[Résolu]Cheval de Troie TR/ATRAPS.Gen

Si vous avez des problèmes pour supprimer virus ou troyens installés sur votre ordinateur, vous pouvez demander de l'aide dans ce forum.

Modérateur: Modérateurs

Règles du forum
:arrow: Les règles du forum

:arrow: S'il vous plait, ne demandez pas d'aide dans le sujet d'un autre membre. Créez votre propre demande dans la partie appropriée du forum en décrivant le plus précisément possible les problèmes rencontrés.

[Résolu]Cheval de Troie TR/ATRAPS.Gen



Publicité
 

[Résolu]Cheval de Troie TR/ATRAPS.Gen

Messagepar Olivier7 » 23 Aoû 2010, 18:29

Bonjour à tous,
J'ai le problème suivant sous Windows Vista : mon antivirus est comme devenu fou, me signalant sans arrêt par l'ouverture d'une fenêtre d'alarme que je suis infecté par un cheval de Troie.
Quand je coche la case "supprimer" ou bien "refuser l'accès" ou n'importe quelle autre case, la fenêtre se ferme pour se réouvrir immédiatement, si je ne fais rien, des fenêtres d'alarme n'arrêtent pas de s'ouvrir, 10 fois, 15 fois, etc. Impossible de les fermer définitivement.
Voici le message d'alarme : AntiVir Guard attention résultat positif, un virus ou programme indésirable a été trouver sur votre ordinateur, que faut-il faire du fichier concerné ?
C:\Windows\System32\dskquoui32.dll contient le cheval de Troie TR/ATRAPS.Gen

Merci de votre aide
Olivier
Olivier7
Habitué
Habitué
 
Messages: 60
Inscription: 31 Déc 2008, 13:53

Re: Cheval de Troie TR/ATRAPS.Gen

Messagepar Marie » 23 Aoû 2010, 21:37

Bonjour :sourire:


:arrow: Télécharge OTL de OldTimer et enregistre le sur ton bureau.
Ferme toutes les fenêtres de tous les logiciels en cours d'exécution.

  • Si tu es sous Seven ou Vista, Clique droit sur OTL.exe et choisis Exécuter en tant qu'administrateur.
    Si tu es sous XP, Double-clique sur OTL.exe

  • Paramètre le logiciel de la façon suivante:

    1. Tout en haut de la fenêtre, coche Tous les utilisateurs.
    2. Sous Rapport, coche Rapport Standard
    3. Sous Registre approfondi, coche Avec liste blanche
    4. Enfin coche la case Recherche Lop

      Image


  • Clique ensuite sur Analyse. Laisse l'outil travailler sans l'interrompre.

  • A la fin du scan un rapport va s'ouvrir à l'écran: OTL.txt.
    Sélectionne tout son contenu et copie-colle le dans ta prochaine réponse.

    Un autre rapport se nommant Extras.txt sera visible dans ta barre des tâches. Poste le en pièce jointe dans ta prochaine réponse.

Image
Avatar de l’utilisateur
Marie
Administrateur
Administrateur
 
Messages: 22034
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var

Re: Cheval de Troie TR/ATRAPS.Gen

Messagepar Olivier7 » 24 Aoû 2010, 19:19

Bonsoir,
Voici le rapport :

Code: Tout sélectionner
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Marie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,30 Gb Total Space | 101,13 Gb Free Space | 45,49% Space Free | Partition Type: NTFS
Drive D: | 10,59 Gb Total Space | 1,79 Gb Free Space | 16,89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1,89 Gb Total Space | 0,46 Gb Free Space | 24,19% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GAUBERT
Current User Name: Marie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/08/24 19:11:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
PRC - [2010/08/23 18:43:08 | 000,132,096 | -HS- | M] () -- C:\Users\Marie\AppData\Roaming\SystemProc\lsass.exe
PRC - [2010/07/10 14:40:50 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/05/10 14:12:28 | 000,439,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
PRC - [2009/09/10 16:58:25 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmplayer.exe
PRC - [2009/07/13 12:10:00 | 000,525,640 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/04/11 08:27:39 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\ieuser.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2009/01/21 17:23:16 | 000,210,216 | R--- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe
PRC - [2008/12/25 14:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 14:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/17 17:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/12/03 09:44:36 | 000,069,632 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2008/12/01 18:00:16 | 000,274,432 | R--- | M] (France Telecom SA) -- C:\Program Files\CardDetector\HUAWEI\CardDetector.exe
PRC - [2008/11/28 19:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/26 18:13:08 | 000,296,320 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/11/26 18:13:08 | 000,116,096 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/11/18 20:35:44 | 000,914,224 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/10/26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\stacsv.exe
PRC - [2008/10/26 22:48:30 | 000,450,659 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/10/15 13:31:25 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 13:29:28 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/06/27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe
PRC - [2008/06/12 13:43:27 | 000,053,505 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
PRC - [2008/03/03 15:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/03/03 15:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2008/01/21 04:24:17 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
PRC - [2008/01/21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/08/24 19:11:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
MOD - [2009/04/11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/17 17:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/09/25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/12/17 17:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/12/03 09:44:36 | 000,069,632 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2008/11/26 18:13:08 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/11/26 18:13:08 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/10/26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\stacsv.exe -- (STacSV)
SRV - [2008/10/15 13:31:25 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 13:29:28 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/06/27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe -- (AESTFilters)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/03/03 15:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/02/03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2009/06/03 08:16:52 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/06/03 08:16:50 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/06/03 08:16:47 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009/03/31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/03/15 03:36:26 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/01/23 13:16:34 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/01/23 13:16:34 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/01/23 13:16:34 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/12/31 16:00:52 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/28 19:04:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/03/15 03:09:39] [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/11/12 12:53:36 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/11/12 12:53:36 | 000,100,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008/10/26 22:50:56 | 000,391,168 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/10/23 11:42:10 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/09/04 19:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/08/06 18:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/24 18:48:04 | 000,201,264 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/27 13:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/27 13:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/03/03 15:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008/01/21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/11/08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 09:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fr.com/fr/index.php?rvs=hompag
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pucuy.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 B0 82 10 F5 C9 F0 4B A0 40 DA 6E E6 47 A2 95  [binary data]
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 B0 82 10 F5 C9 F0 4B A0 40 DA 6E E6 47 A2 95  [binary data]
 
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fr.com/fr/index.php?rvs=hompag
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 B0 82 10 F5 C9 F0 4B A0 40 DA 6E E6 47 A2 95  [binary data]
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.9.135
FF - prefs.js..extensions.enabledItems: {3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}:2.2
FF - prefs.js..extensions.enabledItems: {e67d2d90-df06-47db-a400-b92980d80238}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16050&locale=fr_FR&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/12 15:23:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/03 15:26:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/03 16:31:18 | 000,000,000 | ---D | M]
 
[2009/05/10 22:04:46 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\mozilla\Extensions
[2009/04/20 10:52:30 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/08/23 18:58:38 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\6gudh12l.default\extensions
[2009/09/07 20:50:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\6gudh12l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/18 21:39:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\6gudh12l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/29 19:11:47 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\6gudh12l.default\extensions\{e67d2d90-df06-47db-a400-b92980d80238}
[2009/07/06 12:35:39 | 000,000,000 | ---D | M] (Save extension) -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\6gudh12l.default\extensions\{f6bf92e0-b190-11dd-ad8b-0800200c9a68}
[2010/08/23 18:58:36 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\6gudh12l.default\extensions\toolbar@ask.com
[2010/08/23 18:58:50 | 000,002,253 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\6gudh12l.default\searchplugins\askcom.xml
[2009/07/18 01:02:48 | 000,002,476 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\6gudh12l.default\searchplugins\BearShareWebSearch.xml
[2010/07/31 10:49:39 | 000,001,832 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\6gudh12l.default\searchplugins\bing.xml
[2009/07/05 10:26:18 | 000,009,941 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\6gudh12l.default\searchplugins\mywebsearch.xml
[2010/07/13 11:32:24 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/11 19:03:22 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2009/07/18 01:02:48 | 000,002,476 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2009/07/11 19:03:22 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/07/11 19:03:22 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2010/07/18 18:11:23 | 000,000,615 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pucuy.xml
[2009/07/11 19:03:22 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/07/11 19:03:22 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {1082B046-C9F5-4BF0-A040-DA6EE647A295} - C:\ProgramData\clb32.dll ()
O2 - BHO: (258a0d27) - {5720509C-F36C-4839-2759-852879C94112} - C:\Windows\System32\dskquoui32.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Mirar) - {F77A3111-50B0-47B7-8634-3EF37867F318} - C:\Windows\System32\winae78.dll ()
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Mirar) - {F77A3110-50B0-47B7-8634-3EF37867F318} - C:\Windows\System32\winae78.dll ()
O3 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\..\Toolbar\WebBrowser: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found.
O3 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\..\Toolbar\WebBrowser: (Mirar) - {F77A3110-50B0-47B7-8634-3EF37867F318} - C:\Windows\System32\winae78.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [CardDetectorHUAWEI] C:\Program Files\CardDetector\HUAWEI\CardDetector.exe (France Telecom SA)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe File not found
O4 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000..\Run: [MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe File not found
O4 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000..\Run: [RTHDBPL] C:\Users\Marie\AppData\Roaming\SystemProc\lsass.exe ()
O4 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000..\Run: [Save] C:\Users\Marie\AppData\Roaming\Save\Save.exe File not found
O4 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000..\Run: [Sdofucamot] C:\Users\Marie\AppData\Local\veqod32.DLL File not found
O4 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000..\Run: [soqcg] c:\users\marie\appdata\local\soqcg.exe File not found
O4 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000..\Run: [ugyas] c:\users\marie\appdata\local\ugyas.exe File not found
O4 - Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\marie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\marie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk = C:\Users\Marie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe File not found
O4 - Startup: C:\Users\marie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 84.103.237.146 86.64.145.146
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\system32\dskquoui32.dll) - C:\Windows\System32\dskquoui32.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Marie\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marie\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3fdae47f-3d96-11de-9624-00238b8ee567}\Shell - "" = AutoRun
O33 - MountPoints2\{3fdae47f-3d96-11de-9624-00238b8ee567}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8e01576a-d85d-11de-ab62-00238b8ee567}\Shell\AutoRun\command - "" = F:\start.exe -- File not found
O33 - MountPoints2\{971f110c-4aba-11df-b80c-00238b8ee567}\Shell - "" = AutoRun
O33 - MountPoints2\{971f110c-4aba-11df-b80c-00238b8ee567}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/08/24 19:24:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
[2010/08/22 12:35:27 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/22 12:35:19 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/08/22 12:35:19 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/22 12:35:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/08/22 12:35:07 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/22 12:35:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/22 12:34:45 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/22 12:34:44 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/10 21:39:27 | 000,325,632 | ---- | C] (Borland Software Corporation) -- C:\ProgramData\dimsroam32.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Users\Marie\Desktop\*.tmp files -> C:\Users\Marie\Desktop\*.tmp -> ]
[1 C:\Users\Marie\AppData\Roaming\*.tmp files -> C:\Users\Marie\AppData\Roaming\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/08/24 19:50:16 | 003,670,016 | -HS- | M] () -- C:\Users\Marie\ntuser.dat
[2010/08/24 19:20:36 | 001,495,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/24 19:20:36 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/08/24 19:20:36 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/24 19:20:36 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/08/24 19:20:36 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/24 19:16:59 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2625083309-223478488-3227772987-1001UA.job
[2010/08/24 19:11:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
[2010/08/24 18:54:01 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/24 18:51:01 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/08/24 18:47:42 | 000,352,615 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/08/24 18:47:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/24 18:47:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 18:47:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/24 18:47:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/24 18:47:21 | 3218,284,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/23 21:11:36 | 000,524,288 | -HS- | M] () -- C:\Users\Marie\ntuser.dat{e7e85958-1942-11df-bde8-00238b8ee567}.TMContainer00000000000000000001.regtrans-ms
[2010/08/23 21:11:36 | 000,065,536 | -HS- | M] () -- C:\Users\Marie\ntuser.dat{e7e85958-1942-11df-bde8-00238b8ee567}.TM.blf
[2010/08/23 21:11:27 | 002,126,405 | -H-- | M] () -- C:\Users\Marie\AppData\Local\IconCache.db
[2010/08/23 20:25:57 | 000,001,181 | ---- | M] () -- C:\ProgramData\629351950
[2010/08/23 18:51:14 | 000,004,181 | -HS- | M] () -- C:\Users\Marie\AppData\Roaming\0200000034abdb08964P.manifest
[2010/08/23 18:43:03 | 000,000,311 | -HS- | M] () -- C:\Users\Marie\AppData\Roaming\0200000034abdb08964O.manifest
[2010/08/23 18:43:03 | 000,000,051 | -HS- | M] () -- C:\Users\Marie\AppData\Roaming\0200000034abdb08964C.manifest
[2010/08/23 18:43:03 | 000,000,011 | -HS- | M] () -- C:\Users\Marie\AppData\Roaming\0200000034abdb08964S.manifest
[2010/08/23 13:17:51 | 000,000,817 | ---- | M] () -- C:\ProgramData\1442405746
[2010/08/23 11:45:28 | 000,000,413 | -HS- | M] () -- C:\ProgramData\94965026
[2010/08/23 11:42:28 | 000,309,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/22 16:35:43 | 000,001,702 | ---- | M] () -- C:\Users\Marie\Desktop\LimeWire 5.5.14.lnk
[2010/08/22 15:17:01 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2625083309-223478488-3227772987-1001Core.job
[2010/08/22 12:30:15 | 000,000,122 | ---- | M] () -- C:\ProgramData\sl1682481072
[2010/08/10 21:39:27 | 000,325,632 | ---- | M] (Borland Software Corporation) -- C:\ProgramData\dimsroam32.dll
[2010/08/01 07:43:52 | 000,000,113 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\5795a75
[2010/07/30 22:36:18 | 000,313,344 | ---- | M] () -- C:\ProgramData\d3dim70032.dll
[2010/07/29 19:10:23 | 000,313,344 | ---- | M] () -- C:\ProgramData\clb32.dll
[2010/07/27 13:53:30 | 000,312,320 | ---- | M] () -- C:\ProgramData\ds32gt32.dll
[2010/07/26 11:44:40 | 000,006,836 | ---- | M] () -- C:\Users\Marie\AppData\Local\d3d9caps.dat
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Users\Marie\Desktop\*.tmp files -> C:\Users\Marie\Desktop\*.tmp -> ]
[1 C:\Users\Marie\AppData\Roaming\*.tmp files -> C:\Users\Marie\AppData\Roaming\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/08/23 18:43:50 | 000,001,181 | ---- | C] () -- C:\ProgramData\629351950
[2010/08/22 16:35:43 | 000,001,702 | ---- | C] () -- C:\Users\Marie\Desktop\LimeWire 5.5.14.lnk
[2010/08/22 15:12:27 | 000,001,084 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2625083309-223478488-3227772987-1001UA.job
[2010/08/22 15:12:24 | 000,001,032 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2625083309-223478488-3227772987-1001Core.job
[2010/07/30 22:36:18 | 000,313,344 | ---- | C] () -- C:\ProgramData\d3dim70032.dll
[2010/07/29 19:10:23 | 000,313,344 | ---- | C] () -- C:\ProgramData\clb32.dll
[2010/07/27 13:53:30 | 000,312,320 | ---- | C] () -- C:\ProgramData\ds32gt32.dll
[2010/07/24 09:50:54 | 000,318,976 | ---- | C] () -- C:\ProgramData\fdPHost32.dll
[2010/07/23 21:59:22 | 000,318,976 | ---- | C] () -- C:\ProgramData\drprov32.dll
[2010/07/23 16:59:53 | 000,318,976 | ---- | C] () -- C:\ProgramData\fundisc32.dll
[2010/07/23 14:02:16 | 000,318,976 | ---- | C] () -- C:\ProgramData\bcrypt32.dll
[2010/07/22 14:51:00 | 000,318,976 | ---- | C] () -- C:\ProgramData\d3d10level932.dll
[2010/07/21 16:55:46 | 000,318,976 | ---- | C] () -- C:\ProgramData\ezsvc732.dll
[2010/07/21 13:45:14 | 000,318,976 | ---- | C] () -- C:\ProgramData\ddrawex32.dll
[2010/07/21 11:53:11 | 000,318,976 | ---- | C] () -- C:\ProgramData\dhcpcsvc32.dll
[2010/07/20 23:12:08 | 000,318,976 | ---- | C] () -- C:\ProgramData\bitsprx332.dll
[2010/07/20 22:49:03 | 000,318,976 | ---- | C] () -- C:\ProgramData\d3d10_1core32.dll
[2010/07/20 21:18:52 | 000,318,976 | ---- | C] () -- C:\ProgramData\dmintf32.dll
[2010/07/20 13:46:28 | 000,318,976 | ---- | C] () -- C:\ProgramData\dnssdX32.dll
[2010/07/19 11:43:07 | 000,318,976 | ---- | C] () -- C:\ProgramData\C_ISCII32.dll
[2010/07/17 19:25:18 | 000,318,976 | ---- | C] () -- C:\ProgramData\connect32.dll
[2010/07/17 18:48:48 | 000,318,976 | ---- | C] () -- C:\ProgramData\esent32.dll
[2010/07/17 14:38:28 | 000,318,976 | ---- | C] () -- C:\ProgramData\diagperf32.dll
[2010/07/16 19:00:46 | 000,318,976 | ---- | C] () -- C:\ProgramData\cryptdll32.dll
[2010/07/15 21:13:54 | 000,325,120 | ---- | C] () -- C:\ProgramData\dinput32.dll
[2010/07/15 20:47:00 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/07/15 10:42:42 | 000,325,120 | ---- | C] () -- C:\ProgramData\dskquoui32.dll
[2010/07/11 20:40:13 | 000,325,120 | ---- | C] () -- C:\ProgramData\d3dx9_2732.dll
[2010/07/10 17:53:02 | 000,325,120 | ---- | C] () -- C:\ProgramData\dbghelp32.dll
[2010/07/10 15:51:48 | 000,325,120 | ---- | C] () -- C:\ProgramData\f3ahvoas32.dll
[2010/07/05 20:47:11 | 000,000,113 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\5795a75
[2010/07/05 20:44:21 | 000,004,181 | -HS- | C] () -- C:\Users\Marie\AppData\Roaming\0200000034abdb08964P.manifest
[2010/07/05 20:44:21 | 000,000,311 | -HS- | C] () -- C:\Users\Marie\AppData\Roaming\0200000034abdb08964O.manifest
[2010/07/05 20:44:21 | 000,000,051 | -HS- | C] () -- C:\Users\Marie\AppData\Roaming\0200000034abdb08964C.manifest
[2010/07/05 20:44:21 | 000,000,011 | -HS- | C] () -- C:\Users\Marie\AppData\Roaming\0200000034abdb08964S.manifest
[2010/07/04 16:08:35 | 000,000,122 | ---- | C] () -- C:\ProgramData\sl1682481072
[2010/07/03 14:50:15 | 000,000,817 | ---- | C] () -- C:\ProgramData\1442405746
[2010/07/03 14:50:15 | 000,000,413 | -HS- | C] () -- C:\ProgramData\94965026
[2010/07/03 14:49:47 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/07/03 14:49:34 | 000,369,664 | ---- | C] () -- C:\Windows\System32\dssenh32.dll
[2010/07/03 14:49:32 | 000,246,272 | ---- | C] () -- C:\Windows\System32\dskquoui32.dll
[2010/06/12 10:24:06 | 000,006,836 | ---- | C] () -- C:\Users\Marie\AppData\Local\d3d9caps.dat
[2010/03/13 20:47:02 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/03/13 20:47:02 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/12/27 16:11:49 | 000,076,407 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\Smiley.ico
[2009/10/18 21:18:06 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/03 19:52:51 | 000,000,268 | ---- | C] () -- C:\Windows\_delis32.ini
[2009/09/11 18:00:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/15 20:06:42 | 000,420,640 | ---- | C] () -- C:\Users\Marie\AppData\Local\ugyas_nav.dat
[2009/07/15 20:06:42 | 000,003,479 | ---- | C] () -- C:\Users\Marie\AppData\Local\ugyas.dat
[2009/07/15 20:06:42 | 000,001,606 | ---- | C] () -- C:\Users\Marie\AppData\Local\ugyas_navps.dat
[2009/07/06 12:35:13 | 000,524,288 | ---- | C] () -- C:\Windows\System32\winae78.dll
[2009/07/05 10:06:14 | 000,003,164 | ---- | C] () -- C:\Users\Marie\AppData\Local\soqcg_navps.dat
[2009/07/05 10:06:09 | 000,405,767 | ---- | C] () -- C:\Users\Marie\AppData\Local\soqcg_nav.dat
[2009/07/05 10:06:08 | 000,003,375 | ---- | C] () -- C:\Users\Marie\AppData\Local\soqcg.dat
[2009/07/03 17:15:26 | 000,000,088 | ---- | C] () -- C:\Users\Marie\AppData\Local\geoewow.bat
[2009/06/21 10:45:00 | 000,000,088 | ---- | C] () -- C:\Users\Marie\AppData\Local\cmseega.bat
[2009/06/14 15:22:28 | 000,000,022 | ---- | C] () -- C:\Windows\ISPY2AUTO.INI
[2009/05/10 16:10:17 | 000,013,312 | ---- | C] () -- C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/11 20:30:32 | 000,000,000 | ---- | C] () -- C:\Users\Marie\AppData\Local\QSwitch.txt
[2009/04/11 20:30:32 | 000,000,000 | ---- | C] () -- C:\Users\Marie\AppData\Local\DSwitch.txt
[2009/04/11 20:30:32 | 000,000,000 | ---- | C] () -- C:\Users\Marie\AppData\Local\AtStart.txt
[2009/04/11 20:30:24 | 000,197,128 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/03/15 04:20:37 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/03/15 04:20:27 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/03/15 04:19:53 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/03/15 04:19:16 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/03/15 04:17:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/03/15 03:36:32 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/01/23 06:13:43 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/01/23 06:09:04 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/01/23 06:07:27 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/01/23 06:06:22 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/12/31 14:36:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009/09/30 18:57:19 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\BitZipper
[2009/10/27 23:55:40 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\FileZilla
[2009/08/29 01:36:45 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Fit3DLive
[2009/07/05 11:09:49 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Forte
[2010/03/28 21:48:44 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\FreeAudioPack
[2010/03/28 21:53:46 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\FreeVideoConverter
[2009/07/03 17:15:35 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Games-Attack
[2010/03/13 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\igraal
[2010/08/10 22:04:50 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\LimeWire
[2010/01/20 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mostick
[2010/07/10 14:48:20 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\PC Suite
[2010/05/03 19:51:56 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\PhotoFiltre
[2009/04/12 09:01:59 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\PlayFirst
[2010/07/10 13:12:15 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Samsung
[2010/06/12 16:05:04 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Save
[2009/07/23 16:36:00 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\SecondLife
[2009/11/16 15:50:12 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Studio-Scrap2
[2010/08/24 18:51:20 | 000,000,000 | -HSD | M] -- C:\Users\Marie\AppData\Roaming\SystemProc
[2009/04/12 08:59:36 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\WildTangent
[2009/09/30 19:02:10 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\BitZipper
[2010/04/20 08:37:13 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\DNA
[2009/10/29 18:22:22 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\EurekaLog
[2010/03/02 23:14:50 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\Facebook
[2009/05/17 11:02:09 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\FloodLightGames
[2010/03/28 21:49:19 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\FreeAudioPack
[2010/03/28 21:54:04 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\FreeVideoConverter
[2010/03/30 14:36:04 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\gtk-2.0
[2010/03/19 22:32:43 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\igraal
[2010/04/20 08:04:07 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\LimeWire
[2009/04/14 14:52:46 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\PlayFirst
[2009/07/23 13:07:27 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\SecondLife
[2009/11/16 18:27:00 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\Studio-Scrap2
[2009/04/11 20:57:59 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\WildTangent
[2010/04/21 21:02:24 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\BitZipper
[2010/04/30 18:46:56 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Forte
[2010/03/13 22:09:12 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\gtk-2.0
[2010/08/23 12:56:39 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\LimeWire
[2010/03/13 20:59:55 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\PC Suite
[2010/07/18 19:29:29 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\PlayFirst
[2010/07/03 00:55:18 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Samsung
[2010/07/27 13:53:10 | 000,000,000 | -HSD | M] -- C:\Users\Mathieu\AppData\Roaming\SystemProc
[2009/04/14 12:00:57 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\WildTangent
[2010/08/23 21:11:40 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/24 18:54:01 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010/08/24 19:51:01 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
< End of report >


Et je joins le fichier "extra"
A bientôt
Olivier
Extras.Txt
(59.51 Kio) Téléchargé 72 fois
Olivier7
Habitué
Habitué
 
Messages: 60
Inscription: 31 Déc 2008, 13:53

Re: Cheval de Troie TR/ATRAPS.Gen

Messagepar Marie » 24 Aoû 2010, 23:23

Bonjour,


:arrow: Télécharge Malwarebytes Anti-Malware et enregistre le sur ton disque dur.

  • Installe le. Avant de cliquer sur Terminer veille à ce que les 2 cases Mettre à jour Malwarebytes anti-malware et Exécuter Malwarebytes anti-malware soient bien cochées.
    Le logiciel va se mettre à jour puis la page principale va s'afficher.
  • Coche la case Exécuter un examen rapide puis clique sur Rechercher.
  • A la fin du scan, clique sur Afficher les résultats.
  • Clique alors sur Supprimer la sélection.
  • Le rapport de scan va s'afficher. Copie-colle tout son contenu dans ta prochaine réponse.

    :att: Si le programme te propose de redémarrer l'ordinateur, accepte! Tu pourras ensuite retrouver le rapport dans l'onglet Rapports/Log du logiciel.
    Si au redémarrage Windows te dit qu'il a bloqué certains programmes de démarrage, clique sur la bulle puis sur Exécuter les programmes bloqués/Malwarebytes Anti-Malware.

Si besoin tu peux consulter le tuto suivant: Comment installer et utiliser Malwarebytes' Anti-Malware



:arrow: Poste ensuite un nouveau rapport OTL.exe
Image
Avatar de l’utilisateur
Marie
Administrateur
Administrateur
 
Messages: 22034
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var

Re: Cheval de Troie TR/ATRAPS.Gen

Messagepar Olivier7 » 26 Aoû 2010, 20:45

Bonsoir,
ça a été très laborieux d'installer ce programme, mon ordi est tellement infesté, je pensais ne jamais y arriver !
Donc voici le rapport :

Code: Tout sélectionner
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Version de la base de données: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

26/08/2010 21:37:32
mbam-log-2010-08-26 (21-37-32).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 141277
Temps écoulé: 54 minute(s), 56 seconde(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 45
Valeur(s) du Registre infectée(s): 6
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 14
Fichier(s) infecté(s): 26

Processus mémoire infecté(s):
C:\Users\Marie\AppData\Roaming\SystemProc\lsass.exe (Trojan.Agent) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
C:\Windows\System32\dskquoui32.dll (Trojan.Tracur) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1082b046-c9f5-4bf0-a040-da6ee647a295} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1082b046-c9f5-4bf0-a040-da6ee647a295} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bestshoppingtipsprogram.bestshoppingtipsprogram (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bestshoppingtipsprogram.bestshoppingtipsprogram.1 (Adware.PlayMP3z) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f77a3110-50b0-47b7-8634-3ef37867f318} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f77a3110-50b0-47b7-8634-3ef37867f318} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{f77a3110-50b0-47b7-8634-3ef37867f318} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{f77a3111-50b0-47b7-8634-3ef37867f318} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f77a3111-50b0-47b7-8634-3ef37867f318} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f77a3111-50b0-47b7-8634-3ef37867f318} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{5720509c-f36c-4839-2759-852879c94112} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5720509c-f36c-4839-2759-852879c94112} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5720509c-f36c-4839-2759-852879c94112} (Trojan.Tracur) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\FocusInteractive (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PlayMP3 (Adware.PLayMP3z) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\soqcg (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ugyas (Trojan.Agent.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{f77a3110-50b0-47b7-8634-3ef37867f318} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{f77a3110-50b0-47b7-8634-3ef37867f318} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rthdbpl (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sdofucamot (Trojan.Agent.U) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: c:\windows\system32\dskquoui32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Tracur) -> Data: system32\dskquoui32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.mirarsearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Search Bar (Hijack.SearchPage) -> Bad: (http://www.mirarsearch.com/?useie5=1&q=) Good: (http://www.google.com) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
C:\Program Files\BestShoppingTipsProgram (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\FunWebProducts\ScreenSaver\Images (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\Save (Adware.WhenU) -> Quarantined and deleted successfully.
C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\ProgramData\1741371925 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Marie\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Mathieu\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\Marie\Local Settings\Application Data\soqcg_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Marie\Local Settings\Application Data\soqcg_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Marie\Local Settings\Application Data\soqcg.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Marie\Local Settings\Application Data\ugyas_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Marie\Local Settings\Application Data\ugyas_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\Marie\Local Settings\Application Data\ugyas.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\ProgramData\clb32.dll (Trojan.BHO.H) -> Quarantined and deleted successfully.
C:\Windows\System32\winae78.dll (Adware.Mirar) -> Quarantined and deleted successfully.
C:\Program Files\BestShoppingTipsProgram\uninstall.exe (Adware.PlayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\PlayMP3.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Program Files\PlayMP3z\uninstall.exe (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayMP3z\Run PlayMP3z.pif (Adware.PLayMP3z) -> Quarantined and deleted successfully.
C:\ProgramData\1741371925\new.i1 (Rogue.SecurityTool) -> Quarantined and deleted successfully.
C:\Users\Marie\AppData\Roaming\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Mathieu\AppData\Roaming\SystemProc\lsass.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\bcrypt32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\dinput32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\dmintf32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\dnssdX32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\drprov32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\ds32gt32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\ezsvc732.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\dskquoui32.dll (Trojan.Tracur) -> Delete on reboot.
C:\Windows\System32\dssenh32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
Olivier7
Habitué
Habitué
 
Messages: 60
Inscription: 31 Déc 2008, 13:53

Re: Cheval de Troie TR/ATRAPS.Gen

Messagepar Olivier7 » 26 Aoû 2010, 21:01

Bonsoir Marie,
Voici le nouveau rapport OTL (je ne crois pas que les problèmes soient entièrement éradiqués car l'antivirus appelle encore, mais il y a une accalmie...)

Code: Tout sélectionner
OTL logfile created on: 26/08/2010 21:54:01 - Run 2
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\Marie\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222,30 Gb Total Space | 99,14 Gb Free Space | 44,60% Space Free | Partition Type: NTFS
Drive D: | 10,59 Gb Total Space | 1,79 Gb Free Space | 16,89% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: GAUBERT
Current User Name: Marie
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2010/08/24 19:11:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
PRC - [2010/07/10 14:40:50 | 000,102,400 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2010/05/10 14:12:28 | 000,439,568 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe
PRC - [2009/07/13 12:10:00 | 000,525,640 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/07/11 19:03:18 | 000,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2009/02/26 15:24:50 | 000,097,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PRC - [2008/12/25 14:41:20 | 000,189,736 | ---- | M] (CyberLink) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008/12/25 14:41:16 | 001,316,136 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008/12/17 17:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files\SMINST\BLService.exe
PRC - [2008/12/03 09:44:36 | 000,069,632 | ---- | M] (France Telecom SA) -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
PRC - [2008/12/01 18:00:16 | 000,274,432 | R--- | M] (France Telecom SA) -- C:\Program Files\CardDetector\HUAWEI\CardDetector.exe
PRC - [2008/11/28 19:04:26 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008/11/26 18:13:08 | 000,296,320 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2008/11/26 18:13:08 | 000,116,096 | ---- | M] () -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008/11/18 20:35:44 | 000,914,224 | ---- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008/10/26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\stacsv.exe
PRC - [2008/10/26 22:48:30 | 000,450,659 | ---- | M] (IDT, Inc.) -- C:\Program Files\IDT\WDM\sttray.exe
PRC - [2008/10/15 13:31:25 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
PRC - [2008/10/15 13:29:28 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
PRC - [2008/06/27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe
PRC - [2008/03/03 15:05:04 | 000,959,976 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/03/03 15:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2008/01/21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - [2010/08/24 19:11:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
MOD - [2009/04/11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe -- (Norton Internet Security)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/14 11:00:26 | 000,249,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/17 17:36:24 | 000,067,360 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009/09/25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/03/31 09:39:36 | 000,233,472 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2008/12/17 17:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008/12/03 09:44:36 | 000,069,632 | ---- | M] (France Telecom SA) [Auto | Running] -- C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe -- (FTRTSVC)
SRV - [2008/11/26 18:13:08 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc) TV Background Capture Service (TVBCS)
SRV - [2008/11/26 18:13:08 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched) TV Task Scheduler (TVTS)
SRV - [2008/10/26 22:49:40 | 000,237,657 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\stacsv.exe -- (STacSV)
SRV - [2008/10/15 13:31:25 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/15 13:29:28 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/06/27 17:53:08 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\AEstSrv.exe -- (AESTFilters)
SRV - [2008/04/07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/03/03 15:05:02 | 000,079,400 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/02/03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008/01/21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\System32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20080829.024\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2009/06/03 08:16:52 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/06/03 08:16:50 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/06/03 08:16:47 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2009/03/31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/03/20 11:01:26 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV - [2009/03/20 11:01:26 | 000,090,112 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV - [2009/03/20 11:01:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV - [2009/03/15 03:36:26 | 001,331,192 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2009/01/23 13:16:34 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2009/01/23 13:16:34 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2009/01/23 13:16:34 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/12/31 16:00:52 | 004,172,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/28 19:04:24 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/03/15 03:09:39] [Kernel | Auto | Running] -- C:\Program Files\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008/11/12 12:53:36 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/11/12 12:53:36 | 000,100,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2008/10/26 22:50:56 | 000,391,168 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008/10/23 11:42:10 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/09/04 19:47:00 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)
DRV - [2008/08/06 18:26:08 | 000,124,928 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/07/24 18:48:04 | 000,201,264 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/27 13:12:12 | 000,024,424 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/03/27 13:11:34 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/03/03 15:06:04 | 000,279,440 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2008/01/21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008/01/21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008/01/21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2007/11/08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/09/17 16:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/06/18 17:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 09:30:56 | 000,194,048 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fr.com/fr/index.php?rvs=hompag
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.pucuy.com/
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 B0 82 10 F5 C9 F0 4B A0 40 DA 6E E6 47 A2 95  [binary data]
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 B0 82 10 F5 C9 F0 4B A0 40 DA 6E E6 47 A2 95  [binary data]
 
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=fr_fr&c=91&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fr.com/fr/index.php?rvs=hompag
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 46 B0 82 10 F5 C9 F0 4B A0 40 DA 6E E6 47 A2 95  [binary data]
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "http://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.9.135
FF - prefs.js..extensions.enabledItems: {3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}:2.2
FF - prefs.js..extensions.enabledItems: {e67d2d90-df06-47db-a400-b92980d80238}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..keyword.URL: "http://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16050&locale=fr_FR&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/07/12 15:23:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/03 15:26:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/03 16:31:18 | 000,000,000 | ---D | M]
 
[2009/05/10 22:04:46 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\mozilla\Extensions
[2009/04/20 10:52:30 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010/08/25 19:24:31 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\6gudh12l.default\extensions
[2009/09/07 20:50:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\6gudh12l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/10/18 21:39:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\6gudh12l.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/07/29 19:11:47 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\6gudh12l.default\extensions\{e67d2d90-df06-47db-a400-b92980d80238}
[2009/07/06 12:35:39 | 000,000,000 | ---D | M] (Save extension) -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\6gudh12l.default\extensions\{f6bf92e0-b190-11dd-ad8b-0800200c9a68}
[2010/08/23 18:58:36 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\mozilla\Firefox\Profiles\6gudh12l.default\extensions\toolbar@ask.com
[2010/08/23 18:58:50 | 000,002,253 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\6gudh12l.default\searchplugins\askcom.xml
[2009/07/18 01:02:48 | 000,002,476 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\6gudh12l.default\searchplugins\BearShareWebSearch.xml
[2010/07/31 10:49:39 | 000,001,832 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\6gudh12l.default\searchplugins\bing.xml
[2009/07/05 10:26:18 | 000,009,941 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\Mozilla\FireFox\Profiles\6gudh12l.default\searchplugins\mywebsearch.xml
[2010/07/13 11:32:24 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/11 19:03:22 | 000,001,516 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml
[2009/07/18 01:02:48 | 000,002,476 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\BearShareWebSearch.xml
[2009/07/11 19:03:22 | 000,000,757 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml
[2009/07/11 19:03:22 | 000,000,748 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.xml
[2010/07/18 18:11:23 | 000,000,615 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pucuy.xml
[2009/07/11 19:03:22 | 000,001,426 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.xml
[2009/07/11 19:03:22 | 000,000,652 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml
 
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\..\Toolbar\WebBrowser: (no name) - {35065594-9169-4A34-B167-FC4865038E53} - No CLSID value found.
O3 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BEWINTERNET-FR-DMGP-V2SessionManager] C:\Program Files\Orange\IEWInternet\SessionManager\SessionManager.exe (France Telecom SA)
O4 - HKLM..\Run: [CardDetectorHUAWEI] C:\Program Files\CardDetector\HUAWEI\CardDetector.exe (France Telecom SA)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [TSMAgent] C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [TVAgent] C:\Program Files\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe File not found
O4 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000..\Run: [MessengerPlus3] C:\Program Files\MessengerPlus! 3\MsgPlus.exe File not found
O4 - HKU\S-1-5-21-2625083309-223478488-3227772987-1000..\Run: [Save] C:\Users\Marie\AppData\Roaming\Save\Save.exe File not found
O4 - Startup: C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\marie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\marie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Notification de cadeaux MSN.lnk = C:\Users\Marie\AppData\Roaming\Microsoft\Notification de cadeaux MSN\lsnfier.exe File not found
O4 - Startup: C:\Users\marie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe (Lime Wire, LLC)
O4 - Startup: C:\Users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/fr/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Marie\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Marie\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3fdae47f-3d96-11de-9624-00238b8ee567}\Shell - "" = AutoRun
O33 - MountPoints2\{3fdae47f-3d96-11de-9624-00238b8ee567}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{8e01576a-d85d-11de-ab62-00238b8ee567}\Shell\AutoRun\command - "" = F:\start.exe -- File not found
O33 - MountPoints2\{971f110c-4aba-11df-b80c-00238b8ee567}\Shell - "" = AutoRun
O33 - MountPoints2\{971f110c-4aba-11df-b80c-00238b8ee567}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010/08/26 00:14:21 | 000,000,000 | ---D | C] -- C:\Users\Marie\AppData\Roaming\Malwarebytes
[2010/08/25 20:18:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/08/25 20:18:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/08/25 20:18:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/08/25 20:18:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/08/25 19:26:40 | 006,153,376 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Marie\Desktop\mbam-setup-1.46.exe
[2010/08/24 19:24:59 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
[2010/08/22 12:35:27 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010/08/22 12:35:19 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010/08/22 12:35:19 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010/08/22 12:35:19 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010/08/22 12:35:07 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/08/22 12:35:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010/08/22 12:34:45 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010/08/22 12:34:44 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010/08/10 21:39:27 | 000,325,632 | ---- | C] (Borland Software Corporation) -- C:\ProgramData\dimsroam32.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Users\Marie\Desktop\*.tmp files -> C:\Users\Marie\Desktop\*.tmp -> ]
[1 C:\Users\Marie\AppData\Roaming\*.tmp files -> C:\Users\Marie\AppData\Roaming\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010/08/26 21:53:30 | 003,670,016 | -HS- | M] () -- C:\Users\Marie\ntuser.dat
[2010/08/26 21:51:01 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/08/26 21:47:48 | 000,352,615 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml
[2010/08/26 21:47:47 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/08/26 21:47:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/08/26 21:47:46 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/08/26 21:47:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/08/26 21:47:33 | 3218,284,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/08/26 21:46:47 | 000,524,288 | -HS- | M] () -- C:\Users\Marie\ntuser.dat{e7e85958-1942-11df-bde8-00238b8ee567}.TMContainer00000000000000000001.regtrans-ms
[2010/08/26 21:46:47 | 000,065,536 | -HS- | M] () -- C:\Users\Marie\ntuser.dat{e7e85958-1942-11df-bde8-00238b8ee567}.TM.blf
[2010/08/26 21:46:17 | 002,266,366 | -H-- | M] () -- C:\Users\Marie\AppData\Local\IconCache.db
[2010/08/26 21:17:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2625083309-223478488-3227772987-1001UA.job
[2010/08/26 19:46:13 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2625083309-223478488-3227772987-1001Core.job
[2010/08/25 20:18:51 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/25 19:26:43 | 006,153,376 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Marie\Desktop\mbam-setup-1.46.exe
[2010/08/24 21:51:44 | 000,004,181 | -HS- | M] () -- C:\Users\Marie\AppData\Roaming\0200000034abdb08964P.manifest
[2010/08/24 21:51:44 | 000,000,311 | -HS- | M] () -- C:\Users\Marie\AppData\Roaming\0200000034abdb08964O.manifest
[2010/08/24 21:50:52 | 000,001,181 | ---- | M] () -- C:\ProgramData\629351950
[2010/08/24 20:13:26 | 000,000,051 | -HS- | M] () -- C:\Users\Marie\AppData\Roaming\0200000034abdb08964C.manifest
[2010/08/24 20:11:34 | 000,000,011 | -HS- | M] () -- C:\Users\Marie\AppData\Roaming\0200000034abdb08964S.manifest
[2010/08/24 20:01:26 | 000,013,824 | ---- | M] () -- C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/08/24 19:56:32 | 000,093,184 | ---- | M] () -- C:\Users\Marie\Desktop\OTL by OldTimer.doc
[2010/08/24 19:55:39 | 000,026,858 | ---- | M] () -- C:\Users\Marie\Desktop\OTL by OldTimer.docx
[2010/08/24 19:20:36 | 001,495,948 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/24 19:20:36 | 000,679,042 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2010/08/24 19:20:36 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/24 19:20:36 | 000,126,626 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2010/08/24 19:20:36 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/24 19:11:46 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Marie\Desktop\OTL.exe
[2010/08/23 13:17:51 | 000,000,817 | ---- | M] () -- C:\ProgramData\1442405746
[2010/08/23 11:45:28 | 000,000,413 | -HS- | M] () -- C:\ProgramData\94965026
[2010/08/23 11:42:28 | 000,309,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/08/22 16:35:43 | 000,001,702 | ---- | M] () -- C:\Users\Marie\Desktop\LimeWire 5.5.14.lnk
[2010/08/22 12:30:15 | 000,000,122 | ---- | M] () -- C:\ProgramData\sl1682481072
[2010/08/10 21:39:27 | 000,325,632 | ---- | M] (Borland Software Corporation) -- C:\ProgramData\dimsroam32.dll
[2010/08/01 07:43:52 | 000,000,113 | ---- | M] () -- C:\Users\Marie\AppData\Roaming\5795a75
[2010/07/30 22:36:18 | 000,313,344 | ---- | M] () -- C:\ProgramData\d3dim70032.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Users\Marie\Desktop\*.tmp files -> C:\Users\Marie\Desktop\*.tmp -> ]
[1 C:\Users\Marie\AppData\Roaming\*.tmp files -> C:\Users\Marie\AppData\Roaming\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010/08/25 20:18:51 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/24 19:56:31 | 000,093,184 | ---- | C] () -- C:\Users\Marie\Desktop\OTL by OldTimer.doc
[2010/08/24 19:55:39 | 000,026,858 | ---- | C] () -- C:\Users\Marie\Desktop\OTL by OldTimer.docx
[2010/08/23 18:43:50 | 000,001,181 | ---- | C] () -- C:\ProgramData\629351950
[2010/08/22 16:35:43 | 000,001,702 | ---- | C] () -- C:\Users\Marie\Desktop\LimeWire 5.5.14.lnk
[2010/08/22 15:12:27 | 000,001,084 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2625083309-223478488-3227772987-1001UA.job
[2010/08/22 15:12:24 | 000,001,032 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2625083309-223478488-3227772987-1001Core.job
[2010/07/30 22:36:18 | 000,313,344 | ---- | C] () -- C:\ProgramData\d3dim70032.dll
[2010/07/24 09:50:54 | 000,318,976 | ---- | C] () -- C:\ProgramData\fdPHost32.dll
[2010/07/23 16:59:53 | 000,318,976 | ---- | C] () -- C:\ProgramData\fundisc32.dll
[2010/07/22 14:51:00 | 000,318,976 | ---- | C] () -- C:\ProgramData\d3d10level932.dll
[2010/07/21 13:45:14 | 000,318,976 | ---- | C] () -- C:\ProgramData\ddrawex32.dll
[2010/07/21 11:53:11 | 000,318,976 | ---- | C] () -- C:\ProgramData\dhcpcsvc32.dll
[2010/07/20 23:12:08 | 000,318,976 | ---- | C] () -- C:\ProgramData\bitsprx332.dll
[2010/07/20 22:49:03 | 000,318,976 | ---- | C] () -- C:\ProgramData\d3d10_1core32.dll
[2010/07/19 11:43:07 | 000,318,976 | ---- | C] () -- C:\ProgramData\C_ISCII32.dll
[2010/07/17 19:25:18 | 000,318,976 | ---- | C] () -- C:\ProgramData\connect32.dll
[2010/07/17 18:48:48 | 000,318,976 | ---- | C] () -- C:\ProgramData\esent32.dll
[2010/07/17 14:38:28 | 000,318,976 | ---- | C] () -- C:\ProgramData\diagperf32.dll
[2010/07/16 19:00:46 | 000,318,976 | ---- | C] () -- C:\ProgramData\cryptdll32.dll
[2010/07/15 20:47:00 | 000,000,218 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010/07/15 10:42:42 | 000,325,120 | ---- | C] () -- C:\ProgramData\dskquoui32.dll
[2010/07/11 20:40:13 | 000,325,120 | ---- | C] () -- C:\ProgramData\d3dx9_2732.dll
[2010/07/10 17:53:02 | 000,325,120 | ---- | C] () -- C:\ProgramData\dbghelp32.dll
[2010/07/10 15:51:48 | 000,325,120 | ---- | C] () -- C:\ProgramData\f3ahvoas32.dll
[2010/07/05 20:47:11 | 000,000,113 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\5795a75
[2010/07/05 20:44:21 | 000,004,181 | -HS- | C] () -- C:\Users\Marie\AppData\Roaming\0200000034abdb08964P.manifest
[2010/07/05 20:44:21 | 000,000,311 | -HS- | C] () -- C:\Users\Marie\AppData\Roaming\0200000034abdb08964O.manifest
[2010/07/05 20:44:21 | 000,000,051 | -HS- | C] () -- C:\Users\Marie\AppData\Roaming\0200000034abdb08964C.manifest
[2010/07/05 20:44:21 | 000,000,011 | -HS- | C] () -- C:\Users\Marie\AppData\Roaming\0200000034abdb08964S.manifest
[2010/07/04 16:08:35 | 000,000,122 | ---- | C] () -- C:\ProgramData\sl1682481072
[2010/07/03 14:50:15 | 000,000,817 | ---- | C] () -- C:\ProgramData\1442405746
[2010/07/03 14:50:15 | 000,000,413 | -HS- | C] () -- C:\ProgramData\94965026
[2010/07/03 14:49:47 | 000,203,776 | -HS- | C] () -- C:\ProgramData\unrar.exe
[2010/06/12 10:24:06 | 000,006,836 | ---- | C] () -- C:\Users\Marie\AppData\Local\d3d9caps.dat
[2010/03/13 20:47:02 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010/03/13 20:47:02 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009/12/27 16:11:49 | 000,076,407 | ---- | C] () -- C:\Users\Marie\AppData\Roaming\Smiley.ico
[2009/10/18 21:18:06 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/10/03 19:52:51 | 000,000,268 | ---- | C] () -- C:\Windows\_delis32.ini
[2009/09/11 18:00:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/03 17:15:26 | 000,000,088 | ---- | C] () -- C:\Users\Marie\AppData\Local\geoewow.bat
[2009/06/21 10:45:00 | 000,000,088 | ---- | C] () -- C:\Users\Marie\AppData\Local\cmseega.bat
[2009/06/14 15:22:28 | 000,000,022 | ---- | C] () -- C:\Windows\ISPY2AUTO.INI
[2009/05/10 16:10:17 | 000,013,824 | ---- | C] () -- C:\Users\Marie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/11 20:30:32 | 000,000,000 | ---- | C] () -- C:\Users\Marie\AppData\Local\QSwitch.txt
[2009/04/11 20:30:32 | 000,000,000 | ---- | C] () -- C:\Users\Marie\AppData\Local\DSwitch.txt
[2009/04/11 20:30:32 | 000,000,000 | ---- | C] () -- C:\Users\Marie\AppData\Local\AtStart.txt
[2009/04/11 20:30:24 | 000,032,004 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2009/03/15 04:20:37 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2009/03/15 04:20:27 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2009/03/15 04:19:53 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2009/03/15 04:19:16 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2009/03/15 04:17:45 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2009/03/15 03:36:32 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009/01/23 06:13:43 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2009/01/23 06:09:04 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2009/01/23 06:07:27 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2009/01/23 06:06:22 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2008/12/31 14:36:16 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/10/25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2009/09/30 18:57:19 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\BitZipper
[2009/10/27 23:55:40 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\FileZilla
[2009/08/29 01:36:45 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Fit3DLive
[2009/07/05 11:09:49 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Forte
[2010/03/28 21:48:44 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\FreeAudioPack
[2010/03/28 21:53:46 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\FreeVideoConverter
[2009/07/03 17:15:35 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Games-Attack
[2010/03/13 21:17:29 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\igraal
[2010/08/10 22:04:50 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\LimeWire
[2010/01/20 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Mostick
[2010/07/10 14:48:20 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\PC Suite
[2010/05/03 19:51:56 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\PhotoFiltre
[2009/04/12 09:01:59 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\PlayFirst
[2010/07/10 13:12:15 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Samsung
[2010/06/12 16:05:04 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Save
[2009/07/23 16:36:00 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\SecondLife
[2009/11/16 15:50:12 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\Studio-Scrap2
[2009/04/12 08:59:36 | 000,000,000 | ---D | M] -- C:\Users\Marie\AppData\Roaming\WildTangent
[2009/09/30 19:02:10 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\BitZipper
[2010/04/20 08:37:13 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\DNA
[2009/10/29 18:22:22 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\EurekaLog
[2010/03/02 23:14:50 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\Facebook
[2009/05/17 11:02:09 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\FloodLightGames
[2010/03/28 21:49:19 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\FreeAudioPack
[2010/03/28 21:54:04 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\FreeVideoConverter
[2010/03/30 14:36:04 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\gtk-2.0
[2010/03/19 22:32:43 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\igraal
[2010/04/20 08:04:07 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\LimeWire
[2009/04/14 14:52:46 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\PlayFirst
[2009/07/23 13:07:27 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\SecondLife
[2009/11/16 18:27:00 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\Studio-Scrap2
[2009/04/11 20:57:59 | 000,000,000 | ---D | M] -- C:\Users\marie_2\AppData\Roaming\WildTangent
[2010/04/21 21:02:24 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\BitZipper
[2010/04/30 18:46:56 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Forte
[2010/03/13 22:09:12 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\gtk-2.0
[2010/08/23 12:56:39 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\LimeWire
[2010/03/13 20:59:55 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\PC Suite
[2010/07/18 19:29:29 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\PlayFirst
[2010/07/03 00:55:18 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\Samsung
[2009/04/14 12:00:57 | 000,000,000 | ---D | M] -- C:\Users\Mathieu\AppData\Roaming\WildTangent
[2010/08/26 21:46:31 | 000,032,596 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/08/26 21:51:01 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
< End of report >
Olivier7
Habitué
Habitué
 
Messages: 60
Inscription: 31 Déc 2008, 13:53

Re: Cheval de Troie TR/ATRAPS.Gen

Messagepar Marie » 27 Aoû 2010, 00:59

Bonjour,

:arrow: Désinstalle Ask Toolbar par Programmes et Fonctionnalités.






:arrow: Désactive tous tes logiciels de sécurité (Antivir) le temps de télécharger et exécuter ComboFix. Ceci afin qu'ils ne gênent pas l'outil quand il travaille.

  • Télécharge ComboFix de sUBs sur ton bureau.
  • Consulte ce tuto détaillé sur l'utilisation du logiciel. Il t'explique dans le détail ce que tu dois faire et ne pas faire durant le scan.
  • Ferme toutes les fenêtres de tous les programmes en cours d'exécution.
  • Double-clique sur ComboFix.exe pour le lancer. Les conditions d'utilisations du programme vont s'afficher. Accepte les en cliquant sur OK.


  • Suite à ça, le scan va commencer. Patiente le temps que l'outil travaille sans l'interrompre et sans rien toucher. (Ne clique pas dans la fenêtre de ComboFix quand il est en train de s'exécuter: Ça pourrait planter Windows)
  • A la fin du scan, un rapport va être généré: C:\ComboFix.txt
    Poste ce rapport dans ta prochaine réponse.
Image
Avatar de l’utilisateur
Marie
Administrateur
Administrateur
 
Messages: 22034
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var

Re: Cheval de Troie TR/ATRAPS.Gen

Messagepar Olivier7 » 27 Aoû 2010, 19:25

Bonsoir,
Ci-dessous le rapport de ComboFix :

Merci
Olivier

Code: Tout sélectionner
ComboFix 10-08-26.04 - Marie 27/08/2010  19:48:58.1.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6002.2.1252.33.1036.18.3068.1862 [GMT 2:00]
Lancé depuis: c:\users\Marie\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\bitsprx332.dll
c:\programdata\C_ISCII32.dll
c:\programdata\connect32.dll
c:\programdata\cryptdll32.dll
c:\programdata\d3d10_1core32.dll
c:\programdata\d3d10level932.dll
c:\programdata\d3dx9_2732.dll
c:\programdata\dbghelp32.dll
c:\programdata\ddrawex32.dll
c:\programdata\dhcpcsvc32.dll
c:\programdata\diagperf32.dll
c:\programdata\dskquoui32.dll
c:\programdata\esent32.dll
c:\programdata\f3ahvoas32.dll
c:\programdata\fdPHost32.dll
c:\programdata\fundisc32.dll
c:\programdata\SysWoW32
c:\programdata\SysWoW32\@u262342440v0
c:\programdata\SysWoW32\_u262342440v0
c:\programdata\SysWoW32\_u262342440v1
c:\programdata\SysWoW32\_u262342440v2
c:\programdata\SysWoW32\_u262342440v3
c:\programdata\SysWoW32\mu262342440v4
c:\programdata\SysWoW32\mu262342440v4.kwd
c:\programdata\SysWoW32\mu262342440v5
c:\programdata\SysWoW32\mu262342440v5.kwd
c:\programdata\SysWoW32\mu262342440v6
c:\programdata\SysWoW32\mu262342440v6.kwd
c:\programdata\SysWoW32\mu262342440v7
c:\programdata\SysWoW32\mu262342440v7.kwd
c:\programdata\SysWoW32\wu262342440v0
c:\programdata\SysWoW32\wu262342440v0.kwd
c:\programdata\SysWoW32\wu262342440v1
c:\programdata\SysWoW32\wu262342440v1.kwd
c:\programdata\SysWoW32\wu262342440v2
c:\programdata\SysWoW32\wu262342440v2.kwd
c:\programdata\SysWoW32\wu262342440v3
c:\programdata\SysWoW32\wu262342440v3.kwd
c:\programdata\unrar.exe
c:\users\Marie\AppData\Roaming\0200000034abdb08964C.manifest
c:\users\Marie\AppData\Roaming\0200000034abdb08964O.manifest
c:\users\Marie\AppData\Roaming\0200000034abdb08964P.manifest
c:\users\Marie\AppData\Roaming\0200000034abdb08964S.manifest
c:\users\Marie\AppData\Roaming\C85D.tmp
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\6gudh12l.default\extensions\{e67d2d90-df06-47db-a400-b92980d80238}
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\6gudh12l.default\extensions\{e67d2d90-df06-47db-a400-b92980d80238}\chrome.manifest
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\6gudh12l.default\extensions\{e67d2d90-df06-47db-a400-b92980d80238}\chrome\xulcache.jar
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\6gudh12l.default\extensions\{e67d2d90-df06-47db-a400-b92980d80238}\defaults\preferences\xulcache.js
c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\6gudh12l.default\extensions\{e67d2d90-df06-47db-a400-b92980d80238}\install.rdf
c:\users\marie_2\AppData\Roaming\EurekaLog
c:\users\marie_2\AppData\Roaming\Mozilla\Firefox\Profiles\evli4j79.default\extensions\{e67d2d90-df06-47db-a400-b92980d80238}
c:\users\marie_2\AppData\Roaming\Mozilla\Firefox\Profiles\evli4j79.default\extensions\{e67d2d90-df06-47db-a400-b92980d80238}\chrome.manifest
c:\users\marie_2\AppData\Roaming\Mozilla\Firefox\Profiles\evli4j79.default\extensions\{e67d2d90-df06-47db-a400-b92980d80238}\chrome\xulcache.jar
c:\users\marie_2\AppData\Roaming\Mozilla\Firefox\Profiles\evli4j79.default\extensions\{e67d2d90-df06-47db-a400-b92980d80238}\defaults\preferences\xulcache.js
c:\users\marie_2\AppData\Roaming\Mozilla\Firefox\Profiles\evli4j79.default\extensions\{e67d2d90-df06-47db-a400-b92980d80238}\install.rdf
c:\users\Mathieu\AppData\Roaming\0200000034abdb08964C.manifest
c:\users\Mathieu\AppData\Roaming\0200000034abdb08964O.manifest
c:\users\Mathieu\AppData\Roaming\0200000034abdb08964P.manifest
c:\users\Mathieu\AppData\Roaming\0200000034abdb08964S.manifest
c:\users\Mathieu\AppData\Roaming\7E72.tmp
c:\users\Mathieu\AppData\Roaming\B29C.tmp
c:\users\Mathieu\AppData\Roaming\C080.tmp
c:\users\Mathieu\AppData\Roaming\CAAE.tmp
c:\users\Mathieu\AppData\Roaming\Mozilla\Firefox\Profiles\zdos3f7q.default\extensions\{e67d2d90-df06-47db-a400-b92980d80238}
c:\users\Mathieu\AppData\Roaming\Mozilla\Firefox\Profiles\zdos3f7q.default\extensions\{e67d2d90-df06-47db-a400-b92980d80238}\chrome.manifest
c:\users\Mathieu\AppData\Roaming\Mozilla\Firefox\Profiles\zdos3f7q.default\extensions\{e67d2d90-df06-47db-a400-b92980d80238}\chrome\xulcache.jar
c:\users\Mathieu\AppData\Roaming\Mozilla\Firefox\Profiles\zdos3f7q.default\extensions\{e67d2d90-df06-47db-a400-b92980d80238}\defaults\preferences\xulcache.js
c:\users\Mathieu\AppData\Roaming\Mozilla\Firefox\Profiles\zdos3f7q.default\extensions\{e67d2d90-df06-47db-a400-b92980d80238}\install.rdf

----- Cloneurs de fichier -----

c:\users\Marie\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
c:\windows\Installer\{0C7F8FBE-435C-34D2-6813-2A632AAC0C92}\ARPPRODUCTICON.exe
c:\windows\Installer\{0E1F58B6-39BF-23FC-B4E5-3A2B4A0FADEB}\ARPPRODUCTICON.exe
c:\windows\Installer\{0EEF3E07-3971-5080-2A3F-910691DA1135}\ARPPRODUCTICON.exe
c:\windows\Installer\{114C14EE-652A-5EF6-59B8-3E5B33D6A4DF}\ARPPRODUCTICON.exe
c:\windows\Installer\{116C3B09-ADE0-1B8B-2F9F-C8B09A89F9AA}\ARPPRODUCTICON.exe
c:\windows\Installer\{12C11B2C-00F3-AF06-94D4-1AAF70616507}\ARPPRODUCTICON.exe
c:\windows\Installer\{187817E2-6407-461C-B59B-56CE73363D34}\ARPPRODUCTICON.exe
c:\windows\Installer\{1EC09CDB-0674-B3D6-FCB1-7B3CE2BFF3E8}\ARPPRODUCTICON.exe
c:\windows\Installer\{255C206B-4776-1D14-9EDD-2F9458847739}\ARPPRODUCTICON.exe
c:\windows\Installer\{34CFF761-7AD1-7C1A-4513-79B3E2F54290}\ARPPRODUCTICON.exe
c:\windows\Installer\{3A6F3C3C-A83C-34D5-F80A-4FDA2FBBFE2F}\ARPPRODUCTICON.exe
c:\windows\Installer\{3DFA31F1-4747-60E4-6CA9-0060CFB99E30}\ARPPRODUCTICON.exe
c:\windows\Installer\{4198AAE5-A938-B0A0-9AD2-95C2F23ED677}\ARPPRODUCTICON.exe
c:\windows\Installer\{46345EA6-1608-2E99-B47F-D83725A5C4D9}\ARPPRODUCTICON.exe
c:\windows\Installer\{46ACB9C1-6109-088B-931F-B7A5CE735504}\ARPPRODUCTICON.exe
c:\windows\Installer\{51B8CA01-3E68-9993-E6F3-7F8982A0F600}\ARPPRODUCTICON.exe
c:\windows\Installer\{650A275F-75B8-B71E-4C9D-04E952A63E5F}\ARPPRODUCTICON.exe
c:\windows\Installer\{6756A967-2904-DE46-3265-4BB80B934904}\ARPPRODUCTICON.exe
c:\windows\Installer\{735DAC68-3FF4-2895-83A2-DBF135AB9F44}\ARPPRODUCTICON.exe
c:\windows\Installer\{8DAD42E6-BBE7-C12B-C78D-8AC8C87F4055}\ARPPRODUCTICON.exe
c:\windows\Installer\{90EF242A-A2ED-FBBD-2F1F-A159DB0DDAC3}\ARPPRODUCTICON.exe
c:\windows\Installer\{9198CC8F-8B08-6F7B-BF7D-A6594526B5DF}\ARPPRODUCTICON.exe
c:\windows\Installer\{93DD8BC9-ADD5-D20B-22B5-1526E45CB6C8}\ARPPRODUCTICON.exe
c:\windows\Installer\{99AF6670-F557-F4D3-3069-AE62DA675A70}\ARPPRODUCTICON.exe
c:\windows\Installer\{9B88930B-A7E7-03E5-1313-BED90FCCF72C}\ARPPRODUCTICON.exe
c:\windows\Installer\{9F19486B-B187-5A51-189F-FCCEBBB70E2E}\ARPPRODUCTICON.exe
c:\windows\Installer\{A019B329-BFA8-3F59-6F80-6A3714104CE9}\ARPPRODUCTICON.exe
c:\windows\Installer\{A107F928-EED3-28FC-857F-ED33FEDBA02A}\ARPPRODUCTICON.exe
c:\windows\Installer\{A15B2786-6F7E-0B96-A222-141202F9CECC}\ARPPRODUCTICON.exe
c:\windows\Installer\{A5D5CC36-6A42-6FB6-882F-90C6262C8DCA}\ARPPRODUCTICON.exe
c:\windows\Installer\{A9359BA2-B496-8E14-EDA9-923DBE8913CB}\ARPPRODUCTICON.exe
c:\windows\Installer\{AC599724-5755-48C1-ABE7-ABB857652930}\ARPPRODUCTICON.exe
c:\windows\Installer\{B3D11644-94AB-17E7-D9CF-52EF943D9F52}\ARPPRODUCTICON.exe
c:\windows\Installer\{B4B199E3-4D33-4F08-688A-9BCE5920AAF6}\ARPPRODUCTICON.exe
c:\windows\Installer\{BDDB0932-2C7F-ABB3-ED54-6F045EEF14F7}\ARPPRODUCTICON.exe
c:\windows\Installer\{C2E52B6F-E4F1-B9D6-D671-D7E2FC60C7C0}\ARPPRODUCTICON.exe
c:\windows\Installer\{C58AED82-0DD9-DF4B-1CE7-F7EE9B1BBB83}\ARPPRODUCTICON.exe
c:\windows\Installer\{C61D8EF2-D9BF-B36F-4887-ADE39C924F3F}\ARPPRODUCTICON.exe
c:\windows\Installer\{C7D02E19-07F2-8EE5-7C18-1617A656AF74}\ARPPRODUCTICON.exe
c:\windows\Installer\{C91CC841-7B39-9454-4A16-91C7FF300EC8}\ARPPRODUCTICON.exe
c:\windows\Installer\{CAAAB039-95E4-6F1C-36CC-2E6005E2540D}\ARPPRODUCTICON.exe
c:\windows\Installer\{CE60D4C0-86A7-52C8-7C8A-AFD2E99A1790}\ARPPRODUCTICON.exe
c:\windows\Installer\{D6EA6018-0F5B-E4CC-C930-990412BED306}\ARPPRODUCTICON.exe
c:\windows\Installer\{D80D6A7D-A6AA-019A-12D8-CA58F76FA313}\ARPPRODUCTICON.exe
c:\windows\Installer\{DB7DE91F-AC23-7A23-B1A7-6FD3A05534E2}\ARPPRODUCTICON.exe
c:\windows\Installer\{DFC21203-E063-A351-8027-F5D43162539D}\ARPPRODUCTICON.exe
c:\windows\Installer\{E0FE7850-04F8-D01A-971F-C7B00F8D003A}\ARPPRODUCTICON.exe
c:\windows\Installer\{E18407AE-614D-5B0B-9C38-5A1853E8AB5D}\ARPPRODUCTICON.exe
c:\windows\Installer\{E651B083-2904-8342-5C27-39800B39E03B}\ARPPRODUCTICON.exe
c:\windows\Installer\{E6695454-03CD-146E-4A10-75FCB5AFE3FB}\ARPPRODUCTICON.exe
c:\windows\Installer\{E9D045D8-E31E-E3D6-004D-9AD4EE6C2747}\ARPPRODUCTICON.exe
c:\windows\Installer\{E9EEB277-B66C-9A72-9CF0-90AC7BFC2095}\ARPPRODUCTICON.exe
c:\windows\Installer\{F98DF01D-F1C3-3878-FCE6-F749729A8949}\ARPPRODUCTICON.exe
c:\windows\Installer\{FDBA2850-0054-7733-527B-A6286D639345}\ARPPRODUCTICON.exe
.
.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-07-27 au 2010-08-27  ))))))))))))))))))))))))))))))))))))
.

2010-08-27 18:01 . 2010-08-27 18:01   --------   d-----w-   c:\users\Mathieu\AppData\Local\temp
2010-08-27 18:01 . 2010-08-27 18:01   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-08-27 18:00 . 2010-08-27 18:00   --------   d-----w-   c:\users\marie_2\AppData\Local\temp
2010-08-25 22:14 . 2010-08-25 22:14   --------   d-----w-   c:\users\Marie\AppData\Roaming\Malwarebytes
2010-08-25 18:18 . 2010-04-29 13:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 18:18 . 2010-08-25 18:18   --------   d-----w-   c:\programdata\Malwarebytes
2010-08-25 18:18 . 2010-08-25 18:18   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-08-25 18:18 . 2010-04-29 13:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-08-22 13:12 . 2010-08-22 13:13   --------   d-----w-   c:\users\Mathieu\AppData\Local\Google
2010-08-22 10:35 . 2010-05-27 20:08   81920   ----a-w-   c:\windows\system32\iccvid.dll
2010-08-22 10:35 . 2010-06-29 15:47   834048   ----a-w-   c:\windows\system32\wininet.dll
2010-08-22 10:35 . 2010-06-28 16:13   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-08-22 10:35 . 2010-06-11 16:16   274944   ----a-w-   c:\windows\system32\schannel.dll
2010-08-22 10:35 . 2010-06-21 13:37   2037760   ----a-w-   c:\windows\system32\win32k.sys
2010-08-22 10:35 . 2010-06-18 17:31   36864   ----a-w-   c:\windows\system32\rtutils.dll
2010-08-22 10:34 . 2010-06-08 17:35   3600768   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-08-22 10:34 . 2010-06-08 17:35   3548040   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-08-22 10:34 . 2010-06-11 16:15   1248768   ----a-w-   c:\windows\system32\msxml3.dll
2010-08-22 10:34 . 2010-06-18 15:04   302080   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-08-22 10:34 . 2010-06-18 15:04   144896   ----a-w-   c:\windows\system32\drivers\srv2.sys
2010-08-22 10:34 . 2010-06-16 16:04   905088   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2010-08-10 19:39 . 2010-08-10 19:39   325632   ----a-w-   c:\programdata\dimsroam32.dll
2010-07-30 20:36 . 2010-07-30 20:36   313344   ----a-w-   c:\programdata\d3dim70032.dll

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-27 17:29 . 2010-06-12 08:24   6836   ----a-w-   c:\users\Marie\AppData\Local\d3d9caps.dat
2010-08-27 17:26 . 2009-04-11 18:36   352615   ---ha-w-   c:\windows\system32\drivers\vsconfig.xml
2010-08-24 17:20 . 2009-01-23 10:54   679042   ----a-w-   c:\windows\system32\perfh00C.dat
2010-08-24 17:20 . 2009-01-23 10:54   126626   ----a-w-   c:\windows\system32\perfc00C.dat
2010-08-23 10:56 . 2010-03-13 19:09   --------   d-----w-   c:\users\Mathieu\AppData\Roaming\LimeWire
2010-08-23 09:21 . 2009-01-23 03:48   --------   d-----w-   c:\program files\Microsoft Works
2010-08-23 09:10 . 2009-01-23 04:00   --------   d-----w-   c:\programdata\Microsoft Help
2010-08-23 09:09 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-08-22 15:00 . 2010-08-22 15:00   0   ---ha-w-   c:\users\Mathieu\slqpvdlxst.tmp
2010-08-22 14:37 . 2010-03-13 19:15   --------   d-----w-   c:\program files\Ask.com
2010-08-22 14:35 . 2009-04-20 08:51   --------   d-----w-   c:\program files\LimeWire
2010-08-22 10:30 . 2009-04-19 12:40   --------   d-----w-   c:\programdata\Messenger Plus!
2010-08-22 10:30 . 2009-12-06 19:08   --------   d-----w-   c:\program files\Messenger Plus! Live
2010-08-10 20:04 . 2009-04-20 08:52   --------   d-----w-   c:\users\Marie\AppData\Roaming\LimeWire
2010-07-29 17:09 . 2009-09-13 11:28   10503718   ----a-w-   c:\windows\Internet Logs\tvDebug.zip
2010-07-27 11:51 . 2010-07-27 11:52   2380800   ----a-w-   c:\windows\Internet Logs\xDBA63E.tmp
2010-07-23 15:00 . 2010-07-22 12:52   680   ----a-w-   c:\users\Mathieu\AppData\Local\d3d9caps.dat
2010-07-20 20:43 . 2009-04-12 06:57   2380712   ----a-w-   c:\programdata\WildTangent\My HP Game Console\Downloads\fr\Installers\SetupGamesClient.exe
2010-07-20 20:42 . 2009-05-17 08:36   --------   d-----w-   c:\programdata\Sandlot Games
2010-07-20 20:41 . 2009-01-23 03:32   --------   d-----w-   c:\programdata\WildTangent
2010-07-20 12:38 . 2009-04-11 19:02   --------   d-----w-   c:\program files\Windows Live
2010-07-20 12:36 . 2010-07-20 12:36   --------   d-----w-   c:\program files\Windows Live SkyDrive
2010-07-18 17:29 . 2009-04-14 10:01   --------   d-----w-   c:\users\Mathieu\AppData\Roaming\PlayFirst
2010-07-17 12:35 . 2010-07-17 12:37   2053632   ----a-w-   c:\windows\Internet Logs\xDB2A88.tmp
2010-07-15 18:47 . 2009-01-23 03:04   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-07-13 09:31 . 2010-07-13 09:30   --------   d-----w-   c:\program files\Common Files\Macromedia
2010-07-13 09:31 . 2010-07-13 09:30   --------   d-----w-   c:\program files\Macromedia
2010-07-13 09:27 . 2009-01-23 03:04   --------   d-----w-   c:\program files\Common Files\InstallShield
2010-07-13 09:24 . 2009-04-11 18:28   78248   ----a-w-   c:\users\Marie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-12 15:55 . 2009-04-11 20:06   78248   ----a-w-   c:\users\Mathieu\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-12 12:54 . 2010-07-12 12:54   --------   d-----w-   c:\program files\Windows Portable Devices
2010-07-12 12:54 . 2006-11-02 10:25   665600   ----a-w-   c:\windows\inf\drvindex.dat
2010-07-12 12:54 . 2010-07-12 12:54   0   ---ha-w-   c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-07-12 12:53 . 2010-07-12 12:53   0   ---ha-w-   c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-07-12 12:43 . 2009-04-11 19:03   --------   d-----w-   c:\program files\Microsoft
2010-07-12 10:46 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Calendar
2010-07-12 10:46 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Sidebar
2010-07-12 10:46 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Journal
2010-07-12 10:46 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Collaboration
2010-07-12 10:46 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Photo Gallery
2010-07-12 10:46 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Defender
2010-07-10 12:54 . 2010-07-10 12:53   504832   ----a-w-   c:\users\Marie\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_Full_Update_NPS2_10064_2.exe
2010-07-10 12:48 . 2010-07-10 12:48   --------   d-----w-   c:\users\Marie\AppData\Roaming\PC Suite
2010-07-10 12:43 . 2010-07-02 22:49   --------   d-----w-   c:\program files\MarkAnyContentSAFER
2010-07-10 12:40 . 2007-10-25 16:26   5632   ----a-w-   c:\windows\system32\drivers\StarOpen.sys
2010-07-10 12:38 . 2010-07-10 11:14   89280248   ----a-w-   c:\users\Marie\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
2010-07-10 11:12 . 2010-03-13 18:46   --------   d-----w-   c:\users\Marie\AppData\Roaming\Samsung
2010-07-10 11:11 . 2010-07-10 11:11   --------   d-----w-   c:\program files\MarkAny
2010-07-10 11:11 . 2010-03-13 18:45   --------   d-----w-   c:\program files\PC Connectivity Solution
2010-07-10 11:09 . 2010-03-13 18:44   --------   d-----w-   c:\program files\Samsung
2010-07-10 09:21 . 2009-11-29 16:30   --------   d-----w-   c:\users\Marie\AppData\Roaming\Apple Computer
2010-07-07 16:23 . 2010-07-07 16:23   --------   d-----w-   c:\users\Mathieu\AppData\Roaming\CyberLink
2010-07-03 14:30 . 2009-12-25 12:03   --------   d-----w-   c:\program files\QuickTime
2010-07-03 14:23 . 2010-03-04 20:24   --------   d-----w-   c:\users\Mathieu\AppData\Roaming\Apple Computer
2010-07-03 14:15 . 2010-07-03 14:18   2744832   ----a-w-   c:\windows\Internet Logs\xDBBFB5.tmp
2010-07-03 13:31 . 2010-07-03 13:29   --------   d-----w-   c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-03 13:31 . 2009-12-25 12:04   --------   d-----w-   c:\program files\iTunes
2010-07-03 13:30 . 2010-07-03 13:30   --------   d-----w-   c:\program files\iPod
2010-07-03 13:29 . 2009-11-26 20:22   --------   d-----w-   c:\program files\Common Files\Apple
2010-07-03 13:15 . 2010-07-03 13:15   72504   ----a-w-   c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-03 13:10 . 2010-07-03 13:10   --------   d-----w-   c:\program files\Bonjour
2010-07-03 12:46 . 2009-11-26 20:24   --------   d-----w-   c:\program files\Safari
2010-07-02 22:55 . 2010-07-02 22:55   --------   d-----w-   c:\users\Mathieu\AppData\Roaming\Samsung
2010-06-12 12:47 . 2009-01-23 04:06   53319   ----a-w-   c:\programdata\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
2010-06-04 10:29 . 2010-06-04 10:29   71992   ----a-w-   c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-02 16:15 . 2010-06-02 16:16   22528   ----a-w-   c:\windows\Internet Logs\xDB954D.tmp
2010-06-02 16:13 . 2010-06-02 16:14   2775040   ----a-w-   c:\windows\Internet Logs\xDB8D50.tmp
2009-01-23 11:16 . 2009-01-23 10:57   8192   --sha-w-   c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-17 1233288]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-17 09:02   1233288   ----a-w-   c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-17 1233288]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-17 1233288]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-10 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1348904]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-01-21 210216]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-21 148888]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"CardDetectorHUAWEI"="c:\program files\CardDetector\HUAWEI\CardDetector.exe" [2008-12-01 274432]
"BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe" [2008-12-01 131824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-10-26 450659]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

c:\users\marie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-6-22 503808]

c:\users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-6-22 503808]
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-3 110592]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-3 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-7-13 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d0,d2,15,e0,b0,21,cb,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-11-12 100224]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/15 03:09];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 17:04 87536]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe [2008-06-27 77824]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper   REG_MULTI_SZ      getPlusHelper
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625083309-223478488-3227772987-1001Core.job
- c:\users\Mathieu\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-22 13:12]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625083309-223478488-3227772987-1001UA.job
- c:\users\Mathieu\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-22 13:12]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.msn.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.pucuy.com/
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\6gudh12l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/mail?&.src=ym&.intl=fr
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16050&locale=fr_FR&q=
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\components\FFGlobalExtension.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
HKCU-Run-MessengerPlus3 - c:\program files\MessengerPlus! 3\MsgPlus.exe
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-Save - c:\users\Marie\AppData\Roaming\Save\Save.exe
HKLM-Run-NPSStartup - (no file)
AddRemove-Save - c:\program files\Save\SaveUninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-27 20:04
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{214d804d-99b8-4d5b-a99f-875361ef55db}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0f0016d3
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{44d3f4fc-ed08-452d-b657-4823c061ff28}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0a00238b
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9959118c-c3c2-419f-b3bc-21c38b17188d}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:14020054
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{9c642153-bfe0-4511-a0b6-e778ddd5ea9e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:07001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{ba32a50a-3d27-4fae-8591-5916311409be}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0c001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{de2dc3b6-7b0b-4d95-bfdc-6148ec996511}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:10002100
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f50c0996-5b4a-4c6a-a322-6e991d4caa0e}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:06001422
"Dhcpv6State"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip6\Parameters\Interfaces\{f70a361f-6437-4fcc-91a4-cd88d468d91b}]
@DACL=(02 0000)
"Dhcpv6Iaid"=dword:0e001422
"Dhcpv6State"=dword:00000000
.
Heure de fin: 2010-08-27  20:07:30
ComboFix-quarantined-files.txt  2010-08-27 18:07

Avant-CF: 106 054 823 936 octets libres
Après-CF: 119 729 164 288 octets libres

- - End Of File - - 652A6C32448D3CD86E8D0E64779C7372
Olivier7
Habitué
Habitué
 
Messages: 60
Inscription: 31 Déc 2008, 13:53

Re: Cheval de Troie TR/ATRAPS.Gen

Messagepar Marie » 28 Aoû 2010, 01:27

:att: ComboFix est un outil puissant qui ne doit pas être employé à la légère. Cette procédure a été créée spécifiquement pour cet utilisateur. Si vous n'êtes pas cet utilisateur, ne la lancez pas au risque d'endommager sérieusement votre installation de Windows !


:arrow: Ouvre le bloc-notes (Démarrer/Programmes/Accessoires/bloc-notes)

  • Sélectionne tout le texte dans le cadre ci-dessous et copie-colle le dans le bloc-notes.

    File::
    c:\programdata\dimsroam32.dll
    c:\programdata\d3dim70032.dll
    c:\users\Mathieu\slqpvdlxst.tmp
    c:\windows\Internet Logs\xDBA63E.tmp
    c:\windows\Internet Logs\xDB2A88.tmp
    c:\windows\Internet Logs\xDBBFB5.tmp
    c:\windows\Internet Logs\xDB954D.tmp
    c:\windows\Internet Logs\xDB8D50.tmp



  • Sauvegarde ce fichier sous le nom de CFScript.txt sur ton bureau.

  • Veille à ce que tous tes logiciels de sécurité soient désactivés avant de passer à la suite.

  • Fais un glisser/déposer de l'icone de ce fichier CFScript sur l'icone de ComboFix comme sur la capture:

    Image

  • Lorsque la fenêtre rappelant les conditions d'utilisation apparait, clique sur OK pour lancer le script.

  • Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
    Ne touche à rien tant que le scan n'est pas terminé.

  • Une fois le scan achevé, un rapport va s'afficher: Poste son contenu dans ta prochaine réponse.

  • Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Image
Avatar de l’utilisateur
Marie
Administrateur
Administrateur
 
Messages: 22034
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var

Re: Cheval de Troie TR/ATRAPS.Gen

Messagepar Olivier7 » 28 Aoû 2010, 15:38

Bonjour,
Voici le nouveau rapport fait par ComboFix :

Code: Tout sélectionner
ComboFix 10-08-26.04 - Marie 28/08/2010  16:07:25.2.2 - x86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6002.2.1252.33.1036.18.3068.2005 [GMT 2:00]
Lancé depuis: c:\users\Marie\Desktop\ComboFix.exe
Commutateurs utilisés :: c:\users\Marie\Desktop\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\programdata\d3dim70032.dll"
"c:\programdata\dimsroam32.dll"
"c:\users\Mathieu\slqpvdlxst.tmp"
"c:\windows\Internet Logs\xDB2A88.tmp"
"c:\windows\Internet Logs\xDB8D50.tmp"
"c:\windows\Internet Logs\xDB954D.tmp"
"c:\windows\Internet Logs\xDBA63E.tmp"
"c:\windows\Internet Logs\xDBBFB5.tmp"
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\d3dim70032.dll
c:\programdata\dimsroam32.dll
c:\users\Mathieu\slqpvdlxst.tmp
c:\windows\Internet Logs\xDB2A88.tmp
c:\windows\Internet Logs\xDB8D50.tmp
c:\windows\Internet Logs\xDB954D.tmp
c:\windows\Internet Logs\xDBA63E.tmp
c:\windows\Internet Logs\xDBBFB5.tmp

.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-07-28 au 2010-08-28  ))))))))))))))))))))))))))))))))))))
.

2010-08-28 14:21 . 2010-08-28 14:21   --------   d-----w-   c:\users\Public\AppData\Local\temp
2010-08-27 23:30 . 2010-08-27 23:30   --------   d-----w-   c:\program files\RocketDock
2010-08-27 19:57 . 2010-08-27 19:57   --------   d-----w-   c:\users\Mathieu\AppData\Roaming\Malwarebytes
2010-08-25 22:14 . 2010-08-25 22:14   --------   d-----w-   c:\users\Marie\AppData\Roaming\Malwarebytes
2010-08-25 18:18 . 2010-04-29 13:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-25 18:18 . 2010-08-25 18:18   --------   d-----w-   c:\programdata\Malwarebytes
2010-08-25 18:18 . 2010-08-25 18:18   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-08-25 18:18 . 2010-04-29 13:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-08-22 13:12 . 2010-08-22 13:13   --------   d-----w-   c:\users\Mathieu\AppData\Local\Google
2010-08-22 10:35 . 2010-05-27 20:08   81920   ----a-w-   c:\windows\system32\iccvid.dll
2010-08-22 10:35 . 2010-06-29 15:47   834048   ----a-w-   c:\windows\system32\wininet.dll
2010-08-22 10:35 . 2010-06-28 16:13   78336   ----a-w-   c:\windows\system32\ieencode.dll
2010-08-22 10:35 . 2010-06-11 16:16   274944   ----a-w-   c:\windows\system32\schannel.dll
2010-08-22 10:35 . 2010-06-21 13:37   2037760   ----a-w-   c:\windows\system32\win32k.sys
2010-08-22 10:35 . 2010-06-18 17:31   36864   ----a-w-   c:\windows\system32\rtutils.dll
2010-08-22 10:34 . 2010-06-08 17:35   3600768   ----a-w-   c:\windows\system32\ntkrnlpa.exe
2010-08-22 10:34 . 2010-06-08 17:35   3548040   ----a-w-   c:\windows\system32\ntoskrnl.exe
2010-08-22 10:34 . 2010-06-11 16:15   1248768   ----a-w-   c:\windows\system32\msxml3.dll
2010-08-22 10:34 . 2010-06-18 15:04   302080   ----a-w-   c:\windows\system32\drivers\srv.sys
2010-08-22 10:34 . 2010-06-18 15:04   144896   ----a-w-   c:\windows\system32\drivers\srv2.sys
2010-08-22 10:34 . 2010-06-16 16:04   905088   ----a-w-   c:\windows\system32\drivers\tcpip.sys

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-28 13:45 . 2009-04-11 18:36   352615   ---ha-w-   c:\windows\system32\drivers\vsconfig.xml
2010-08-28 10:36 . 2010-03-13 19:09   --------   d-----w-   c:\users\Mathieu\AppData\Roaming\LimeWire
2010-08-27 20:13 . 2010-06-12 08:24   6836   ----a-w-   c:\users\Marie\AppData\Local\d3d9caps.dat
2010-08-24 17:20 . 2009-01-23 10:54   679042   ----a-w-   c:\windows\system32\perfh00C.dat
2010-08-24 17:20 . 2009-01-23 10:54   126626   ----a-w-   c:\windows\system32\perfc00C.dat
2010-08-23 09:21 . 2009-01-23 03:48   --------   d-----w-   c:\program files\Microsoft Works
2010-08-23 09:10 . 2009-01-23 04:00   --------   d-----w-   c:\programdata\Microsoft Help
2010-08-23 09:09 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-08-22 14:37 . 2010-03-13 19:15   --------   d-----w-   c:\program files\Ask.com
2010-08-22 14:35 . 2009-04-20 08:51   --------   d-----w-   c:\program files\LimeWire
2010-08-22 10:30 . 2009-04-19 12:40   --------   d-----w-   c:\programdata\Messenger Plus!
2010-08-22 10:30 . 2009-12-06 19:08   --------   d-----w-   c:\program files\Messenger Plus! Live
2010-08-10 20:04 . 2009-04-20 08:52   --------   d-----w-   c:\users\Marie\AppData\Roaming\LimeWire
2010-07-29 17:09 . 2009-09-13 11:28   10503718   ----a-w-   c:\windows\Internet Logs\tvDebug.zip
2010-07-23 15:00 . 2010-07-22 12:52   680   ----a-w-   c:\users\Mathieu\AppData\Local\d3d9caps.dat
2010-07-20 20:43 . 2009-04-12 06:57   2380712   ----a-w-   c:\programdata\WildTangent\My HP Game Console\Downloads\fr\Installers\SetupGamesClient.exe
2010-07-20 20:42 . 2009-05-17 08:36   --------   d-----w-   c:\programdata\Sandlot Games
2010-07-20 20:41 . 2009-01-23 03:32   --------   d-----w-   c:\programdata\WildTangent
2010-07-20 12:38 . 2009-04-11 19:02   --------   d-----w-   c:\program files\Windows Live
2010-07-20 12:36 . 2010-07-20 12:36   --------   d-----w-   c:\program files\Windows Live SkyDrive
2010-07-18 17:29 . 2009-04-14 10:01   --------   d-----w-   c:\users\Mathieu\AppData\Roaming\PlayFirst
2010-07-15 18:47 . 2009-01-23 03:04   --------   d--h--w-   c:\program files\InstallShield Installation Information
2010-07-13 09:31 . 2010-07-13 09:30   --------   d-----w-   c:\program files\Common Files\Macromedia
2010-07-13 09:31 . 2010-07-13 09:30   --------   d-----w-   c:\program files\Macromedia
2010-07-13 09:27 . 2009-01-23 03:04   --------   d-----w-   c:\program files\Common Files\InstallShield
2010-07-13 09:24 . 2009-04-11 18:28   78248   ----a-w-   c:\users\Marie\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-12 15:55 . 2009-04-11 20:06   78248   ----a-w-   c:\users\Mathieu\AppData\Local\GDIPFONTCACHEV1.DAT
2010-07-12 12:54 . 2010-07-12 12:54   --------   d-----w-   c:\program files\Windows Portable Devices
2010-07-12 12:54 . 2006-11-02 10:25   665600   ----a-w-   c:\windows\inf\drvindex.dat
2010-07-12 12:54 . 2010-07-12 12:54   0   ---ha-w-   c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-07-12 12:53 . 2010-07-12 12:53   0   ---ha-w-   c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-07-12 12:43 . 2009-04-11 19:03   --------   d-----w-   c:\program files\Microsoft
2010-07-12 10:46 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Calendar
2010-07-12 10:46 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Sidebar
2010-07-12 10:46 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Journal
2010-07-12 10:46 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Collaboration
2010-07-12 10:46 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Photo Gallery
2010-07-12 10:46 . 2006-11-02 12:37   --------   d-----w-   c:\program files\Windows Defender
2010-07-10 12:54 . 2010-07-10 12:53   504832   ----a-w-   c:\users\Marie\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_Full_Update_NPS2_10064_2.exe
2010-07-10 12:48 . 2010-07-10 12:48   --------   d-----w-   c:\users\Marie\AppData\Roaming\PC Suite
2010-07-10 12:43 . 2010-07-02 22:49   --------   d-----w-   c:\program files\MarkAnyContentSAFER
2010-07-10 12:40 . 2007-10-25 16:26   5632   ----a-w-   c:\windows\system32\drivers\StarOpen.sys
2010-07-10 12:38 . 2010-07-10 11:14   89280248   ----a-w-   c:\users\Marie\AppData\Roaming\Samsung\New PC Studio\LiveUpdate\Setup_For_Full_Update_IH2_7.exe
2010-07-10 11:12 . 2010-03-13 18:46   --------   d-----w-   c:\users\Marie\AppData\Roaming\Samsung
2010-07-10 11:11 . 2010-07-10 11:11   --------   d-----w-   c:\program files\MarkAny
2010-07-10 11:11 . 2010-03-13 18:45   --------   d-----w-   c:\program files\PC Connectivity Solution
2010-07-10 11:09 . 2010-03-13 18:44   --------   d-----w-   c:\program files\Samsung
2010-07-10 09:21 . 2009-11-29 16:30   --------   d-----w-   c:\users\Marie\AppData\Roaming\Apple Computer
2010-07-07 16:23 . 2010-07-07 16:23   --------   d-----w-   c:\users\Mathieu\AppData\Roaming\CyberLink
2010-07-03 14:30 . 2009-12-25 12:03   --------   d-----w-   c:\program files\QuickTime
2010-07-03 14:23 . 2010-03-04 20:24   --------   d-----w-   c:\users\Mathieu\AppData\Roaming\Apple Computer
2010-07-03 13:31 . 2010-07-03 13:29   --------   d-----w-   c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-07-03 13:31 . 2009-12-25 12:04   --------   d-----w-   c:\program files\iTunes
2010-07-03 13:30 . 2010-07-03 13:30   --------   d-----w-   c:\program files\iPod
2010-07-03 13:29 . 2009-11-26 20:22   --------   d-----w-   c:\program files\Common Files\Apple
2010-07-03 13:15 . 2010-07-03 13:15   72504   ----a-w-   c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-07-03 13:10 . 2010-07-03 13:10   --------   d-----w-   c:\program files\Bonjour
2010-07-03 12:46 . 2009-11-26 20:24   --------   d-----w-   c:\program files\Safari
2010-07-02 22:55 . 2010-07-02 22:55   --------   d-----w-   c:\users\Mathieu\AppData\Roaming\Samsung
2010-06-12 12:47 . 2009-01-23 04:06   53319   ----a-w-   c:\programdata\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
2010-06-04 10:29 . 2010-06-04 10:29   71992   ----a-w-   c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2009-01-23 11:16 . 2009-01-23 10:57   8192   --sha-w-   c:\windows\Users\Default\NTUSER.DAT
.

(((((((((((((((((((((((((((((   SnapShot@2010-08-27_18.04.17   )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:58 . 2010-08-28 13:47   63864              c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-04-19 07:48 . 2010-08-28 10:36   12608              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2625083309-223478488-3227772987-1001_UserData.bin
+ 2009-04-11 18:24 . 2010-08-28 13:47   10398              c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2625083309-223478488-3227772987-1000_UserData.bin
- 2009-03-15 01:26 . 2010-08-27 17:46   16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-15 01:26 . 2010-08-28 13:44   16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-03-15 01:26 . 2010-08-28 13:44   49152              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-15 01:26 . 2010-08-27 17:46   49152              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-15 01:26 . 2010-08-27 17:46   16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-03-15 01:26 . 2010-08-28 13:44   16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-26 21:28 . 2010-08-24 17:21   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-26 21:28 . 2010-08-27 20:22   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-26 21:28 . 2010-08-24 17:21   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-26 21:28 . 2010-08-27 20:22   32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-26 21:28 . 2010-08-24 17:21   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-26 21:28 . 2010-08-27 20:22   16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-17 06:55 . 2010-08-27 17:26   16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-17 06:55 . 2010-08-28 13:45   16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-17 06:55 . 2010-08-27 17:26   32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-17 06:55 . 2010-08-28 13:45   32768              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-17 06:55 . 2010-08-27 17:26   16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-17 06:55 . 2010-08-28 13:45   16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-08-28 13:44 . 2010-08-28 13:44   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-08-27 17:25 . 2010-08-27 17:25   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-08-28 13:44 . 2010-08-28 13:44   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-08-27 17:25 . 2010-08-27 17:25   2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-04-11 17:23 . 2010-08-28 11:02   289490              c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 13:05 . 2010-08-28 13:47   108800              c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-03-15 02:26 . 2010-08-28 12:24   161176              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-17 1233288]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-06-17 09:02   1233288   ----a-w-   c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-17 1233288]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-06-17 1233288]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"AutoStartNPSAgent"="c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe" [2010-07-10 102400]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-24 1348904]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"TVAgent"="c:\program files\Hewlett-Packard\Media\TV\TVAgent.exe" [2009-01-21 210216]
"UCam_Menu"="c:\program files\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-11-18 914224]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-21 148888]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-12-08 432432]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 959976]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"CardDetectorHUAWEI"="c:\program files\CardDetector\HUAWEI\CardDetector.exe" [2008-12-01 274432]
"BEWINTERNET-FR-DMGP-V2SessionManager"="c:\program files\Orange\IEWInternet\SessionManager\SessionManager.exe" [2008-12-01 131824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-10-26 450659]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]

c:\users\marie_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-6-22 503808]

c:\users\Mathieu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-6-22 503808]
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 - Capture d'‚cran et lancement.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-3 110592]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-10-3 110592]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-7-13 525640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d0,d2,15,e0,b0,21,cb,01

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2008-11-12 100224]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2009-03-20 90112]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2009-03-20 14976]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2009-03-20 121856]
R3 WPFFontCache_v0400;Cache de police de Windows Presentation Foundation 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/03/15 03:09];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 17:04 87536]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe [2008-06-27 77824]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2008-01-21 21504]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-03-31 233472]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [2008-12-17 365952]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
S2 TVSched;TV Task Scheduler (TVTS);c:\program files\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-11-19 222512]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-09-04 54784]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-23 107360]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper   REG_MULTI_SZ      getPlusHelper
LocalServiceAndNoImpersonation   REG_MULTI_SZ      FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 09:14   451872   ----a-w-   c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contenu du dossier 'Tâches planifiées'

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625083309-223478488-3227772987-1001Core.job
- c:\users\Mathieu\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-22 13:12]

2010-08-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2625083309-223478488-3227772987-1001UA.job
- c:\users\Mathieu\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-22 13:12]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.msn.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.pucuy.com/
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Marie\AppData\Roaming\Mozilla\Firefox\Profiles\6gudh12l.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxps://login.yahoo.com/config/mail?&.src=ym&.intl=fr
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16050&locale=fr_FR&q=
FF - component: c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\components\FFGlobalExtension.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-08-28 16:21
Windows 6.0.6002 Service Pack 2 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Heure de fin: 2010-08-28  16:24:13
ComboFix-quarantined-files.txt  2010-08-28 14:24
ComboFix2.txt  2010-08-27 18:07

Avant-CF: 118 874 292 224 octets libres
Après-CF: 118 836 060 160 octets libres

- - End Of File - - B8163B46E2A153EF14F12780018003F9
Olivier7
Habitué
Habitué
 
Messages: 60
Inscription: 31 Déc 2008, 13:53

Re: Cheval de Troie TR/ATRAPS.Gen

Messagepar Marie » 28 Aoû 2010, 19:19

Bonjour :sourire:


:arrow: Comment se porte le PC maintenant ? Les alertes de l'antivirus ont cessé ?


:arrow: As tu eu de la difficulté à désinstaller Ask Toolbar ? Je le vois toujours présent dans ton rapport.
Image
Avatar de l’utilisateur
Marie
Administrateur
Administrateur
 
Messages: 22034
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var

Re: Cheval de Troie TR/ATRAPS.Gen

Messagepar Olivier7 » 28 Aoû 2010, 22:47

Bonsoir Marie,
Le PC se porte beaucoup mieux, c'est clair :-)
Pour répondre à tes questions j'ai en fait interrogé mon fils qui est la personne qui l'utilise et l'a infecté grrr :-(
Il me dit avoir eu une unique alerte dans la soirée (au lieu de 300 ça change la vie...)
Enfin concernant Ask Toolbar, je n'ai rien fait de particulier pour le désinstaller, d'ailleurs je ne vois pas ce que c'est concrètement, si ComboFix ne l'a pas éliminé, comment puis-je le faire ?

Merci
Olivier
Olivier7
Habitué
Habitué
 
Messages: 60
Inscription: 31 Déc 2008, 13:53

Re: Cheval de Troie TR/ATRAPS.Gen

Messagepar Marie » 29 Aoû 2010, 00:21

Enfin concernant Ask Toolbar, je n'ai rien fait de particulier pour le désinstaller, d'ailleurs je ne vois pas ce que c'est concrètement, si ComboFix ne l'a pas éliminé, comment puis-je le faire ?


Tu vas dans Panneau de configuration/Programmes et Fonctionnalités, tu recherches le logiciel Ask Bar (ou Ask Toolbar) et tu cliques sur Désinstaller.


Pour répondre à tes questions j'ai en fait interrogé mon fils qui est la personne qui l'utilise et l'a infecté grrr :-(
Il me dit avoir eu une unique alerte dans la soirée (au lieu de 300 ça change la vie...)


Lance un scan complet de la machine par Antivir puis poste le rapport dans ta prochaine réponse. On va voir ce qu'il reste. :wink:
Image
Avatar de l’utilisateur
Marie
Administrateur
Administrateur
 
Messages: 22034
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var

Re: Cheval de Troie TR/ATRAPS.Gen

Messagepar Olivier7 » 29 Aoû 2010, 19:08

Bonsoir,
J'ai désinstallé Ask Toolbar.
Puis lancé le scan d'Antivir que voici ci-dessous (il a quand même trouvé encore 26 virus !) :

Code: Tout sélectionner
Avira AntiVir Personal
Date de création du fichier de rapport : dimanche 29 août 2010  16:22

La recherche porte sur 2757613 souches de virus.

Détenteur de la licence :Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme :      Windows Vista
Version de Windows :(Service Pack 2)  [6.0.6002]
Mode Boot :       Démarré normalement
Identifiant :     SYSTEM
Nom de l'ordinateur :GAUBERT

Informations de version :
BUILD.DAT     : 8.2.0.62       17752 Bytes  23/10/2009 13:16:00
AVSCAN.EXE    : 8.1.4.10      315649 Bytes  18/11/2008 07:21:00
AVSCAN.DLL    : 8.1.4.1        49921 Bytes  21/07/2008 12:44:27
LUKE.DLL      : 8.1.4.5       164097 Bytes  12/06/2008 11:44:16
LUKERES.DLL   : 8.1.4.0        13057 Bytes  04/07/2008 06:30:27
ANTIVIR0.VDF  : 7.10.0.0    19875328 Bytes  06/11/2009 20:03:10
ANTIVIR1.VDF  : 7.10.9.170  16733040 Bytes  23/07/2010 10:14:53
ANTIVIR2.VDF  : 7.10.11.38   2676128 Bytes  27/08/2010 17:46:34
ANTIVIR3.VDF  : 7.10.11.43     26624 Bytes  28/08/2010 17:46:34
Version du moteur: 8.2.4.46 
AEVDF.DLL     : 8.1.2.1       106868 Bytes  23/08/2010 10:15:12
AESCRIPT.DLL  : 8.1.3.44     1364346 Bytes  28/08/2010 17:46:39
AESCN.DLL     : 8.1.6.1       127347 Bytes  14/05/2010 19:28:01
AESBX.DLL     : 8.1.3.1       254324 Bytes  05/05/2010 16:01:45
AERDL.DLL     : 8.1.8.2       614772 Bytes  21/07/2010 18:23:02
AEPACK.DLL    : 8.2.3.5       471412 Bytes  23/08/2010 10:15:08
AEOFFICE.DLL  : 8.1.1.8       201081 Bytes  21/07/2010 18:22:42
AEHEUR.DLL    : 8.1.2.19     2867574 Bytes  28/08/2010 17:46:38
AEHELP.DLL    : 8.1.13.3      242038 Bytes  28/08/2010 17:46:36
AEGEN.DLL     : 8.1.3.20      397684 Bytes  28/08/2010 17:46:35
AEEMU.DLL     : 8.1.2.0       393588 Bytes  05/05/2010 16:01:39
AECORE.DLL    : 8.1.16.2      192887 Bytes  21/07/2010 18:21:40
AEBB.DLL      : 8.1.1.0        53618 Bytes  05/05/2010 16:01:37
AVWINLL.DLL   : 1.0.0.12       15105 Bytes  09/07/2008 07:40:02
AVPREF.DLL    : 8.0.2.0        38657 Bytes  16/05/2008 08:27:58
AVREP.DLL     : 8.0.0.7       159784 Bytes  16/02/2010 17:22:04
AVREG.DLL     : 8.0.0.1        33537 Bytes  09/05/2008 10:26:37
AVARKT.DLL    : 1.0.0.23      307457 Bytes  12/02/2008 07:29:19
AVEVTLOG.DLL  : 8.0.0.16      119041 Bytes  12/06/2008 11:27:46
SQLITE3.DLL   : 3.3.17.1      339968 Bytes  22/01/2008 16:28:02
SMTPLIB.DLL   : 1.2.0.23       28929 Bytes  12/06/2008 11:49:36
NETNT.DLL     : 8.0.0.1         7937 Bytes  25/01/2008 11:05:07
RCIMAGE.DLL   : 8.0.0.51     2371841 Bytes  04/07/2008 06:23:16
RCTEXT.DLL    : 8.0.52.1       86273 Bytes  17/07/2008 09:08:43

Configuration pour la recherche actuelle :
Nom de la tâche..................: Contrôle intégral du système
Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:, D:,
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: arrêt
Fichier mode de recherche........: Sélection de fichiers intelligente
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen

Début de la recherche : dimanche 29 août 2010  16:22

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wuauclt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'PresentationFontCache.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'conime.exe' - '1' module(s) sont contrôlés
Processus de recherche 'pcaui.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'HpqToaster.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CCC.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SynTPHelper.exe' - '1' module(s) sont contrôlés
Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Com4QLBEx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'WmiPrvSE.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpqWmiEx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ehmsas.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmpnetwk.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MOM.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ONENOTEM.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'WZQKPICK.EXE' - '1' module(s) sont contrôlés
Processus de recherche 'NPSAgent.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wmpnscfg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ehtray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LightScribeControlPanel.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DefMgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sttray.exe' - '1' module(s) sont contrôlés
Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CardDetector.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'zlclient.exe' - '1' module(s) sont contrôlés
Processus de recherche 'HPWAMain.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpwuSchd2.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'reader_sl.exe' - '1' module(s) sont contrôlés
Processus de recherche 'QLBCTRL.exe' - '1' module(s) sont contrôlés
Processus de recherche 'MSASCui.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SmartMenu.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TVAgent.exe' - '1' module(s) sont contrôlés
Processus de recherche 'CLMLSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TSMAgent.exe' - '1' module(s) sont contrôlés
Processus de recherche 'DVDAgent.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SynTPEnh.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'dwm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'HPHC_Service.exe' - '1' module(s) sont contrôlés
Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SearchIndexer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TVSched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'TVCapSvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SeaPort.exe' - '1' module(s) sont contrôlés
Processus de recherche 'RichVideo.exe' - '1' module(s) sont contrôlés
Processus de recherche 'BLService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LSSrvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'FTRTSVC.exe' - '1' module(s) sont contrôlés
Processus de recherche 'FsUsbExService.Exe' - '1' module(s) sont contrôlés
Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'AEstSrv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wlanext.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'vsmon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hpservice.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'SLsvc.exe' - '1' module(s) sont contrôlés
Processus de recherche 'audiodg.exe' - '0' module(s) sont contrôlés
Processus de recherche 'stacsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'Ati2evxx.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wininit.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'89' processus ont été contrôlés avec '89' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
    [INFO]      Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
    [INFO]      Aucun virus trouvé !
Secteur d'amorçage 'D:\'
    [INFO]      Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence.
Le registre a été contrôlé ( '53' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\'
C:\hiberfil.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\pagefile.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\ProgramData\WildTangent\129383e2-a23a-4142-8d5c-182f95f7bad2-extr.exe
    [0] Type d'archive: NSIS
      --> 1/Age-of-Castles.exe
        [1] Type d'archive: RSRC
        --> Object
          [RESULTAT]  Contient le cheval de Troie TR/Spy.Banker.Gen
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\bitsprx332.dll.vir
    [RESULTAT]  Contient le cheval de Troie TR/Searcher.G.2
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\connect32.dll.vir
    [RESULTAT]  Contient le cheval de Troie TR/Searcher.G.2
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\cryptdll32.dll.vir
    [RESULTAT]  Contient le cheval de Troie TR/Searcher.G.2
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\C_ISCII32.dll.vir
    [RESULTAT]  Contient le cheval de Troie TR/Searcher.G.2
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\d3d10level932.dll.vir
    [RESULTAT]  Contient le cheval de Troie TR/Searcher.G.2
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\d3d10_1core32.dll.vir
    [RESULTAT]  Contient le cheval de Troie TR/Searcher.G.2
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\d3dim70032.dll.vir
    [RESULTAT]  Contient le cheval de Troie TR/ATRAPS.Gen
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\d3dx9_2732.dll.vir
    [RESULTAT]  Contient le cheval de Troie TR/Searcher.G
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\dbghelp32.dll.vir
    [RESULTAT]  Contient le cheval de Troie TR/Searcher.G
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\ddrawex32.dll.vir
    [RESULTAT]  Contient le cheval de Troie TR/Searcher.G.2
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\dhcpcsvc32.dll.vir
    [RESULTAT]  Contient le cheval de Troie TR/Searcher.G.2
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\diagperf32.dll.vir
    [RESULTAT]  Contient le cheval de Troie TR/Searcher.G.2
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\dimsroam32.dll.vir
    [RESULTAT]  Contient le cheval de Troie TR/Kryptik.EX.1
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\dskquoui32.dll.vir
    [RESULTAT]  Contient le cheval de Troie TR/Searcher.G
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\esent32.dll.vir
    [RESULTAT]  Contient le cheval de Troie TR/Searcher.G.2
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\f3ahvoas32.dll.vir
    [RESULTAT]  Contient le cheval de Troie TR/Searcher.G
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\fdPHost32.dll.vir
    [RESULTAT]  Contient le cheval de Troie TR/Searcher.G.2
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\fundisc32.dll.vir
    [RESULTAT]  Contient le cheval de Troie TR/Searcher.G.2
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\wu262342440v1.vir
    [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Meredrop.A.11802
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\wu262342440v2.vir
    [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Pincav.adfu
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\ProgramData\SysWoW32\wu262342440v3.vir
    [0] Type d'archive: ZIP
    --> patch.exe
      [RESULTAT]  Contient le cheval de Troie TR/Tracur.B
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\Users\Mathieu\AppData\Roaming\B29C.tmp.vir
    [RESULTAT]  Contient le cheval de Troie TR/ATRAPS.Gen
    [REMARQUE]  Fichier supprimé.
C:\Qoobox\Quarantine\C\Users\Mathieu\AppData\Roaming\C080.tmp.vir
    [RESULTAT]  Contient le cheval de Troie TR/Agent.AQBD
    [REMARQUE]  Fichier supprimé.
C:\Users\Marie\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\6f38e8db-41b661c0
    [0] Type d'archive: ZIP
    --> ________vload.class
      [RESULTAT]  Contient le modèle de détection du virus Java JAVA/Agent.AJ.1
    --> vmain.class
      [RESULTAT]  Contient le modèle de détection du virus Java JAVA/Agent.AJ.1
    [REMARQUE]  Fichier supprimé.
C:\Users\Mathieu\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\160ba957-770d7ae8
    [0] Type d'archive: ZIP
    --> ________vload.class
      [RESULTAT]  Contient le modèle de détection du virus Java JAVA/Agent.AH
    [REMARQUE]  Fichier supprimé.
Recherche débutant dans 'D:\' <RECOVERY>


Fin de la recherche : dimanche 29 août 2010  19:29
Temps nécessaire:  3:07:28 Heure(s)

La recherche a été effectuée intégralement

  39056 Les répertoires ont été contrôlés
 774468 Des fichiers ont été contrôlés
     27 Des virus ou programmes indésirables ont été trouvés
      0 Des fichiers ont été classés comme suspects
     26 Des fichiers ont été supprimés
      0 Des virus ou programmes indésirables ont été réparés
      0 Les fichiers ont été déplacés dans la quarantaine
      0 Les fichiers ont été renommés
      2 Impossible de contrôler des fichiers
 774439 Fichiers non infectés
   2881 Les archives ont été contrôlées
      2 Avertissements
     26 Consignes
Olivier7
Habitué
Habitué
 
Messages: 60
Inscription: 31 Déc 2008, 13:53

Re: Cheval de Troie TR/ATRAPS.Gen

Messagepar Marie » 29 Aoû 2010, 19:48

Bonjour :sourire:

Les fichiers infectés se trouvaient presque tous dans la quarantaine de Combofix. Donc pas de soucis.


:arrow: Est ce que Antivir a cessé de lancer les alertes depuis que tu as lancé le scan ?


:arrow: Poste un dernier rapport OTL pour vérification.
Image
Avatar de l’utilisateur
Marie
Administrateur
Administrateur
 
Messages: 22034
Inscription: 22 Juin 2007, 14:56
Localisation: La Valette du Var

Suivante

Retourner vers Aide pour supprimer les virus

 


  • Articles en relation
    Réponses
    Vus
    Dernier message

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités