users\LATTIACH\AppData\Roaming\Infineon
[2010/12/07 20:24:57 | 000,000,000 | ---D | M] -- C:\Users\LATTIACH\AppData\Roaming\Nokia
[2010/06/28 15:57:41 | 000,000,000 | ---D | M] -- C:\Users\LATTIACH\AppData\Roaming\Nokia Ovi Suite
[2010/06/28 15:54:03 | 000,000,000 | ---D | M] -- C:\Users\LATTIACH\AppData\Roaming\PC Suite
[2010/02/04 11:27:22 | 000,000,000 | ---D | M] -- C:\Users\LATTIACH\AppData\Roaming\SampleView
[2011/01/26 20:44:29 | 000,000,000 | ---D | M] -- C:\Users\LATTIACH\AppData\Roaming\TeamViewer
[2010/12/07 20:25:41 | 000,000,000 | ---D | M] -- C:\Users\LATTIACH\AppData\Roaming\Windows Live Writer
[2011/01/31 20:21:26 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At10.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At100.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At101.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At102.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At103.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At104.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At105.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At106.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At107.job
[2011/02/01 11:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At108.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At109.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At11.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At110.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At111.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At112.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At113.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At114.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At115.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At116.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At117.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At118.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At119.job
[2011/02/01 11:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At12.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At120.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At121.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At122.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At123.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At124.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At125.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At126.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At127.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At128.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At129.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At13.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At130.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At131.job
[2011/02/01 11:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At132.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At133.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At134.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At135.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At136.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At137.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At138.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At139.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At14.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At140.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At141.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At142.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At143.job
[2011/02/01 10:52:14 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At144.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At15.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At16.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At17.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At18.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At19.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At20.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At21.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At22.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At23.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At24.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At25.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At26.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At27.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At28.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At29.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At3.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At30.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At31.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At32.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At33.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At34.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At35.job
[2011/02/01 11:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At36.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At37.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At38.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At39.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At4.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At40.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At41.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At42.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At43.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At44.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At45.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At46.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At47.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At48.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At49.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At5.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At50.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At51.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At52.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At53.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At54.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At55.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At56.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At57.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At58.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At59.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At6.job
[2011/02/01 11:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At60.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At61.job
[2011/01/31 18:54:54 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At62.job
[2011/01/31 18:54:55 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At63.job
[2011/01/31 18:54:56 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At64.job
[2011/01/31 18:54:56 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At65.job
[2011/01/31 18:54:57 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At66.job
[2011/01/31 18:54:58 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At67.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At68.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At69.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At7.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At70.job
[2011/01/31 18:55:05 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At71.job
[2011/01/31 18:55:05 | 000,000,268 | ---- | M] () -- C:\Windows\Tasks\At72.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At73.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At74.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At75.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At76.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At77.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At78.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At79.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At8.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At80.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At81.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At82.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At83.job
[2011/02/01 11:00:00 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At84.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At85.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At86.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At87.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At88.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At89.job
[2011/01/31 20:21:27 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At9.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At90.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At91.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At92.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At93.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At94.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At95.job
[2011/01/31 21:08:59 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At96.job
[2011/02/01 10:52:15 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At97.job
[2011/02/01 10:52:15 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At98.job
[2011/02/01 10:52:15 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\At99.job
[2011/02/01 10:51:12 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/01/31 15:48:28 | 000,000,434 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5C022778-487A-45D0-AEBC-C4C2423B14F4}.job
[2011/02/01 11:40:00 | 000,000,430 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{A40F617A-B334-4C5B-BA3F-A47A0624285C}.job
[2008/11/27 15:15:19 | 000,000,258 | ---- | M] () -- C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2010/01/09 14:32:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2010/01/09 14:32:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2010/01/09 14:32:34 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: CTFMON.EXE >
[2006/11/02 10:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\System32\ctfmon.exe
[2006/11/02 10:45:00 | 000,008,704 | ---- | M] (Microsoft Corporation) MD5=22BFD03DF51065A9ED8D17F8FB72296B -- C:\Windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.0.6000.16386_none_9af9cad793a67953\ctfmon.exe

< MD5 for: EXPLORER.EXE >
[2010/01/09 14:29:28 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010/01/09 14:29:27 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010/01/09 14:29:26 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010/01/09 15:58:37 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010/01/09 15:58:36 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010/01/09 14:29:27 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTOR.SYS >
[2006/10/31 14:46:36 | 000,250,368 | ---- | M] (Intel Corporation) MD5=DE01BF14FFB150C779FD561BD0E3C5C5 -- C:\swsetup\Drivers\MSD\RAID\Intel\ICH8\iaStor.sys
[2006/10/31 14:46:36 | 000,250,368 | ---- | M] (Intel Corporation) MD5=DE01BF14FFB150C779FD561BD0E3C5C5 -- C:\Windows\System32\drivers\iaStor.sys
[2006/10/31 14:46:36 | 000,250,368 | ---- | M] (Intel Corporation) MD5=DE01BF14FFB150C779FD561BD0E3C5C5 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ee67416f\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USERINIT.EXE >
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WININIT.EXE >
[2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010/11/02 06:58:11 | 000,602,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msfeeds.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< End of report >

======================================================

OTL Extras logfile created on: 01/02/2011 11:42:39 - Run 2
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\LATTIACH\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 134,94 Gb Total Space | 89,79 Gb Free Space | 66,54% Space Free | Partition Type: NTFS
Drive D: | 12,05 Gb Total Space | 6,35 Gb Free Space | 52,70% Space Free | Partition Type: NTFS
Drive E: | 1,95 Gb Total Space | 1,74 Gb Free Space | 89,34% Space Free | Partition Type: NTFS
Drive G: | 136,89 Gb Total Space | 30,41 Gb Free Space | 22,21% Space Free | Partition Type: NTFS
Drive P: | 136,89 Gb Total Space | 30,41 Gb Free Space | 22,21% Space Free | Partition Type: NTFS
Drive U: | 230,23 Gb Total Space | 120,16 Gb Free Space | 52,19% Space Free | Partition Type: NTFS
Drive V: | 230,23 Gb Total Space | 120,16 Gb Free Space | 52,19% Space Free | Partition Type: NTFS

Computer Name: CL07 | User Name: lattiach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntivirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{056EAD4F-8CC2-40EE-822F-0150D6FD96D3}" = lport=37851 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
"{0A440038-2A72-4D1D-A359-8402C8F47217}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0DAABBE3-2C2E-4EBF-B0DE-78A2B207680C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3418B8CF-6B2F-49FE-B812-B5321AD132E7}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{664B3C8D-2740-4922-9F49-A9CDA7633D9D}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8CD382C1-91A5-4568-9AE0-AA6E690EE414}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9B6C5A6F-0502-4921-85D6-52A5F73F23C6}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AAC89B50-5E4E-4496-862B-DF14EF6C139D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{AE4E855A-8FED-4726-8E98-FC1BDBAF768B}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BA7A21D1-9E36-4594-8D34-A34B22EBC1CF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C369BF87-B61B-4270-BBD1-345EF3BDB697}" = lport=3389 | protocol=6 | dir=in | app=system |
"{C44D5E1C-4006-41FE-9ED7-776CF3393845}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C7E212D0-3895-4DFA-A3F3-2E3448F13420}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CA270B03-4980-4428-9D73-414CB16AD7BD}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{EFE28FE2-80FE-4B49-BBFB-FDF2F6D4EBEC}" = lport=37851 | protocol=6 | dir=in | name=trend micro client/server security agent listener |
"{F61F2381-C7F4-42EE-A4E9-0AF238625064}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{196B3F79-73D1-4ADC-929A-1F150DD22DAD}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{2085FFC8-1717-42EB-B47D-2535438A625F}" = protocol=17 | dir=in | app=c:\pvsw\bin\w3dbsmgr.exe |
"{3A6E6E24-2478-49D7-8358-F578EEB48090}" = protocol=6 | dir=in | app=c:\pvsw\bin\w3dbsmgr.exe |
"{45EB5160-A872-4479-8C27-A1B9D29C9E9B}" = protocol=6 | dir=in | app=c:\pvsw\bin\w3dbsmgr.exe |
"{56BCFA4B-0AA1-481A-93CA-585A1CF6504A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{728EFF09-8D55-44D7-8B6D-CF1EB4345E5E}" = protocol=17 | dir=in | app=c:\pvsw\bin\w3dbsmgr.exe |
"{B14BAEAA-2A6B-441A-8B38-3B8B01875977}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C89A890F-69C9-4143-BD0B-8556C9C979C1}" = protocol=6 | dir=in | app=c:\program files\surfoffline professional 2\so_pro.exe |
"{D46C12D2-0B98-43C4-80FD-8D6A8070F42A}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{E67CF026-4D2F-40DB-8223-3DEBE5DFADA5}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{EA20F128-66F3-4F62-ABC7-47DF433E831B}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version5\teamviewer.exe |
"{EA6A96F4-9DF7-4244-803D-2D268896FEAD}" = protocol=17 | dir=in | app=c:\program files\surfoffline professional 2\so_pro.exe |
"TCP Query User{03D8A582-E3E1-465E-B41F-6F9C048910EE}C:\program files\ebp\compta15.0\compta.exe" = protocol=6 | dir=in | app=c:\program files\ebp\compta15.0\compta.exe |
"TCP Query User{0EC548AF-D258-400B-B153-E4F2EBDC88D5}C:\program files\ebp\compta13.1\compta.exe" = protocol=6 | dir=in | app=c:\program files\ebp\compta13.1\compta.exe |
"TCP Query User{40D7004A-96E8-4CA9-9501-371720D59F1A}C:\users\ohayon7\temp\teamviewer\version5\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\ohayon7\temp\teamviewer\version5\teamviewer.exe |
"TCP Query User{4CB3D381-4484-42D4-801B-9CEFF0BA2070}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=6 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
"TCP Query User{83E0AF31-07D2-472C-80BE-7DC757370097}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=6 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"TCP Query User{A6D9277B-ABE5-4B9A-921A-E49F5A0164B4}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{CCC253E4-105D-4C42-A264-EB107F0C3216}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"TCP Query User{DEF12BDE-814E-40F1-B192-C562EDF08E26}C:\users\lattiach\desktop\gw-5.00\gw\gwsetup.exe" = protocol=6 | dir=in | app=c:\users\lattiach\desktop\gw-5.00\gw\gwsetup.exe |
"TCP Query User{DFCD928A-0787-459A-B065-AC155E1A5E85}C:\program files\ebp\compta14.1\compta.exe" = protocol=6 | dir=in | app=c:\program files\ebp\compta14.1\compta.exe |
"TCP Query User{E5CF5E1E-CDF3-441E-BECF-958F3CCFB731}C:\program files\microsoft office\office12\outlook.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"TCP Query User{EBC1DAAA-89CE-4756-AF67-0B14C810BE3A}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{F47AB11F-A3C6-476F-ABEA-2FE96435A7DF}C:\windows\system32\mstsc.exe" = protocol=6 | dir=in | app=c:\windows\system32\mstsc.exe |
"TCP Query User{FD260819-71F2-4C84-B881-54A648165879}C:\program files\microsoft office\office12\excel.exe" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\excel.exe |
"UDP Query User{1EFD57E4-AA8D-4682-82D7-7F9D44FE2B04}C:\windows\system32\mstsc.exe" = protocol=17 | dir=in | app=c:\windows\system32\mstsc.exe |
"UDP Query User{3175DEED-F4DB-466E-B9A7-6272CF791175}C:\program files\java\jre1.6.0\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0\bin\javaw.exe |
"UDP Query User{4A49D5F7-E67A-43ED-AEE8-A99B0E2DC45F}C:\program files\ebp\compta14.1\compta.exe" = protocol=17 | dir=in | app=c:\program files\ebp\compta14.1\compta.exe |
"UDP Query User{4C1C5679-3AD3-46CD-90D6-9C718512BF26}C:\program files\nokia\nokia ovi suite\nokiaovisuite.exe" = protocol=17 | dir=in | app=c:\program files\nokia\nokia ovi suite\nokiaovisuite.exe |
"UDP Query User{5F655530-63F2-4EAD-96F8-F827391CBBEE}C:\program files\ebp\compta13.1\compta.exe" = protocol=17 | dir=in | app=c:\program files\ebp\compta13.1\compta.exe |
"UDP Query User{82BDA6DD-8E35-436F-933C-20503CF725BA}C:\program files\microsoft office\office12\outlook.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"UDP Query User{8D35FAB4-8002-4B36-8651-31878A17072A}C:\users\ohayon7\temp\teamviewer\version5\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\ohayon7\temp\teamviewer\version5\teamviewer.exe |
"UDP Query User{910136CB-C699-416B-9FEE-9FE751494A3F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{BA427238-3C7E-4E95-980C-DD1E76318AA1}C:\program files\microsoft office\office12\excel.exe" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\excel.exe |
"UDP Query User{BC20E10F-1B13-49C4-87A5-B50FCD7B4EA9}C:\users\lattiach\desktop\gw-5.00\gw\gwsetup.exe" = protocol=17 | dir=in | app=c:\users\lattiach\desktop\gw-5.00\gw\gwsetup.exe |
"UDP Query User{C47E9877-96B1-4A1F-A2A0-2FCAB379DC65}C:\program files\ebp\compta15.0\compta.exe" = protocol=17 | dir=in | app=c:\program files\ebp\compta15.0\compta.exe |
"UDP Query User{D79FDC46-CF45-4BA5-9786-B3AF778E7043}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{E910437F-BD30-4A0B-88FE-7577E07E80AE}C:\program files\common files\nokia\service layer\a\nsl_host_process.exe" = protocol=17 | dir=in | app=c:\program files\common files\nokia\service layer\a\nsl_host_process.exe |
laurentfib
 
Messages: 27
Inscription: 31 Jan 2011, 18:37
Localisation: Paris

Re: TrojanDownloader:Win32/Unruy.H

Messagede laurentfib » 01 Fév 2011, 14:45

(fin)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{010C0B4A-DC93-4BB4-893B-BDDE95355A3E}" = Freeware PDF Unlocker
"{0A8C97AD-DEED-4894-B446-3ABA95A77D0D}" = Windows Live Toolbar
"{0C1F8AA7-20A5-46E9-A521-00518C2C5455}" = EBP Compta 13.1
"{0CA6047C-D28B-4295-834A-07C52BA20C2D}" = Extension de Windows Live Toolbar (Windows Live Toolbar)
"{0CC70FEF-5068-4CD5-B4DE-86FFD98EC929}" = Menus intelligents (Windows Live Toolbar)
"{10A4CAB8-D1B8-4C8C-9F54-76BF6063E71B}" = EBP Compta 14.1
"{1235083F-52F9-44CC-9DF5-F9B7802BB9B7}" = ISO Recorder
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F24E48F-7692-4E89-8784-68DD4D2712A0}" = Microsoft SQL Server Native Client
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3380F354-C5F7-4E71-8F51-EEE6C3F06C62}" = Fichiers de prise en charge de l'installation de Microsoft SQL Server (Français)
"{3DFF4274-EBB0-4356-9692-972965018954}" = Windows Live Writer
"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup & Recovery Manager
"{485A3C50-34D0-4385-9701-C552F047FB14}" = EBP Communication Entreprise Expert
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{513D4318-BD39-40E6-B852-10E34BEA6AD1}" = EBP Compta 15.0
"{54844EBA-2C48-4655-A148-6D4BCCA23A6D}" = AttachmentOptions
"{54AE3AB9-3593-43BC-936F-3FDE1E29A063}" = Embedded Security for HP ProtectTools
"{5932A5C4-BB44-4CFB-AD66-1B826F4D788B}" = CDBurnerXP
"{5E39F2FB-0D5B-413E-903C-3F495017109C}" = EBP Utilitaire d'échanges 1.1
"{5FCFC78C-438A-4F4D-B266-E32B8468BAFC}" = Pervasive.SQL V8 Workgroup (v8.6)
"{617093CF-0B62-4B8B-87D0-DB8FD2A5156B}" = HP BIOS Configuration for ProtectTools
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{747D0A04-5BDA-478D-A010-68CCCBE4D15A}" = EBP Btrieve 8.6
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites pour Windows Live Toolbar
"{81B5F83F-2291-48B0-8375-36B63A9BF5B0}" = Surligneur (Windows Live Toolbar)
"{90120000-0015-040C-0000-0000000FF1CE}" = Microsoft Office Access MUI (French) 2007
"{90120000-0015-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-040C-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (French) 2007
"{90120000-0019-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-040C-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (French) 2007
"{90120000-001A-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_PROHYBRIDR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_PROHYBRIDR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_PROHYBRIDR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_PROHYBRIDR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90A4040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{914E1AB1-DCA0-4A7D-935F-B58C4B887A2B}" = HP ProtectTools Security Manager 2.00 F3
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{99C51CD7-CD46-421B-BFB3-0D663C4FB010}" = ULTRAVNC
"{A30179B7-997A-4D47-AA43-57AE59A9C78B}" = Microsoft SQL Server VSS Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{BADF6744-3787-48F6-B8C9-4C4995401D65}" = Windows Live Messenger
"{C514C594-23AA-4F13-A070-DB8BDB27594F}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D3116CC7-24DC-4CA3-9CE1-23FED836E9F2}" = Assistant de connexion Windows Live
"{ECEA7878-2100-4525-915D-B09174E36971}" = Trend Micro Client Server Security Agent
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}" = Windows Live installer
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.2.5 Professional
"Adobe Acrobat 8 Professional - English, Français, Deutsch_825" = Adobe Acrobat 8.2.5 - CPSID_83708
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ant Movie Catalog_is1" = Ant Movie Catalog
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.7
"EBP Btrieve 8.6" = EBP Btrieve 8.6
"EBP Communication Entreprise Expert" = EBP Communication Entreprise Expert
"EBP Compta 13.1" = EBP Compta 13.1
"EBP Compta 14.1" = EBP Compta 14.1
"EBP Compta 15.0" = EBP Compta 15.0
"EBP Utilitaire d'échanges 1.1" = EBP Utilitaire d'échanges 1.1
"ERUNT_is1" = ERUNT 1.1j
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MESOL" = Intel(R) Active Management Technology LMS Service and SOL Driver
"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"Pervasive System Analyzer" = Pervasive System Analyzer
"PROHYBRIDR" = 2007 Microsoft Office system
"Satsuki Decoder Pack" = Satsuki Decoder Pack
"SuperCopier2" = SuperCopier2
"SyncBack_is1" = SyncBack
"TeamViewer 5" = TeamViewer 5
"Unlocker" = Unlocker 1.8.8
"VLC media player" = VLC media player 1.1.4
"Windows Live Toolbar" = Windows Live Toolbar

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

========================================================

En attendant vos réponses
Avec mes remerciements

Laurent
.
laurentfib
 
Messages: 27
Inscription: 31 Jan 2011, 18:37
Localisation: Paris

Re: TrojanDownloader:Win32/Unruy.H

Messagede nickW » 03 Fév 2011, 00:20

Bonsoir,

Premiers nettoyages:


Étape 1: OTL (de OldTimer), préparation de la correction
Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Tous les programmes---->Accessoires---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:otl
SRV - [2011/02/01 10:54:44 | 000,727,040 | ---- | M] (whrjecmixm Corporation) [Auto | Running] -- C:\Windows\System32\gveyczcc.dll -- (iyblrxpe)
O2 - BHO: () - {6FD8C489-CD44-6AA7-BA2E-B6EC70CE73D6} - C:\Windows\System32\gveyczcc.dll (whrjecmixm Corporation)
NetSvcs: iyblrxpe - C:\Windows\System32\gveyczcc.dll (whrjecmixm Corporation)
O33 - MountPoints2\{56954671-de01-11df-b1a0-001a4be38dca}\Shell - "" = AutoRun
O33 - MountPoints2\{56954671-de01-11df-b1a0-001a4be38dca}\Shell\AutoRun\command - "" = H:\Loader.EXE
O33 - MountPoints2\{5db16f25-c99d-11df-9e1b-001a4be38dca}\Shell\Shell00\Command - "" = H:\Start.exe

:Files
C:\Windows\System32\gveyczcc.dll
C:\windows\tasks\At*.job
C:\ProgramData\G6v1PnIV.exe
C:\ProgramData\Sx6L4Gp.dat

:Commands
[emptytemp]



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: rkill (de Grinler), téléchargement
Remarque importante:
rkill est parfois, à tort, détecté comme nuisible. Si nécessaire, désactiver l'antivirus lors de son téléchargement.

Télécharger rkill via un clic droit suivi de Enregistrer la cible du lien sous ... depuis l'un des liens ci-dessous:

Lien 1
Lien 2
Lien 3

Enregistrer le fichier sur le Bureau.


Étape 3: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
(voir ici)


Étape 4: rkill (de Grinler), exécution
Faire un clic droit sur le fichier rkill téléchargé puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

Une fenêtre à fond noir va apparaître brièvement, puis disparaître.
En fin d'exécution, enregistrer le fichier rkill.log

Si rien ne se passe, ou si l'outil ne se lance pas, télécharger l'outil depuis un autre des trois liens ci-dessus et faire une nouvelle tentative d'exécution.

Si aucun des outils téléchargés depuis les trois liens ci-dessus ne semble fonctionner, télécharger une version renommée de rkill depuis iExplore.exe ou eXplorer.exe et essayer de le lancer.

Si aucun des cinq outils téléchargés ne semble fonctionner, ne pas continuer le nettoyage, et me prévenir sur le forum.

Ne pas faire redémarrer le PC.


Étape 5: OTL (de OldTimer), correction

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Correction: Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 6: Processus de contrôle en temps réel
Important: Si nécessaire, réactiver le module résident de l'antivirus.


Étape 7: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Tous les utilisateurs: Image

Puis cliquer sur le bouton Analyse: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 8: Résultats
Envoyer en réponse:
*- le rapport de rkill (contenu du fichier rkill.log situé dans le dossier SystemDrive\)
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]
*- le rapport de correction de OTL (contenu du fichier %SystemDrive%\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: TrojanDownloader:Win32/Unruy.H

Messagede laurentfib » 03 Fév 2011, 16:02

Bonjour NickW

Merci pour votre aide.

Pour commencer, j'ai téléchargé RKill depuis les 3 liens.
Les 3 liens fonctionnent, et j'ai telécharger 3 fichiers. Mais il y a un .exe, un .com, et un .scr
Pourtant il semble bien que ce soit les mêmes fichiers.

J'ai lancé Rkill.exe et l'ordinateur a rebooté automatiquement :(
J'ai renommé l'un des fichier en RK.exe et même problème.
Je pense que toto.exe aura le même effet.

Les symptomes :
- L'ordinateur fait des micro-flash (activité inconnue) dès l'ouverture et plante tout ce qu'il peut.
- Quand j'utilise internet, j'ai des renvois vers des pages non sollicités (Pub) et aussi vers des pages pornos.
- Acrobat Professionnel ferme les documents que j'ouvre au bout de 5 secondes.
- Etc...

Donc je travaille actuellement en mode sans-echec.

Questions :
Est-ce que je dois retenter toute votre procédure en mode sans echec ?
Ou bien
Est-ce qu'on peut tenter avec un live-cd pour "degrossir" les problèmes et ensuite affiner manuellement ?


Merci
A bientot
laurentfib
 
Messages: 27
Inscription: 31 Jan 2011, 18:37
Localisation: Paris

Re: TrojanDownloader:Win32/Unruy.H

Messagede nickW » 04 Fév 2011, 01:26

Bonsoir,

Peux-tu essayer d'effectuer la procédure en mode sans échec, sans utiliser rkill?

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: TrojanDownloader:Win32/Unruy.H

Messagede laurentfib » 04 Fév 2011, 15:39

Bonjour NickW,

J'ai effectué les manips :

- Demarrage en mode sans echec
- Chargement de fix.txt
- Exécution de Correction par OTL
- Redemarrage. Je choisi le mode sans echec
- Le rapport ne s'affiche pas
- Je redémarre en mode normal.
- Le rapport s'affiche, mais les activités bizarres continuent et windows defender affiche de nouveau le Trojan WinUnruy.h
- Je redémarre en mode sans echec et recommence la procédure.
- Chargement de fix.txt
- Exécution de Correction par OTL (très rapide par rapport à la première fois)
- Redemarrage. Je choisi à nouveau le mode sans echec
- Le rapport s'affiche
- Exécution de OTL Analyse (je n'ai pas coché liste blanche du registre approfondi puisque tu ne l'as pas demandé)

Voici mes rapports :
1/ Rapport de correction de OTL 1
2/ Rapport de correction de OTL 2
3/ Rapport principal de OTL

Si on ne se parle pas d'ici Lundi, je te souhaite un bon week-end

Laurent

1/ Rapport de correction de OTL 1

All processes killed
Error: Unable to interpret <rien> in the current context!
========== OTL ==========
Service iyblrxpe stopped successfully!
Service iyblrxpe deleted successfully!
C:\Windows\System32\gveyczcc.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FD8C489-CD44-6AA7-BA2E-B6EC70CE73D6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FD8C489-CD44-6AA7-BA2E-B6EC70CE73D6}\ deleted successfully.
File C:\Windows\System32\gveyczcc.dll not found.
iyblrxpe removed from NetSvcs value successfully!
File C:\Windows\System32\gveyczcc.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56954671-de01-11df-b1a0-001a4be38dca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56954671-de01-11df-b1a0-001a4be38dca}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56954671-de01-11df-b1a0-001a4be38dca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56954671-de01-11df-b1a0-001a4be38dca}\ not found.
File H:\Loader.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5db16f25-c99d-11df-9e1b-001a4be38dca}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5db16f25-c99d-11df-9e1b-001a4be38dca}\ not found.
File H:\Start.exe not found.
========== FILES ==========
File\Folder C:\Windows\System32\gveyczcc.dll not found.
C:\windows\tasks\At1.job moved successfully.
C:\windows\tasks\At10.job moved successfully.
C:\windows\tasks\At100.job moved successfully.
C:\windows\tasks\At101.job moved successfully.
C:\windows\tasks\At102.job moved successfully.
C:\windows\tasks\At103.job moved successfully.
C:\windows\tasks\At104.job moved successfully.
C:\windows\tasks\At105.job moved successfully.
C:\windows\tasks\At106.job moved successfully.
C:\windows\tasks\At107.job moved successfully.
C:\windows\tasks\At108.job moved successfully.
C:\windows\tasks\At109.job moved successfully.
C:\windows\tasks\At11.job moved successfully.
C:\windows\tasks\At110.job moved successfully.
C:\windows\tasks\At111.job moved successfully.
C:\windows\tasks\At112.job moved successfully.
C:\windows\tasks\At113.job moved successfully.
C:\windows\tasks\At114.job moved successfully.
C:\windows\tasks\At115.job moved successfully.
C:\windows\tasks\At116.job moved successfully.
C:\windows\tasks\At117.job moved successfully.
C:\windows\tasks\At118.job moved successfully.
C:\windows\tasks\At119.job moved successfully.
C:\windows\tasks\At12.job moved successfully.
C:\windows\tasks\At120.job moved successfully.
C:\windows\tasks\At121.job moved successfully.
C:\windows\tasks\At122.job moved successfully.
C:\windows\tasks\At123.job moved successfully.
C:\windows\tasks\At124.job moved successfully.
C:\windows\tasks\At125.job moved successfully.
C:\windows\tasks\At126.job moved successfully.
C:\windows\tasks\At127.job moved successfully.
C:\windows\tasks\At128.job moved successfully.
C:\windows\tasks\At129.job moved successfully.
C:\windows\tasks\At13.job moved successfully.
C:\windows\tasks\At130.job moved successfully.
C:\windows\tasks\At131.job moved successfully.
C:\windows\tasks\At132.job moved successfully.
C:\windows\tasks\At133.job moved successfully.
C:\windows\tasks\At134.job moved successfully.
C:\windows\tasks\At135.job moved successfully.
C:\windows\tasks\At136.job moved successfully.
C:\windows\tasks\At137.job moved successfully.
C:\windows\tasks\At138.job moved successfully.
C:\windows\tasks\At139.job moved successfully.
C:\windows\tasks\At14.job moved successfully.
C:\windows\tasks\At140.job moved successfully.
C:\windows\tasks\At141.job moved successfully.
C:\windows\tasks\At142.job moved successfully.
C:\windows\tasks\At143.job moved successfully.
C:\windows\tasks\At144.job moved successfully.
C:\windows\tasks\At145.job moved successfully.
C:\windows\tasks\At146.job moved successfully.
C:\windows\tasks\At147.job moved successfully.
C:\windows\tasks\At148.job moved successfully.
C:\windows\tasks\At149.job moved successfully.
C:\windows\tasks\At15.job moved successfully.
C:\windows\tasks\At150.job moved successfully.
C:\windows\tasks\At151.job moved successfully.
C:\windows\tasks\At152.job moved successfully.
C:\windows\tasks\At153.job moved successfully.
C:\windows\tasks\At154.job moved successfully.
C:\windows\tasks\At155.job moved successfully.
C:\windows\tasks\At156.job moved successfully.
C:\windows\tasks\At157.job moved successfully.
C:\windows\tasks\At158.job moved successfully.
C:\windows\tasks\At159.job moved successfully.
C:\windows\tasks\At16.job moved successfully.
C:\windows\tasks\At160.job moved successfully.
C:\windows\tasks\At161.job moved successfully.
C:\windows\tasks\At162.job moved successfully.
C:\windows\tasks\At163.job moved successfully.
C:\windows\tasks\At164.job moved successfully.
C:\windows\tasks\At165.job moved successfully.
C:\windows\tasks\At166.job moved successfully.
C:\windows\tasks\At167.job moved successfully.
C:\windows\tasks\At168.job moved successfully.
C:\windows\tasks\At169.job moved successfully.
C:\windows\tasks\At17.job moved successfully.
C:\windows\tasks\At170.job moved successfully.
C:\windows\tasks\At171.job moved successfully.
C:\windows\tasks\At172.job moved successfully.
C:\windows\tasks\At173.job moved successfully.
C:\windows\tasks\At174.job moved successfully.
C:\windows\tasks\At175.job moved successfully.
C:\windows\tasks\At176.job moved successfully.
C:\windows\tasks\At177.job moved successfully.
C:\windows\tasks\At178.job moved successfully.
C:\windows\tasks\At179.job moved successfully.
C:\windows\tasks\At18.job moved successfully.
C:\windows\tasks\At180.job moved successfully.
C:\windows\tasks\At181.job moved successfully.
C:\windows\tasks\At182.job moved successfully.
C:\windows\tasks\At183.job moved successfully.
C:\windows\tasks\At184.job moved successfully.
C:\windows\tasks\At185.job moved successfully.
C:\windows\tasks\At186.job moved successfully.
C:\windows\tasks\At187.job moved successfully.
C:\windows\tasks\At188.job moved successfully.
C:\windows\tasks\At189.job moved successfully.
C:\windows\tasks\At19.job moved successfully.
C:\windows\tasks\At190.job moved successfully.
C:\windows\tasks\At191.job moved successfully.
C:\windows\tasks\At192.job moved successfully.
C:\windows\tasks\At2.job moved successfully.
C:\windows\tasks\At20.job moved successfully.
C:\windows\tasks\At21.job moved successfully.
C:\windows\tasks\At22.job moved successfully.
C:\windows\tasks\At23.job moved successfully.
C:\windows\tasks\At24.job moved successfully.
C:\windows\tasks\At25.job moved successfully.
C:\windows\tasks\At26.job moved successfully.
C:\windows\tasks\At27.job moved successfully.
C:\windows\tasks\At28.job moved successfully.
C:\windows\tasks\At29.job moved successfully.
C:\windows\tasks\At3.job moved successfully.
C:\windows\tasks\At30.job moved successfully.
C:\windows\tasks\At31.job moved successfully.
C:\windows\tasks\At32.job moved successfully.
C:\windows\tasks\At33.job moved successfully.
C:\windows\tasks\At34.job moved successfully.
C:\windows\tasks\At35.job moved successfully.
C:\windows\tasks\At36.job moved successfully.
C:\windows\tasks\At37.job moved successfully.
C:\windows\tasks\At38.job moved successfully.
C:\windows\tasks\At39.job moved successfully.
C:\windows\tasks\At4.job moved successfully.
C:\windows\tasks\At40.job moved successfully.
C:\windows\tasks\At41.job moved successfully.
C:\windows\tasks\At42.job moved successfully.
C:\windows\tasks\At43.job moved successfully.
C:\windows\tasks\At44.job moved successfully.
C:\windows\tasks\At45.job moved successfully.
C:\windows\tasks\At46.job moved successfully.
C:\windows\tasks\At47.job moved successfully.
C:\windows\tasks\At48.job moved successfully.
C:\windows\tasks\At49.job moved successfully.
C:\windows\tasks\At5.job moved successfully.
C:\windows\tasks\At50.job moved successfully.
C:\windows\tasks\At51.job moved successfully.
C:\windows\tasks\At52.job moved successfully.
C:\windows\tasks\At53.job moved successfully.
C:\windows\tasks\At54.job moved successfully.
C:\windows\tasks\At55.job moved successfully.
C:\windows\tasks\At56.job moved successfully.
C:\windows\tasks\At57.job moved successfully.
C:\windows\tasks\At58.job moved successfully.
C:\windows\tasks\At59.job moved successfully.
C:\windows\tasks\At6.job moved successfully.
C:\windows\tasks\At60.job moved successfully.
C:\windows\tasks\At61.job moved successfully.
C:\windows\tasks\At62.job moved successfully.
C:\windows\tasks\At63.job moved successfully.
C:\windows\tasks\At64.job moved successfully.
C:\windows\tasks\At65.job moved successfully.
C:\windows\tasks\At66.job moved successfully.
C:\windows\tasks\At67.job moved successfully.
C:\windows\tasks\At68.job moved successfully.
C:\windows\tasks\At69.job moved successfully.
C:\windows\tasks\At7.job moved successfully.
C:\windows\tasks\At70.job moved successfully.
C:\windows\tasks\At71.job moved successfully.
C:\windows\tasks\At72.job moved successfully.
C:\windows\tasks\At73.job moved successfully.
C:\windows\tasks\At74.job moved successfully.
C:\windows\tasks\At75.job moved successfully.
C:\windows\tasks\At76.job moved successfully.
C:\windows\tasks\At77.job moved successfully.
C:\windows\tasks\At78.job moved successfully.
C:\windows\tasks\At79.job moved successfully.
C:\windows\tasks\At8.job moved successfully.
C:\windows\tasks\At80.job moved successfully.
C:\windows\tasks\At81.job moved successfully.
C:\windows\tasks\At82.job moved successfully.
C:\windows\tasks\At83.job moved successfully.
C:\windows\tasks\At84.job moved successfully.
C:\windows\tasks\At85.job moved successfully.
C:\windows\tasks\At86.job moved successfully.
C:\windows\tasks\At87.job moved successfully.
C:\windows\tasks\At88.job moved successfully.
C:\windows\tasks\At89.job moved successfully.
C:\windows\tasks\At9.job moved successfully.
C:\windows\tasks\At90.job moved successfully.
C:\windows\tasks\At91.job moved successfully.
C:\windows\tasks\At92.job moved successfully.
C:\windows\tasks\At93.job moved successfully.
C:\windows\tasks\At94.job moved successfully.
C:\windows\tasks\At95.job moved successfully.
C:\windows\tasks\At96.job moved successfully.
C:\windows\tasks\At97.job moved successfully.
C:\windows\tasks\At98.job moved successfully.
C:\windows\tasks\At99.job moved successfully.
File\Folder C:\ProgramData\G6v1PnIV.exe not found.
C:\ProgramData\Sx6L4Gp.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin DDCMP
->Temp folder emptied: 213938 bytes
->Temporary Internet Files folder emptied: 40647 bytes

User: Administrateur.CL07
->Temp folder emptied: 32848 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: B-SA

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: invité

User: LATTIACH
->Temp folder emptied: 22525376 bytes
->Temporary Internet Files folder emptied: 802936 bytes
->Java cache emptied: 11414397 bytes
->FireFox cache emptied: 43403289 bytes
->Flash cache emptied: 6411 bytes

User: Public

%systemdrive% .tmp files removed: 111719 bytes
%systemroot% .tmp files removed: 711168 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6358329 bytes
RecycleBin emptied: 2806743 bytes

Total Files Cleaned = 84,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02042011_133839

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


2/ Rapport de correction de OTL 2

All processes killed
Error: Unable to interpret <rien> in the current context!
========== OTL ==========
Error: No service named iyblrxpe was found to stop!
Service\Driver key iyblrxpe not found.
File C:\Windows\System32\gveyczcc.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FD8C489-CD44-6AA7-BA2E-B6EC70CE73D6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FD8C489-CD44-6AA7-BA2E-B6EC70CE73D6}\ not found.
File C:\Windows\System32\gveyczcc.dll not found.
iyblrxpe removed from NetSvcs value successfully!
File C:\Windows\System32\gveyczcc.dll not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56954671-de01-11df-b1a0-001a4be38dca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56954671-de01-11df-b1a0-001a4be38dca}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{56954671-de01-11df-b1a0-001a4be38dca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56954671-de01-11df-b1a0-001a4be38dca}\ not found.
File H:\Loader.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5db16f25-c99d-11df-9e1b-001a4be38dca}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5db16f25-c99d-11df-9e1b-001a4be38dca}\ not found.
File H:\Start.exe not found.
========== FILES ==========
File\Folder C:\Windows\System32\gveyczcc.dll not found.
File\Folder C:\windows\tasks\At*.job not found.
File\Folder C:\ProgramData\G6v1PnIV.exe not found.
C:\ProgramData\Sx6L4Gp.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin DDCMP
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrateur.CL07
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: B-SA

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: invité

User: LATTIACH
->Temp folder emptied: 168898 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66016 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.20.6 log created on 02042011_145605

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



3/ Rapport principal de OTL

OTL logfile created on: 04/02/2011 15:01:25 - Run 3
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\LATTIACH\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 81,00% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 134,94 Gb Total Space | 89,08 Gb Free Space | 66,01% Space Free | Partition Type: NTFS
Drive D: | 12,05 Gb Total Space | 6,35 Gb Free Space | 52,70% Space Free | Partition Type: NTFS
Drive E: | 1,95 Gb Total Space | 1,74 Gb Free Space | 89,34% Space Free | Partition Type: NTFS

Computer Name: CL07 | User Name: LATTIACH | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/31 20:05:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\LATTIACH\Desktop\OTL.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/01/31 20:05:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\LATTIACH\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/27 15:54:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/12 15:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/11/16 09:50:02 | 001,337,488 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2009/11/16 09:39:46 | 001,299,752 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2009/11/12 13:48:58 | 000,071,096 | ---- | M] () [Auto | Stopped] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/07/15 16:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008/01/19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/01/10 05:21:14 | 000,183,112 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel(R)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/07 16:08:48 | 000,032,768 | ---- | M] () [Auto | Stopped] -- C:\PVSW\Bin\WGE_SRV.EXE -- (Pervasive.SQL Workgroup)
SRV - [2006/12/07 16:08:48 | 000,032,768 | ---- | M] () [Disabled | Stopped] -- C:\PVSW\Bin\WGE_SRV.EXE -- (EBP Pervasive.SQL)
SRV - [2006/12/06 13:12:50 | 000,098,304 | ---- | M] (Intel) [Auto | Stopped] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2006/11/13 15:11:54 | 000,136,736 | ---- | M] (Infineon Technologies AG) [Auto | Stopped] -- C:\Windows\System32\IfxPsdSv.exe -- (PersonalSecureDriveService)


========== Driver Services (SafeList) ==========

DRV - [2010/09/06 10:26:20 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/12/04 15:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2009/12/04 15:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys -- (TmPreFilter)
DRV - [2009/12/04 15:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys -- (VSApiNt)
DRV - [2009/11/12 13:48:58 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\windows\System32\StarOpen.sys -- (StarOpen)
DRV - [2009/07/15 16:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/01/19 08:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) Module de plateforme sécurisée (TPM)
DRV - [2008/01/19 05:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Pilote de la connexion réseau Intel(R)
DRV - [2008/01/02 16:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/12/13 02:34:22 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2006/12/06 13:12:56 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006/11/08 20:09:24 | 001,647,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 08:30:53 | 000,167,936 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2006/11/02 00:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/31 14:46:36 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastor.sys -- (iaStor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
IE - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: gmailthis@lazyrussian.com:2.3.0
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:5.8.0.1092

FF - HKLM\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\FirefoxExtension [2011/01/31 15:43:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/05 14:54:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/05 14:54:54 | 000,000,000 | ---D | M]

[2010/04/12 10:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LATTIACH\AppData\Roaming\mozilla\Extensions
[2011/01/05 15:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LATTIACH\AppData\Roaming\mozilla\Firefox\Profiles\5jjvib2v.default\extensions
[2010/09/06 17:31:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LATTIACH\AppData\Roaming\mozilla\Firefox\Profiles\5jjvib2v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/22 17:36:25 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\LATTIACH\AppData\Roaming\mozilla\Firefox\Profiles\5jjvib2v.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2011/01/05 14:59:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\LATTIACH\AppData\Roaming\mozilla\Firefox\Profiles\5jjvib2v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/05 15:23:49 | 000,000,000 | ---D | M] (Email This! Bookmarklet Extension) -- C:\Users\LATTIACH\AppData\Roaming\mozilla\Firefox\Profiles\5jjvib2v.default\extensions\gmailthis@lazyrussian.com
[2011/01/26 19:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/01/31 15:43:30 | 000,000,000 | ---D | M] (Trend Micro NSC Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\CLIENT SERVER SECURITY AGENT\BHO\1003\FIREFOXEXTENSION
[2010/11/30 18:29:29 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/11/30 18:29:29 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/11/30 18:29:29 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/11/30 18:29:29 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/11/30 18:29:29 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe ()
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe ()
O4 - HKLM..\Run: [OE] C:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe ()
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RtHDVCpl] C:\windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe ()
O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant .exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\LATTIACH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} https://static.impots.gouv.fr/abos/stat ... rtdgi1.cab (Module de délivrance de certificat MINEFI)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.251
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fib-sa.priv
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/06/23 17:52:22 | 000,000,023 | ---- | M] () - C:\autohook.bat -- [ NTFS ]
O32 - AutoRun File - [2007/06/01 16:00:45 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/04 13:38:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/03 15:43:28 | 000,000,000 | -H-D | C] -- C:\windows\PIF
[2011/02/01 17:00:49 | 000,000,000 | ---D | C] -- C:\Users\LATTIACH\Desktop\Honoraires FT
[2011/02/01 14:44:13 | 008,134,272 | ---- | C] (Microsoft Corporation) -- C:\Users\LATTIACH\Desktop\mseinstall.exe
[2011/01/31 20:05:22 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\LATTIACH\Desktop\OTL.exe
[2011/01/31 19:47:53 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\LATTIACH\Desktop\HThis.exe
[2011/01/31 17:42:08 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/01/31 17:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/01/31 17:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/01/31 17:31:41 | 000,000,000 | ---D | C] -- C:\Users\LATTIACH\Desktop\DIVERS
[2011/01/26 19:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Fun4IM
[2011/01/26 19:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Searchqu Toolbar
[2011/01/26 19:30:13 | 000,000,000 | ---D | C] -- C:\Program Files\Fun4IM
[2011/01/25 14:06:02 | 000,000,000 | ---D | C] -- C:\windows\pss
[2011/01/25 13:12:34 | 000,000,000 | ---D | C] -- C:\Users\LATTIACH\AppData\Roaming\ED22ADD787FF1173B9FDA06F019CD652
[2011/01/12 02:58:06 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbc32.dll
[2011/01/12 02:58:02 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdclt.exe

========== Files - Modified Within 30 Days ==========

[2011/02/04 14:57:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/02/04 13:51:52 | 000,003,168 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/04 13:51:52 | 000,003,168 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/04 13:50:01 | 000,000,430 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{A40F617A-B334-4C5B-BA3F-A47A0624285C}.job
[2011/02/04 13:46:08 | 000,013,024 | ---- | M] () -- C:\windows\cfgall.ini
[2011/02/04 13:44:53 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2011/02/04 13:44:03 | 000,001,050 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/03 14:54:04 | 000,000,434 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{5C022778-487A-45D0-AEBC-C4C2423B14F4}.job
[2011/02/03 14:08:27 | 000,002,711 | ---- | M] () -- C:\Users\LATTIACH\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/02/03 14:04:37 | 000,720,369 | ---- | M] () -- C:\Users\LATTIACH\Desktop\rkill.exe
[2011/02/03 14:04:34 | 000,720,369 | ---- | M] () -- C:\Users\LATTIACH\Desktop\rkill.com
[2011/02/03 14:04:25 | 000,720,369 | ---- | M] () -- C:\Users\LATTIACH\Desktop\rk.exe
[2011/02/01 15:16:16 | 000,000,680 | ---- | M] () -- C:\Users\LATTIACH\AppData\Local\d3d9caps.dat
[2011/02/01 14:51:49 | 000,002,243 | ---- | M] () -- C:\windows\epplauncher.mif
[2011/02/01 14:44:17 | 008,134,272 | ---- | M] (Microsoft Corporation) -- C:\Users\LATTIACH\Desktop\mseinstall.exe
[2011/02/01 14:15:00 | 000,001,054 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/01 14:08:27 | 000,079,489 | ---- | M] () -- C:\G6v1PnIV.exe
[2011/02/01 13:44:04 | 000,804,910 | ---- | M] () -- C:\windows\System32\perfh00C.dat
[2011/02/01 13:44:04 | 000,722,710 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/02/01 13:44:04 | 000,166,910 | ---- | M] () -- C:\windows\System32\perfc00C.dat
[2011/02/01 13:44:04 | 000,144,578 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/02/01 10:54:52 | 000,030,431 | ---- | M] () -- C:\Users\LATTIACH\Desktop\Trojan.jpg
[2011/01/31 20:38:57 | 000,000,036 | ---- | M] () -- C:\Users\LATTIACH\AppData\Local\housecall.guid.cache
[2011/01/31 20:05:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\LATTIACH\Desktop\OTL.exe
[2011/01/31 20:00:59 | 000,377,080 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/01/31 19:49:13 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\LATTIACH\Desktop\HThis.exe
[2011/01/31 17:41:45 | 000,000,913 | ---- | M] () -- C:\Users\LATTIACH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/31 17:41:19 | 000,000,733 | ---- | M] () -- C:\Users\LATTIACH\Desktop\NTREGOPT.lnk
[2011/01/31 17:41:19 | 000,000,714 | ---- | M] () -- C:\Users\LATTIACH\Desktop\ERUNT.lnk
[2011/01/31 17:37:06 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/06 14:56:35 | 000,002,665 | ---- | M] () -- C:\Users\LATTIACH\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2007.lnk
[2011/01/05 15:04:39 | 000,033,579 | ---- | M] () -- C:\tempSendPage____Modules_pour_Firefox.html

========== Files Created - No Company Name ==========

[2011/02/04 13:48:01 | 000,079,489 | ---- | C] () -- C:\G6v1PnIV.exe
[2011/02/03 14:04:35 | 000,720,369 | ---- | C] () -- C:\Users\LATTIACH\Desktop\rkill.exe
[2011/02/03 14:04:30 | 000,720,369 | ---- | C] () -- C:\Users\LATTIACH\Desktop\rkill.com
[2011/02/03 14:04:20 | 000,720,369 | ---- | C] () -- C:\Users\LATTIACH\Desktop\rk.exe
[2011/02/01 14:51:49 | 000,002,243 | ---- | C] () -- C:\windows\epplauncher.mif
[2011/01/31 19:01:24 | 000,000,680 | ---- | C] () -- C:\Users\LATTIACH\AppData\Local\d3d9caps.dat
[2011/01/31 17:41:45 | 000,000,913 | ---- | C] () -- C:\Users\LATTIACH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/31 17:41:19 | 000,000,733 | ---- | C] () -- C:\Users\LATTIACH\Desktop\NTREGOPT.lnk
[2011/01/31 17:41:19 | 000,000,714 | ---- | C] () -- C:\Users\LATTIACH\Desktop\ERUNT.lnk
[2011/01/31 17:37:06 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/31 16:35:27 | 000,030,431 | ---- | C] () -- C:\Users\LATTIACH\Desktop\Trojan.jpg
[2011/01/25 15:08:04 | 000,005,000 | ---- | C] () -- C:\Users\LATTIACH\AppData\Local\6FD8C489-CD44-6AA7-BA2E-B6EC70CE73D6.txt
[2011/01/13 12:03:15 | 000,001,134 | ---- | C] () -- C:\Users\LATTIACH\ebp.errors.txt
[2011/01/05 15:04:39 | 000,033,579 | ---- | C] () -- C:\tempSendPage____Modules_pour_Firefox.html
[2010/11/15 21:16:50 | 000,070,144 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/11/09 18:42:28 | 000,000,938 | ---- | C] () -- C:\windows\Kaluach3.INI
[2010/07/23 13:46:48 | 000,000,043 | ---- | C] () -- C:\windows\gswin32.ini
[2010/05/27 23:33:25 | 000,005,993 | ---- | C] () -- C:\windows\cfgspyps.ini
[2010/05/27 23:33:24 | 000,006,414 | ---- | C] () -- C:\windows\cfgps.ini
[2010/05/26 21:09:55 | 000,000,015 | ---- | C] () -- C:\Users\LATTIACH\AppData\Roaming\4787de44
[2010/05/26 18:05:41 | 000,000,036 | ---- | C] () -- C:\Users\LATTIACH\AppData\Local\housecall.guid.cache
[2010/02/22 12:59:43 | 000,000,184 | ---- | C] () -- C:\windows\bti.ini
[2010/01/26 16:26:35 | 000,043,760 | ---- | C] () -- C:\windows\System32\nwlocale.dll
[2010/01/14 16:49:22 | 000,027,136 | ---- | C] () -- C:\Users\LATTIACH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/13 20:07:47 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2010/01/08 19:31:24 | 000,013,024 | ---- | C] () -- C:\windows\cfgall.ini
[2009/11/12 13:48:58 | 000,005,504 | ---- | C] () -- C:\windows\System32\StarOpen.sys
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\windows\System32\igklg450.dll
[2008/01/02 16:47:22 | 000,104,636 | ---- | C] () -- C:\windows\System32\igmedcompkrn.dll
[2007/11/20 16:51:28 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2007/07/10 15:43:52 | 000,002,416 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/06/02 00:08:10 | 000,910,304 | ---- | C] () -- C:\windows\System32\igmedkrn.dll
[2007/06/02 00:08:10 | 000,204,800 | ---- | C] () -- C:\windows\System32\igfxCoIn_v1244.dll
[2007/06/01 15:48:18 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2007/06/01 15:48:18 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2007/06/01 15:48:18 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2007/06/01 15:48:18 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2007/06/01 15:48:18 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2007/06/01 15:48:18 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[1998/05/07 03:10:00 | 000,069,632 | R--- | C] () -- C:\windows\System32\ODMA32.dll

< End of report >
laurentfib
 
Messages: 27
Inscription: 31 Jan 2011, 18:37
Localisation: Paris

Re: TrojanDownloader:Win32/Unruy.H

Messagede nickW » 06 Fév 2011, 01:48

Bonsoir,

Nouveau nettoyage:

Étape 1: OTL (de OldTimer), préparation de la correction

Supprimer le fichier fix.txt créé précédemment.

Ouvrir une fenêtre du Bloc-notes, via Démarrer---->Tous les programmes---->Accessoires---->Exécuter, taper notepad puis cliquer sur OK

Sélectionner toutes les lignes de la zone blanche située sous "Code:" ci-dessous, puis appuyer simultanément sur les touches Ctrl et C

Code: Tout sélectionner
rien

:Files
C:\ProgramData\Fun4IM
C:\Program Files\Windows Searchqu Toolbar
C:\Program Files\Fun4IM
C:\G6v1PnIV.exe
C:\ProgramData\G6v1PnIV.exe
C:\ProgramData\Sx6L4Gp.dat



Retourner dans la fenêtre du Bloc-notes, faire un clic droit dans la fenêtre et choisir Coller
Vérifier dans le menu Format (en haut) que "Retour automatique à ligne" n'est pas actif (pas coché).
Enregistrer le fichier sous le nom fix.txt <---- ne pas modifier le nom du fichier
Fermer le Bloc-notes.

Note: Les lignes de la zone Code ci-dessus ont été créées exclusivement pour CET utilisateur.
Si vous n'êtes pas CET utilisateur, il ne faut pas les utiliser: elles pourraient endommager votre système.



Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus.
(voir ici)


Étape 3: OTL (de OldTimer), correction

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cliquer sur le bouton Correction: Image

Il y a ouverture d'une petite fenêtre "OTL": Image

Cliquer sur le bouton Ok.

A partir de la nouvelle fenêtre "Ouvrir", naviguer jusqu'au dossier de sauvegarde du fichier fix.txt puis cliquer sur le bouton Ouvrir.

Le contenu du fichier fix.txt est ainsi inséré dans le panneau "Personnalisation" Image

Fermer toutes les fenêtres de programme ouvertes autres que OTL (navigateur, traitement de texte, etc...): un redémarrage du PC va se produire.

Cliquer de nouveau sur le bouton Correction: Image

Note: Lorsque le redémarrage est demandé, cliquer sur Ok

Lorsque l'outil a terminé son travail, il y a affichage dans une petite fenêtre du message "Correction terminée! Cliquez sur Ok pour afficher le rapport.". Cliquer sur Ok puis fermer OTL.


Étape 4: Processus de contrôle en temps réel
Important: Si nécessaire, réactiver le module résident de l'antivirus.


Étape 5: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un clic droit sur OTL.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Tous les utilisateurs: Image

Puis cliquer sur le bouton Analyse: Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 6: Résultats
Envoyer en réponse:
*- le rapport de correction de OTL (contenu du fichier %SystemDrive%\_OTL\MovedFiles\********_******.log - les *** sont des chiffres représentant la date [moisjourannée] et l'heure)
[%SystemDrive% représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du fichier):
*- le rapport principal de OTL (contenu du fichier OTL.txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End of report>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.


Dans ta réponse, n'oublie pas de donner le plus d'informations possible sur l'état du PC: amélioration / disparition / aggravation des symptômes d'infection.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Re: TrojanDownloader:Win32/Unruy.H

Messagede laurentfib » 07 Fév 2011, 12:32

Bonjour NickW,

Comme la première fois, j'ai commencé le travail en mode sans echec pour finir en mode normal.

Il y aura donc 2 rapports de correction.

Voici ce qui s'est passé.

Après la 1ère correction, il n'y a pas eu de redémarrage automatique ni de demande de redémarrage.
J'ai donc redémarré en mode normal.
A l'ouverture de ma session, les problèmes semblaient avoir disparus, mais la bestiole à l'air tenace.
Quelques micro-flash plus tard et Trend m'apprend que Unlocker est vérolé (ni mise en quarantaine, ni nettoyage possible)
Windows Defender me dit également que je suis toujours infecté par TrojanWin32/Unruy.H

J'ai donc supprimé le démarrage de Unlocker.

Je n'ai rien fait d'autre (pas de redémarrage, pas d'arret de processus, etc.) et pour l'instant l'ordinateur se comporte normalement, je n'ai pas d'activité bizzare dévoilée. Sauf problème mise a jour Windows Defender (0x80072efe)
Pour les activités cachés, je te laisse juge.

A te lire
Merci beaucoup

======================================================

Voici les rapports :

RAPPORT DE CORRECTION 1 - OTL

Error: Unable to interpret <rien> in the current context!
========== FILES ==========
C:\ProgramData\Fun4IM folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\skin folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.YouTube.1217 folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1257 folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1255 folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets\net.vmn.www.3.Twitter.1227 folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome\content folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar\chrome folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\ToolBar folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr\FirefoxExtension folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar\Datamngr folder moved successfully.
C:\Program Files\Windows Searchqu Toolbar folder moved successfully.
C:\Program Files\Fun4IM\Resources folder moved successfully.
C:\Program Files\Fun4IM\Plugins\Yahoo\Resources\Toolbar\Images folder moved successfully.
C:\Program Files\Fun4IM\Plugins\Yahoo\Resources\Toolbar folder moved successfully.
C:\Program Files\Fun4IM\Plugins\Yahoo\Resources\HTML folder moved successfully.
C:\Program Files\Fun4IM\Plugins\Yahoo\Resources folder moved successfully.
C:\Program Files\Fun4IM\Plugins\Yahoo folder moved successfully.
C:\Program Files\Fun4IM\Plugins\MSN\Resources\Toolbar\Images folder moved successfully.
C:\Program Files\Fun4IM\Plugins\MSN\Resources\Toolbar folder moved successfully.
C:\Program Files\Fun4IM\Plugins\MSN\Resources\HTML folder moved successfully.
C:\Program Files\Fun4IM\Plugins\MSN\Resources folder moved successfully.
C:\Program Files\Fun4IM\Plugins\MSN folder moved successfully.
C:\Program Files\Fun4IM\Plugins\IE\Resources\HTML folder moved successfully.
C:\Program Files\Fun4IM\Plugins\IE\Resources folder moved successfully.
C:\Program Files\Fun4IM\Plugins\IE folder moved successfully.
C:\Program Files\Fun4IM\Plugins folder moved successfully.
C:\Program Files\Fun4IM folder moved successfully.
C:\G6v1PnIV.exe moved successfully.
File\Folder C:\ProgramData\G6v1PnIV.exe not found.
File\Folder C:\ProgramData\Sx6L4Gp.dat not found.

OTL by OldTimer - Version 3.2.20.6 log created on 02072011_112633


RAPPORT DE CORRECTION 2 - OTL

Error: Unable to interpret <rien> in the current context!
========== FILES ==========
File\Folder C:\ProgramData\Fun4IM not found.
File\Folder C:\Program Files\Windows Searchqu Toolbar not found.
File\Folder C:\Program Files\Fun4IM not found.
File\Folder C:\G6v1PnIV.exe not found.
File\Folder C:\ProgramData\G6v1PnIV.exe not found.
C:\ProgramData\Sx6L4Gp.dat moved successfully.

OTL by OldTimer - Version 3.2.20.6 log created on 02072011_113847


RAPPORT PRINCIPAL DE OTL

OTL logfile created on: 07/02/2011 11:44:57 - Run 4
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Users\LATTIACH\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 134,94 Gb Total Space | 87,83 Gb Free Space | 65,09% Space Free | Partition Type: NTFS
Drive D: | 12,05 Gb Total Space | 6,35 Gb Free Space | 52,70% Space Free | Partition Type: NTFS
Drive E: | 1,95 Gb Total Space | 1,74 Gb Free Space | 89,34% Space Free | Partition Type: NTFS
Drive G: | 136,89 Gb Total Space | 29,86 Gb Free Space | 21,82% Space Free | Partition Type: NTFS
Drive P: | 136,89 Gb Total Space | 29,86 Gb Free Space | 21,82% Space Free | Partition Type: NTFS
Drive U: | 230,23 Gb Total Space | 119,72 Gb Free Space | 52,00% Space Free | Partition Type: NTFS
Drive V: | 230,23 Gb Total Space | 119,72 Gb Free Space | 52,00% Space Free | Partition Type: NTFS

Computer Name: CL07 | User Name: lattiach | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/31 20:05:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\LATTIACH\Desktop\OTL.exe
PRC - [2010/09/23 13:36:04 | 000,624,056 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray .exe
PRC - [2010/01/27 15:54:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/01/12 16:21:50 | 004,994,856 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer.exe
PRC - [2010/01/12 15:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009/11/16 09:42:48 | 000,236,640 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\pccntupd.exe
PRC - [2009/11/12 13:48:58 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/05/29 07:06:32 | 000,106,546 | ---- | M] () -- C:\PVSW\Bin\w3dbsmgr.exe
PRC - [2009/05/22 16:14:02 | 000,156,960 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\Client Server Security Agent\Misc\xpupg.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/01/10 05:21:14 | 000,183,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2007/01/10 05:21:12 | 000,404,288 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk .exe
PRC - [2007/01/09 14:52:36 | 000,145,184 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHosttr.exe
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/07 16:08:48 | 000,032,768 | ---- | M] () -- C:\PVSW\Bin\WGE_SRV.EXE
PRC - [2006/12/06 13:12:50 | 000,098,304 | ---- | M] (Intel) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2006/11/13 15:19:20 | 000,173,600 | ---- | M] (Infineon Technologies AG) -- C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
PRC - [2006/11/13 15:11:54 | 000,136,736 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\IfxPsdSv.exe
PRC - [2006/11/09 11:57:52 | 003,784,704 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006/11/02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync .exe


========== Modules (SafeList) ==========

MOD - [2011/01/31 20:05:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\LATTIACH\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/27 15:54:13 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/01/12 15:57:44 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/11/16 09:50:02 | 001,337,488 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe -- (tmlisten)
SRV - [2009/11/16 09:39:46 | 001,299,752 | ---- | M] (Trend Micro Inc.) [Auto | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe -- (ntrtscan)
SRV - [2009/11/12 13:48:58 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/07/15 16:37:18 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe -- (TmProxy)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2008/01/19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/01/10 05:21:14 | 000,183,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv) Intel(R)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/07 16:08:48 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\PVSW\Bin\WGE_SRV.EXE -- (Pervasive.SQL Workgroup)
SRV - [2006/12/07 16:08:48 | 000,032,768 | ---- | M] () [Disabled | Stopped] -- C:\PVSW\Bin\WGE_SRV.EXE -- (EBP Pervasive.SQL)
SRV - [2006/12/06 13:12:50 | 000,098,304 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS) Intel(R)
SRV - [2006/11/13 15:11:54 | 000,136,736 | ---- | M] (Infineon Technologies AG) [Auto | Running] -- C:\Windows\System32\IfxPsdSv.exe -- (PersonalSecureDriveService)


========== Driver Services (SafeList) ==========

DRV - [2010/09/06 10:26:20 | 000,189,520 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/12/04 15:39:06 | 000,230,928 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2009/12/04 15:38:18 | 000,036,368 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys -- (TmPreFilter)
DRV - [2009/12/04 15:05:06 | 001,322,680 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Stopped] -- C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys -- (VSApiNt)
DRV - [2009/11/12 13:48:58 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\windows\System32\StarOpen.sys -- (StarOpen)
DRV - [2009/07/15 16:37:40 | 000,089,872 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2008/01/19 08:42:12 | 000,045,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) Module de plateforme sécurisée (TPM)
DRV - [2008/01/19 05:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Pilote de la connexion réseau Intel(R)
DRV - [2008/01/02 16:48:28 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/12/13 02:34:22 | 000,039,080 | ---- | M] (Infineon Technologies AG) [Kernel | System | Running] -- C:\windows\System32\drivers\psd.sys -- (PersonalSecureDrive)
DRV - [2006/12/06 13:12:56 | 000,044,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006/11/08 20:09:24 | 001,647,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 08:30:53 | 000,167,936 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2006/11/02 00:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2006/10/31 14:46:36 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\windows\system32\drivers\iastor.sys -- (iaStor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
IE - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: gmailthis@lazyrussian.com:2.3.0
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: {22C7F6C6-8D67-4534-92B5-529A0EC09405}:5.8.0.1092

FF - HKLM\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\FirefoxExtension [2011/01/31 15:43:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/01/05 14:54:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/01/05 14:54:54 | 000,000,000 | ---D | M]

[2010/04/12 10:21:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LATTIACH\AppData\Roaming\mozilla\Extensions
[2011/01/05 15:24:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LATTIACH\AppData\Roaming\mozilla\Firefox\Profiles\5jjvib2v.default\extensions
[2010/09/06 17:31:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\LATTIACH\AppData\Roaming\mozilla\Firefox\Profiles\5jjvib2v.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/22 17:36:25 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\LATTIACH\AppData\Roaming\mozilla\Firefox\Profiles\5jjvib2v.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2011/01/05 14:59:54 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\LATTIACH\AppData\Roaming\mozilla\Firefox\Profiles\5jjvib2v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/01/05 15:23:49 | 000,000,000 | ---D | M] (Email This! Bookmarklet Extension) -- C:\Users\LATTIACH\AppData\Roaming\mozilla\Firefox\Profiles\5jjvib2v.default\extensions\gmailthis@lazyrussian.com
[2011/01/26 19:30:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/01/31 15:43:30 | 000,000,000 | ---D | M] (Trend Micro NSC Firefox Extension) -- C:\PROGRAM FILES\TREND MICRO\CLIENT SERVER SECURITY AGENT\BHO\1003\FIREFOXEXTENSION
[2010/11/30 18:29:29 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2010/11/30 18:29:29 | 000,001,822 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml
[2010/11/30 18:29:29 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2010/11/30 18:29:29 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2010/11/30 18:29:29 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll (Trend Micro Inc.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3517985499-3858524505-2250446942-1136\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe ()
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe ()
O4 - HKLM..\Run: [OE] C:\Program Files\Trend Micro\Client Server Security Agent\TMAS_OE\TMAS_OEMon.exe ()
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe ()
O4 - HKLM..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [RtHDVCpl] C:\windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SetRefresh] C:\Program Files\HP\SetRefresh\SetRefresh.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe ()
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\LATTIACH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Ajouter au fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {04CB5B64-5915-4629-B869-8945CEBADD21} https://static.impots.gouv.fr/abos/stat ... rtdgi1.cab (Module de délivrance de certificat MINEFI)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.251
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fib-sa.priv
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\Client Server Security Agent\bho\1003\TmIEPlg.dll (Trend Micro Inc.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/06/23 17:52:22 | 000,000,023 | ---- | M] () - C:\autohook.bat -- [ NTFS ]
O32 - AutoRun File - [2007/06/01 16:00:45 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/04 13:38:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/03 15:43:28 | 000,000,000 | -H-D | C] -- C:\windows\PIF
[2011/02/01 17:00:49 | 000,000,000 | ---D | C] -- C:\Users\LATTIACH\Desktop\Honoraires FT
[2011/02/01 14:44:13 | 008,134,272 | ---- | C] (Microsoft Corporation) -- C:\Users\LATTIACH\Desktop\mseinstall.exe
[2011/01/31 20:05:22 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\LATTIACH\Desktop\OTL.exe
[2011/01/31 19:47:53 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\LATTIACH\Desktop\HThis.exe
[2011/01/31 17:42:08 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/01/31 17:41:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/01/31 17:41:18 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/01/31 17:31:41 | 000,000,000 | ---D | C] -- C:\Users\LATTIACH\Desktop\DIVERS
[2011/01/25 14:06:02 | 000,000,000 | ---D | C] -- C:\windows\pss
[2011/01/25 13:12:34 | 000,000,000 | ---D | C] -- C:\Users\LATTIACH\AppData\Roaming\ED22ADD787FF1173B9FDA06F019CD652
[2011/01/12 02:58:06 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbc32.dll
[2011/01/12 02:58:02 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\sdclt.exe

========== Files - Modified Within 30 Days ==========

[2011/02/07 11:45:00 | 000,000,430 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{A40F617A-B334-4C5B-BA3F-A47A0624285C}.job
[2011/02/07 11:33:28 | 000,000,434 | -H-- | M] () -- C:\windows\tasks\User_Feed_Synchronization-{5C022778-487A-45D0-AEBC-C4C2423B14F4}.job
[2011/02/07 11:31:57 | 000,005,849 | ---- | M] () -- C:\windows\cfgall.ini
[2011/02/07 11:30:41 | 000,000,031 | ---- | M] () -- C:\tmuninst.ini
[2011/02/07 11:30:11 | 000,001,050 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/02/07 11:29:40 | 000,003,168 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/02/07 11:29:40 | 000,003,168 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/02/07 11:29:26 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/02/03 14:08:27 | 000,002,711 | ---- | M] () -- C:\Users\LATTIACH\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2007.lnk
[2011/02/03 14:04:37 | 000,720,369 | ---- | M] () -- C:\Users\LATTIACH\Desktop\rkill.exe
[2011/02/03 14:04:34 | 000,720,369 | ---- | M] () -- C:\Users\LATTIACH\Desktop\rkill.com
[2011/02/03 14:04:25 | 000,720,369 | ---- | M] () -- C:\Users\LATTIACH\Desktop\rk.exe
[2011/02/01 15:16:16 | 000,000,680 | ---- | M] () -- C:\Users\LATTIACH\AppData\Local\d3d9caps.dat
[2011/02/01 14:51:49 | 000,002,243 | ---- | M] () -- C:\windows\epplauncher.mif
[2011/02/01 14:44:17 | 008,134,272 | ---- | M] (Microsoft Corporation) -- C:\Users\LATTIACH\Desktop\mseinstall.exe
[2011/02/01 14:15:00 | 000,001,054 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/02/01 13:44:04 | 000,804,910 | ---- | M] () -- C:\windows\System32\perfh00C.dat
[2011/02/01 13:44:04 | 000,722,710 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/02/01 13:44:04 | 000,166,910 | ---- | M] () -- C:\windows\System32\perfc00C.dat
[2011/02/01 13:44:04 | 000,144,578 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/02/01 10:54:52 | 000,030,431 | ---- | M] () -- C:\Users\LATTIACH\Desktop\Trojan.jpg
[2011/01/31 20:38:57 | 000,000,036 | ---- | M] () -- C:\Users\LATTIACH\AppData\Local\housecall.guid.cache
[2011/01/31 20:05:24 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\LATTIACH\Desktop\OTL.exe
[2011/01/31 20:00:59 | 000,377,080 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2011/01/31 19:49:13 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\LATTIACH\Desktop\HThis.exe
[2011/01/31 17:41:45 | 000,000,913 | ---- | M] () -- C:\Users\LATTIACH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/31 17:41:19 | 000,000,733 | ---- | M] () -- C:\Users\LATTIACH\Desktop\NTREGOPT.lnk
[2011/01/31 17:41:19 | 000,000,714 | ---- | M] () -- C:\Users\LATTIACH\Desktop\ERUNT.lnk
[2011/01/31 17:37:06 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2011/02/03 14:04:35 | 000,720,369 | ---- | C] () -- C:\Users\LATTIACH\Desktop\rkill.exe
[2011/02/03 14:04:30 | 000,720,369 | ---- | C] () -- C:\Users\LATTIACH\Desktop\rkill.com
[2011/02/03 14:04:20 | 000,720,369 | ---- | C] () -- C:\Users\LATTIACH\Desktop\rk.exe
[2011/02/01 14:51:49 | 000,002,243 | ---- | C] () -- C:\windows\epplauncher.mif
[2011/01/31 19:01:24 | 000,000,680 | ---- | C] () -- C:\Users\LATTIACH\AppData\Local\d3d9caps.dat
[2011/01/31 17:41:45 | 000,000,913 | ---- | C] () -- C:\Users\LATTIACH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/01/31 17:41:19 | 000,000,733 | ---- | C] () -- C:\Users\LATTIACH\Desktop\NTREGOPT.lnk
[2011/01/31 17:41:19 | 000,000,714 | ---- | C] () -- C:\Users\LATTIACH\Desktop\ERUNT.lnk
[2011/01/31 17:37:06 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/31 16:35:27 | 000,030,431 | ---- | C] () -- C:\Users\LATTIACH\Desktop\Trojan.jpg
[2011/01/25 15:08:04 | 000,005,000 | ---- | C] () -- C:\Users\LATTIACH\AppData\Local\6FD8C489-CD44-6AA7-BA2E-B6EC70CE73D6.txt
[2011/01/13 12:03:15 | 000,001,134 | ---- | C] () -- C:\Users\LATTIACH\ebp.errors.txt
[2010/11/15 21:16:50 | 000,070,144 | ---- | C] () -- C:\windows\System32\ff_vfw.dll
[2010/11/09 18:42:28 | 000,000,938 | ---- | C] () -- C:\windows\Kaluach3.INI
[2010/07/23 13:46:48 | 000,000,043 | ---- | C] () -- C:\windows\gswin32.ini
[2010/05/27 23:33:25 | 000,005,993 | ---- | C] () -- C:\windows\cfgspyps.ini
[2010/05/27 23:33:24 | 000,006,414 | ---- | C] () -- C:\windows\cfgps.ini
[2010/05/26 21:09:55 | 000,000,015 | ---- | C] () -- C:\Users\LATTIACH\AppData\Roaming\4787de44
[2010/05/26 18:05:41 | 000,000,036 | ---- | C] () -- C:\Users\LATTIACH\AppData\Local\housecall.guid.cache
[2010/02/22 12:59:43 | 000,000,184 | ---- | C] () -- C:\windows\bti.ini
[2010/01/26 16:26:35 | 000,043,760 | ---- | C] () -- C:\windows\System32\nwlocale.dll
[2010/01/14 16:49:22 | 000,027,136 | ---- | C] () -- C:\Users\LATTIACH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/13 20:07:47 | 000,117,248 | ---- | C] () -- C:\windows\System32\EhStorAuthn.dll
[2010/01/08 19:31:24 | 000,005,849 | ---- | C] () -- C:\windows\cfgall.ini
[2009/11/12 13:48:58 | 000,005,504 | ---- | C] () -- C:\windows\System32\StarOpen.sys
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\windows\System32\igklg450.dll
[2008/01/02 16:47:22 | 000,104,636 | ---- | C] () -- C:\windows\System32\igmedcompkrn.dll
[2007/11/20 16:51:28 | 000,087,552 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2007/07/10 15:43:52 | 000,002,416 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2007/06/02 00:08:10 | 000,910,304 | ---- | C] () -- C:\windows\System32\igmedkrn.dll
[2007/06/02 00:08:10 | 000,204,800 | ---- | C] () -- C:\windows\System32\igfxCoIn_v1244.dll
[2007/06/01 15:48:18 | 000,204,800 | ---- | C] () -- C:\windows\System32\IVIresizeW7.dll
[2007/06/01 15:48:18 | 000,200,704 | ---- | C] () -- C:\windows\System32\IVIresizeA6.dll
[2007/06/01 15:48:18 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeP6.dll
[2007/06/01 15:48:18 | 000,192,512 | ---- | C] () -- C:\windows\System32\IVIresizeM6.dll
[2007/06/01 15:48:18 | 000,188,416 | ---- | C] () -- C:\windows\System32\IVIresizePX.dll
[2007/06/01 15:48:18 | 000,020,480 | ---- | C] () -- C:\windows\System32\IVIresize.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\windows\System32\pacerprf.ini
[1998/05/07 03:10:00 | 000,069,632 | R--- | C] () -- C:\windows\System32\ODMA32.dll

< End of report >
laurentfib
 
Messages: 27
Inscription: 31 Jan 2011, 18:37
Localisation: Paris

Re: TrojanDownloader:Win32/Unruy.H

Messagede laurentfib » 07 Fév 2011, 13:26

pour compléter mon post

Trend ne se lance plus au démarrage.
Lorsque je le lance manuellement, voici le message d'erreur :

Image

Uploaded with ImageShack.us

A + tard
Laurent
laurentfib
 
Messages: 27
Inscription: 31 Jan 2011, 18:37
Localisation: Paris

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 22 invités