Virus main.exoclick, affichage fenêtres publicitaires

firefox18 · le 9 décembre 2009

Bonjour à tous,

je suis moi aussi victime du Virus main.exoclick (un rootkit) si j'ai bien compris.

J'ai lu différent posts et j'ai exécuté Combofix (2 fois) mais je suis incapable d'analyser le rapport et j'ai toujours les mêmes symptômes (redirection des liens, fermeture de firefox).

J'espère que vous allez pouvoir m'aider.

Je vous mets tout de suite mon rapport pour rentrer dans le vif du sujet.

Un grand merci à celui ou celle qui va se pencher sur mon cas (désespéré mais pas grave.)

ps: avec Malwarebytes' Anti-Malware il ne trouve pas de fichiers infectés.

Le rapport:

ComboFix 09-12-08.04 - Renard 09/12/2009 18:41:38.3.1 - FAT32x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1214.800 [GMT 1:00]

Lancé depuis: c:\documents and settings\Renard\Bureau\ComboFix.exe

Commutateurs utilisés :: c:\documents and settings\Renard\Bureau\WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

AV: avast! antivirus 4.8.1356 [VPS 091209-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée

Copie restaurée à partir de - Kitty ate it

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-11-09 au 2009-12-09 ))))))))))))))))))))))))))))))))))))

.

2009-12-09 16:02 . 2009-12-09 16:02 -------- d-----w- c:\documents and settings\Renard\Application Data\Malwarebytes

2009-12-09 16:02 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-12-09 16:01 . 2009-12-09 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-12-09 16:01 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-12-09 16:01 . 2009-12-09 16:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-12-08 21:35 . 2009-12-08 21:35 -------- d-----w- c:\windows\system32\wbem\Repository

2009-11-13 09:54 . 2009-11-13 09:54 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 2(2)

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-09 17:34 . 2007-10-21 12:26 96512 ----a-w- c:\windows\system32\drivers\atapi.sys

2009-11-06 18:29 . 2009-11-06 18:29 -------- d-----w- c:\program files\Maxis

2009-11-05 15:06 . 2009-11-05 15:06 -------- d-----w- c:\documents and settings\Renard\Application Data\DAEMON Tools Lite

2009-11-05 15:06 . 2009-11-05 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2009-10-26 09:07 . 2009-10-26 09:07 -------- d-----w- c:\program files\Sygate

2009-10-26 08:35 . 2009-10-26 08:35 -------- d-----w- c:\program files\Alwil Software

2009-10-24 18:04 . 2009-05-17 09:32 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2009-10-24 08:40 . 2009-10-24 08:40 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf

2009-10-24 08:40 . 2009-10-24 08:40 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf

2009-09-15 11:59 . 2009-10-26 08:35 1279968 ----a-w- c:\windows\system32\aswBoot.exe

2009-09-15 11:56 . 2009-10-26 08:36 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys

2009-09-15 11:56 . 2009-10-26 08:36 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2009-09-15 11:55 . 2009-10-26 08:36 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys

2009-09-15 11:55 . 2009-10-26 08:36 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2009-09-15 11:54 . 2009-10-26 08:36 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2009-09-15 11:54 . 2009-10-26 08:36 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2009-09-15 11:53 . 2009-10-26 08:36 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2009-09-15 11:53 . 2009-10-26 08:36 97480 ----a-w- c:\windows\system32\AvastSS.scr

2006-05-29 16:25 . 2006-05-29 16:25 689152 ----a-w- c:\program files\Xtremsplit.exe

2006-01-16 18:46 . 2006-01-16 18:46 184320 ----a-w- c:\program files\cutkiller.exe

.

((((((((((((((((((((((((((((( SnapShot_2009-12-09_15.33.28 )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-12-09 17:38 . 2009-12-09 17:38 16384 c:\windows\Temp\Perflib_Perfdata_75c.dat

+ 2009-12-08 21:42 . 2009-12-09 17:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2009-12-08 21:42 . 2009-12-09 15:14 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2006-08-16 364544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Synchronizer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Hawking Wireless Utility.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Outil de mise à jour Google.lnk]

path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Outil de mise à jour Google.lnk

backup=c:\windows\pss\Outil de mise à jour Google.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Renard^Menu Démarrer^Programmes^Démarrage^Diskeeper 10 Professional Edition Registration.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 00:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]

2008-09-26 10:02 2356088 ----a-r- c:\program files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]

2008-04-13 18:34 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]

2007-07-04 19:59 45056 ----a-w- c:\program files\Vista Drive Icon\DrvIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-13 18:34 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2007-06-29 05:24 286720 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock]

2006-08-16 06:00 364544 ----a-w- c:\program files\RocketDock\RocketDock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService]

2004-08-13 18:05 2532576 ----a-w- c:\progra~1\Sygate\SPF\Smc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]

2009-03-05 15:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2005-11-10 12:03 36975 ----a-w- c:\program files\Java\jre1.5.0_06\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"mnmsrvc"=3 (0x3)

"iPod Service"=3 (0x3)

"ZuneNetworkSvc"=3 (0x3)

"Symantec Core LC"=2 (0x2)

"STI Simulator"=2 (0x2)

"WMPNetworkSvc"=3 (0x3)

"Planificateur LiveUpdate automatique"=3 (0x3)

"ose"=3 (0x3)

"idsvc"=3 (0x3)

"IDriverT"=3 (0x3)

"gusvc"=3 (0x3)

"FileZilla Server"=3 (0x3)

"Adobe LM Service"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"C:1\\Program Files\\eMule\\emule.exe"=

"c:\\Program Files\\EasyPHP 3.0\\mysql\\bin\\mysqld.exe"=

"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=

"c:\\Program Files\\Opera\\opera.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [26/10/2009 09:36 114768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26/10/2009 09:36 20560]

S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]

S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [29/11/2005 15:59 21344]

S3 K75xernt;K75xernt; [x]

S3 PAC7311;CamMaestro 1.0.2.4 Build 390P;c:\windows\system32\drivers\PA707UCM.sys [19/06/2006 17:56 156416]

S3 rtl8180;Realtek RTL8180 Wireless LAN (Mini-)PCI NIC NT Driver;c:\windows\system32\drivers\RTL8180.sys [01/09/2003 13:33 173184]

S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [01/10/2006 14:37 26624]

.

------- Examen supplémentaire -------

.

uStart Page = hxxp://google.com/

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

uInternet Connection Wizard,ShellNext = iexplore

uInternet Settings,ProxyServer = 81.109.120.81:8080

IE: &Télécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddLink.html

IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

IE: Tout t&élécharger avec NetTransport - c:\program files\Xi\NetTransport 2\NTAddList.html

DPF: {8731163E-77B9-4F91-9122-F112521C28AF} - hxxp://62.201.137.56/mmawap/jsp/composer/player/mmsPlayer.cab

FF - ProfilePath - c:\documents and settings\Renard\Application Data\Mozilla\Firefox\Profiles\bgtrn5xd.Utilisateur par défaut\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - hxxp://google.com/

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll

FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll

---- PARAMETRES FIREFOX ----

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-12-09 18:56

Windows 5.1.2600 Service Pack 3 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès

Fichiers cachés: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully

user: MBR read successfully

called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x89713618]<<

kernel: MBR read successfully

detected MBR rootkit hooks:

\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28

\Driver\ACPI -> ACPI.sys @ 0xba85ecb8

\Driver\atapi -> atapi.sys @ 0xba7f8852

IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8

ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6

\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a8

ParseProcedure -> ntoskrnl.exe @ 0x8056c1d6

user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]

"ImagePath"=""

.

--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]

"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\System32\\FM20ENU.DLL"

.

--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1592)

c:\windows\system32\SSSensor.dll

c:\windows\system32\eappprxy.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Heure de fin: 2009-12-09 19:03:51

ComboFix-quarantined-files.txt 2009-12-09 18:03

ComboFix2.txt 2009-12-09 15:40

ComboFix3.txt 2009-12-09 14:15

Avant-CF: 12 307 349 504 octets libres

Après-CF: 12 271 910 912 octets libres

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7

- - End Of File - - 18BCEF8E1098D92881E6FAC44F607726

Modifié le 6 janvier 2010 par firefox18

firefox18 · le 9 décembre 2009

Et voilà mon rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 21:45:31, on 09/12/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sygate\SPF\smc.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\FolderSize\FolderSizeSvc.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\RocketDock\RocketDock.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Opera\opera.exe

C:\Documents and Settings\Renard\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 81.109.120.81:8080

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll

O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O8 - Extra context menu item: &Télécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Tout t&élécharger avec NetTransport - C:\Program Files\Xi\NetTransport 2\NTAddList.html

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1230475553320

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1230475538219

O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://62.201.137.56/mmawap/jsp/composer/p...r/mmsPlayer.cab

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe

O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--

End of file - 5687 bytes

Merci pour les courageux, je reprends le fil toute la journée de demain en espérant que tout fonctionne demain soir.

Bonne soirée à vous, j'attends toutes les instructions avec impatience.

firefox18 · le 10 décembre 2009

Bonjour à tous,

Je suis dispo toute la journée , et j'ai toujours mon problème .

Le sioux · le 10 décembre 2009

Bonjour FireFox18 et bienvenue sur Zébulon

* Pour commencer, vu que tu es nouvelle/nouveau ici, regarde ces deux sujets si cela peux t'aider :

Retrouver ses messages et activer la notification par email

Comment participer a un forum

* Ton infection, c'est du sérieux : c:\windows\system32\DRIVERS\atapi.sys patché mais pas grand chose de visible dans le rapport de ComboFix ...

* Ce n'est pas raisonnable d'avoir lancé ComboFix tout seul, tu aurais pu avoir des soucis, ce n'est pas faute de le "crier" partout :

/ !\ Avis aux lecteurs : Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil. Ne pas utiliser en dehors de ce cas de figure : dangereux ! / !\

* Une question : Je vois une clef de registre en rapport avec vsdatant, possédais tu ZoneAlarm avant d'installer Sygate Personal Firewall Pro ?

Avant d'aller plus loin :

- Tout d'abord, si tu ne t'en sers pas trop, je te conseillerai de désinstaller DAEMON Tools Lite qui va nous gêner pour "shooter" tes cochonneries.

- Il reste également des restes de ton ancien antivirus Symantec/ Norton, utilises le désinstalleur prévu à cet effet afin de terminer cette désinstallation proprement.

- Enfin, une fois cela fait, afin d'y voir plus clair, fais ce qui suit :

Télécharge OTL de Old_Timer sur ton Bureau.

Ferme toutes les autres fenêtres, tous les autres programmes. Pas de connexion Internet active.

Double-clique sur OTL sur ton Bureau pour le lancer.

Sous l'emplacement "Custom Scan" copie colle le contenu de ce qui suit :

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
/md5stop
CREATERESTOREPOINT

Clique sur le bouton "Quick Scan".
Ne change aucun réglage, sauf si cela t'es demandé par l'outil.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront dans le Bloc-Notes.

--> Poste le contenu de OTL.txt (<<qui sera affiché) ainsi que de Extras.txt (<<qui sera réduit dans la Barre des Tâches).

Note : Les deux rapports (OTL.txt et Extra.txt) sont également sauvegardé sur ton Bureau.

@ suivre.

PS : je ne suis pas disponible en après midi, je suis un nocturne et je bosse cette nuit ...

Modifié le 10 décembre 2009 par Le sioux

firefox18 · le 10 décembre 2009

Merci de te pencher sur mon problème!!

Concernant Zone alarm je l'ai peut etre testé mais je ne me rappelle plus, pour deamons tools il est désinstallé, et j'ai appliqué l'outil pour Norton.

je te mets les rapports :

OTL logfile created on: 10/12/2009 10:43:58 - Run 1

OTL by OldTimer - Version 3.1.14.0 Folder = C:\Documents and Settings\Renard\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,19 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 67,46% Memory free

1,74 Gb Paging File | 1,46 Gb Available in Paging File | 84,23% Paging File free

Paging file location(s): C:\pagefile.sys 700 800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 27,47 Gb Total Space | 11,41 Gb Free Space | 41,53% Space Free | Partition Type: FAT32

Drive D: | 9,76 Gb Total Space | 4,09 Gb Free Space | 41,96% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ACER

Current User Name: Renard

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/10 10:24:54 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Renard\Bureau\OTL.exe

PRC - [2009/09/15 12:56:48 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe

PRC - [2009/09/15 12:56:44 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe

PRC - [2009/09/15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

PRC - [2008/04/13 19:34:30 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe

PRC - [2008/04/13 19:34:04 | 01,037,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/11/14 21:46:00 | 00,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe

PRC - [2006/08/16 07:00:00 | 00,364,544 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe

PRC - [2004/08/13 19:05:56 | 02,532,576 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe

PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

========== Modules (SafeList) ==========

MOD - [2009/12/10 10:24:54 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Renard\Bureau\OTL.exe

MOD - [2006/04/25 01:40:58 | 00,003,584 | ---- | M] () -- C:\Program Files\RocketDock\MouseHook2.dll

MOD - [2004/08/10 17:05:30 | 00,083,096 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINDOWS\system32\SSSensor.dll

MOD - [2003/04/24 12:00:00 | 00,149,019 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\crtdll.dll

========== Win32 Services (SafeList) ==========

SRV - File not found -- -- (Planificateur LiveUpdate automatique)

SRV - [2009/09/15 12:56:44 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)

SRV - [2009/09/15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)

SRV - [2009/09/15 12:54:14 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)

SRV - [2009/09/15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)

SRV - [2009/03/03 12:19:28 | 00,691,200 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)

SRV - [2008/04/13 19:33:28 | 00,029,184 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\irmon.dll -- (Irmon)

SRV - [2008/01/16 11:53:26 | 00,138,680 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)

SRV - [2007/11/14 21:46:00 | 00,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)

SRV - [2006/06/05 16:18:38 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)

SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)

SRV - [2005/01/14 09:32:00 | 00,053,248 | ---- | M] () -- C:\WINDOWS\system32\PAStiSvc.exe -- (STI Simulator)

SRV - [2004/08/13 19:05:56 | 02,532,576 | ---- | M] (Sygate Technologies, Inc.) -- C:\Program Files\Sygate\SPF\Smc.exe -- (SmcService)

SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose)

SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 81.109.120.81:8080

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/09 09:57:36 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2005/11/28 15:05:08 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2008/07/18 17:33:00 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008/10/23 11:04:40 | 00,000,000 | ---D | M]

[2008/06/19 20:36:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Mozilla\Extensions

[2006/01/08 21:53:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Mozilla\Firefox\Profiles\bgtrn5xd.Utilisateur par défaut\extensions

[2009/09/16 22:37:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Mozilla\Firefox\Profiles\bgtrn5xd.Utilisateur par défaut\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2008/09/09 19:46:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Mozilla\Firefox\Profiles\bgtrn5xd.Utilisateur par défaut\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}(2)

[2008/09/09 19:42:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Mozilla\Firefox\Profiles\bgtrn5xd.Utilisateur par défaut\extensions\{5c8bfb7c-9a54-11dc-8314-0800200c9a66}(2)

[2009/08/01 01:37:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Mozilla\Firefox\Profiles\bgtrn5xd.Utilisateur par défaut\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}

[2007/02/02 19:42:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Mozilla\Firefox\Profiles\bgtrn5xd.Utilisateur par défaut\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}(2)

[2008/09/16 21:55:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Mozilla\Firefox\Profiles\bgtrn5xd.Utilisateur par défaut\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}(2)

[2009/12/08 22:26:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Mozilla\Firefox\Profiles\bgtrn5xd.Utilisateur par défaut\extensions\{a51dd9d0-56c3-11db-b0de-0800200c9a66}

[2008/04/24 12:18:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Mozilla\Firefox\Profiles\bgtrn5xd.Utilisateur par défaut\extensions\{a8dd47cf-239f-48c4-8379-e6b4cbafdcfa}

[2009/06/30 22:32:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Mozilla\Firefox\Profiles\bgtrn5xd.Utilisateur par défaut\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}

[2009/12/08 22:26:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Mozilla\Firefox\Profiles\bgtrn5xd.Utilisateur par défaut\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}

[2009/10/26 11:46:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Mozilla\Firefox\Profiles\bgtrn5xd.Utilisateur par défaut\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2008/09/08 23:38:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Mozilla\Firefox\Profiles\bgtrn5xd.Utilisateur par défaut\extensions\firenes@facundo(2).zaldo

[2008/09/15 20:19:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Mozilla\Firefox\Profiles\bgtrn5xd.Utilisateur par défaut\extensions\piclens@cooliris(2).com

[2005/11/28 15:05:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Mozilla\Firefox\Profiles\wcyzk7ym.default\extensions

[2005/11/28 15:05:42 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/11/03 02:56:20 | 00,001,516 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

[2009/11/03 02:56:20 | 00,001,822 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

[2009/11/03 02:56:20 | 00,000,757 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

[2009/11/03 02:56:20 | 00,001,426 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

[2009/11/03 02:56:20 | 00,000,652 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Aide pour le lien d'Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O3 - HKLM\..\Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No CLSID value found.

O3 - HKCU\..\Toolbar\ShellBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar3.dll (Google Inc.)

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)

O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)

O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab (Minesweeper Flags Class)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/microsoftupdat...b?1230475553320 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1230475538219 (MUWebControl Class)

O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} http://62.201.137.56/mmawap/jsp/composer/p...r/mmsPlayer.cab (MMSPlayerX Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab (Shockwave Flash Object)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O24 - Desktop Components:0 (Ma page d'accueil) - About:Home

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - comfile [open] -- "%1" %*

O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: Ias - C:\WINDOWS\system32\ias [2003/09/01 12:49:08 | 00,000,000 | ---D | M]

NetSvcs: Iprip - File not found

NetSvcs: Irmon - C:\WINDOWS\system32\irmon.dll (Microsoft Corporation)

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)

NetSvcs: WmdmPmSp - File not found

NetSvcs: Ip6FwHlp - File not found

CREATERESTOREPOINT

Restore point Set: OTL Restore Point (66431543362453504)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/10 10:24:51 | 00,537,600 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Renard\Bureau\OTL.exe

[2009/12/10 10:22:37 | 00,793,600 | ---- | C] (Symantec Corporation) -- C:\Documents and Settings\Renard\Bureau\Norton_Removal_Tool.exe

[2009/12/10 10:05:29 | 00,087,552 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\VACFix.exe

[2009/12/10 10:05:29 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.C.exe

[2009/12/10 10:05:29 | 00,082,432 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\404Fix.exe

[2009/12/10 10:05:29 | 00,080,384 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\o4Patch.exe

[2009/12/10 10:05:29 | 00,078,336 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\Agent.OMZ.Fix.exe

[2009/12/10 10:05:28 | 00,289,144 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\VCCLSID.exe

[2009/12/10 10:05:28 | 00,288,417 | ---- | C] (S!Ri) -- C:\WINDOWS\System32\SrchSTS.exe

[2009/12/10 10:05:28 | 00,082,944 | ---- | C] (S!Ri.URZ) -- C:\WINDOWS\System32\IEDFix.exe

[2009/12/10 10:05:28 | 00,079,360 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swxcacls.exe

[2009/12/10 10:05:27 | 00,135,168 | ---- | C] (SteelWerX) -- C:\WINDOWS\System32\swreg.exe

[2009/12/10 10:05:27 | 00,053,248 | ---- | C] (http://www.beyondlogic.org) -- C:\WINDOWS\System32\Process.exe

[2009/12/10 10:04:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Renard\Bureau\SmitfraudFix

[2009/12/09 20:39:20 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Renard\Bureau\HiJackThis.exe

[2009/12/09 18:27:12 | 00,000,000 | RHSD | C] -- C:\cmdcons

[2009/12/09 18:25:16 | 00,000,000 | ---D | C] -- C:\ComboFix

[2009/12/09 17:02:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Renard\Application Data\Malwarebytes

[2009/12/09 17:02:01 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/12/09 17:01:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2009/12/09 17:01:54 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2009/12/09 17:01:53 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2009/12/09 16:59:06 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Renard\Bureau\mbam-setup.exe

[2009/12/09 14:29:22 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2009/12/09 14:29:22 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2009/12/09 14:29:22 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2009/12/09 14:29:21 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2009/12/09 14:28:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2009/12/09 14:25:42 | 00,000,000 | ---D | C] -- C:\Qoobox

[2009/12/08 22:26:02 | 00,000,000 | ---D | C] -- C:\Config.Msi

[2009/10/26 11:12:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla

[2009/09/13 20:48:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla

[2008/09/04 20:41:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2008/09/04 20:41:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2007/02/25 11:03:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7

[2006/11/17 19:28:49 | 00,127,059 | ---- | C] ( ) -- C:\WINDOWS\System32\DSLLK189.dll

[2006/05/29 17:25:24 | 00,689,152 | ---- | C] (Inekman) -- C:\Program Files\Xtremsplit.exe

[2006/01/16 19:46:40 | 00,184,320 | ---- | C] (www.n2jf.fr.st) -- C:\Program Files\cutkiller.exe

[2003/09/01 13:04:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft

[2003/09/01 13:04:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft

[2003/09/01 12:51:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft

[2003/09/01 12:51:24 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\Documents and Settings\Renard\Bureau\*.tmp files -> C:\Documents and Settings\Renard\Bureau\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/10 10:40:58 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2009/12/10 10:38:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2009/12/10 10:38:24 | 12,735,48800 | -HS- | M] () -- C:\hiberfil.sys

[2009/12/10 10:37:22 | 18,874,368 | ---- | M] () -- C:\Documents and Settings\Renard\ntuser.dat

[2009/12/10 10:37:22 | 00,000,284 | -HS- | M] () -- C:\Documents and Settings\Renard\ntuser.ini

[2009/12/10 10:37:06 | 19,312,930 | -H-- | M] () -- C:\Documents and Settings\Renard\Local Settings\Application Data\IconCache.db

[2009/12/10 10:24:54 | 00,537,600 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Renard\Bureau\OTL.exe

[2009/12/10 10:22:38 | 00,793,600 | ---- | M] (Symantec Corporation) -- C:\Documents and Settings\Renard\Bureau\Norton_Removal_Tool.exe

[2009/12/10 10:08:54 | 00,001,252 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg

[2009/12/10 10:04:48 | 01,872,472 | ---- | M] () -- C:\Documents and Settings\Renard\Bureau\SmitfraudFix.exe

[2009/12/09 22:00:50 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2009/12/09 20:39:20 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Renard\Bureau\HiJackThis.exe

[2009/12/09 18:57:10 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2009/12/09 18:27:32 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI

[2009/12/09 17:02:08 | 00,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2009/12/09 16:59:32 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Renard\Bureau\mbam-setup.exe

[2009/12/09 14:24:28 | 03,845,352 | R--- | M] () -- C:\Documents and Settings\Renard\Bureau\ComboFix.exe

[2009/12/09 11:18:38 | 00,001,240 | ---- | M] () -- C:\WINDOWS\win.ini

[2009/12/09 11:18:38 | 00,000,211 | ---- | M] () -- C:\Boot.bak

[2009/12/09 00:14:16 | 00,260,096 | ---- | M] () -- C:\WINDOWS\PEV.exe

[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[2 C:\Documents and Settings\Renard\Bureau\*.tmp files -> C:\Documents and Settings\Renard\Bureau\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/10 10:08:52 | 00,001,252 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg

[2009/12/10 10:05:28 | 00,075,776 | ---- | C] () -- C:\WINDOWS\System32\WS2Fix.exe

[2009/12/10 10:05:28 | 00,051,200 | ---- | C] () -- C:\WINDOWS\System32\dumphive.exe

[2009/12/10 10:05:28 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\swsc.exe

[2009/12/10 10:04:41 | 01,872,472 | ---- | C] () -- C:\Documents and Settings\Renard\Bureau\SmitfraudFix.exe

[2009/12/09 18:27:29 | 00,000,211 | ---- | C] () -- C:\Boot.bak

[2009/12/09 18:27:18 | 00,263,488 | ---- | C] () -- C:\cmldr

[2009/12/09 17:02:06 | 00,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk

[2009/12/09 14:29:22 | 00,260,096 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2009/12/09 14:29:22 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2009/12/09 14:29:22 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2009/12/09 14:29:22 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2009/12/09 14:29:22 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2009/12/09 14:24:08 | 03,845,352 | R--- | C] () -- C:\Documents and Settings\Renard\Bureau\ComboFix.exe

[2009/12/08 22:37:42 | 12,735,48800 | -HS- | C] () -- C:\hiberfil.sys

[2009/04/25 06:56:00 | 00,222,288 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2009/03/22 19:08:52 | 00,000,341 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2008/09/23 19:48:34 | 01,970,176 | ---- | C] () -- C:\WINDOWS\System32\d3dx9.dll

[2008/01/24 19:15:36 | 00,000,032 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ezsid.dat

[2007/10/21 13:26:25 | 00,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2007/05/11 16:12:54 | 00,057,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2007/04/18 08:24:33 | 00,000,129 | ---- | C] () -- C:\Documents and Settings\Renard\Local Settings\Application Data\fusioncache.dat

[2007/01/04 21:26:18 | 00,001,377 | ---- | C] () -- C:\WINDOWS\declic.ini

[2006/12/29 13:17:10 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll

[2006/12/17 21:03:14 | 00,014,848 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll

[2006/10/27 08:26:56 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll

[2006/07/16 22:14:16 | 00,001,061 | ---- | C] () -- C:\WINDOWS\ARCHPR.INI

[2006/06/24 06:42:14 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll

[2006/06/04 16:10:34 | 00,000,383 | ---- | C] () -- C:\WINDOWS\w32dasm8.ini

[2006/06/04 15:15:50 | 00,000,365 | ---- | C] () -- C:\WINDOWS\CrypTool.INI

[2006/06/03 16:24:56 | 00,007,168 | ---- | C] () -- C:\WINDOWS\System32\Pbpr01sw.dll

[2006/06/03 16:24:48 | 00,000,030 | ---- | C] () -- C:\WINDOWS\SWPRODPB.INI

[2006/05/21 14:01:36 | 00,000,127 | ---- | C] () -- C:\WINDOWS\csmash.ini

[2006/05/21 12:31:14 | 00,017,920 | ---- | C] () -- C:\WINDOWS\System32\wnaspi32.dll

[2006/05/10 11:26:37 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini

[2006/03/25 11:10:28 | 00,044,544 | R--- | C] () -- C:\WINDOWS\System32\gif89.dll

[2006/03/25 11:06:32 | 00,000,195 | ---- | C] () -- C:\WINDOWS\SIERRA.INI

[2006/02/09 19:32:51 | 00,001,353 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2006/01/08 00:26:31 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\Rey_SubClasser.dll

[2005/12/18 20:33:56 | 00,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\enodpl.sys

[2005/12/18 20:33:54 | 00,004,736 | ---- | C] () -- C:\WINDOWS\System32\drivers\tandpl.sys

[2005/12/09 13:27:56 | 00,000,093 | ---- | C] () -- C:\WINDOWS\cdplayer.ini

[2005/12/05 12:39:39 | 00,000,067 | ---- | C] () -- C:\WINDOWS\StationRipper.INI

[2005/12/01 00:05:35 | 00,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI

[2005/11/30 19:27:58 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini

[2005/11/29 15:38:37 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2005/11/29 15:20:56 | 00,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI

[2005/11/29 15:12:24 | 00,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll

[2005/11/29 15:12:24 | 00,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini

[2005/11/29 15:11:53 | 00,000,022 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini

[2005/11/29 15:09:13 | 00,000,027 | ---- | C] () -- C:\WINDOWS\CDE P4180EFI.ini

[2005/11/29 13:04:03 | 00,229,376 | ---- | C] () -- C:\Documents and Settings\Renard\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2005/11/28 16:51:21 | 00,013,312 | ---- | C] () -- C:\WINDOWS\System32\MSDMO(2).DLL

[2004/12/20 11:08:28 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2004/12/20 11:03:26 | 00,745,472 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2004/12/17 17:14:44 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys

[2004/09/21 15:09:24 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\ErrorHandler.dll

[2004/08/10 20:39:04 | 00,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll

[2004/03/22 16:15:48 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\MCS.dll

[2003/11/10 12:31:16 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4Tools.dll

[2003/11/10 12:30:56 | 00,528,384 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4System.dll

[2003/11/10 12:30:26 | 00,139,264 | ---- | C] () -- C:\WINDOWS\System32\Mpeg4DSF.dll

[2003/11/07 22:04:56 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\AMRDSF.dll

[2003/11/07 22:04:34 | 00,225,280 | ---- | C] () -- C:\WINDOWS\System32\AMR.dll

[2003/09/01 16:19:25 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2003/09/01 14:01:15 | 00,000,051 | ---- | C] () -- C:\WINDOWS\Aspire 1350.ini

[2003/09/01 13:33:35 | 00,017,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\frmupgr.sys

[2003/09/01 13:33:34 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\btw_ci.dll

[2003/09/01 13:33:34 | 00,051,208 | ---- | C] () -- C:\WINDOWS\System32\drivers\btwusb.sys

[2003/09/01 13:30:56 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll

[2003/09/01 13:30:12 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll

[2003/09/01 13:28:55 | 00,000,042 | ---- | C] () -- C:\WINDOWS\AcrobatSetupStatus.ini

[2003/09/01 13:16:35 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini

[2003/09/01 13:06:05 | 00,037,684 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2003/09/01 13:06:05 | 00,000,240 | ---- | C] () -- C:\WINDOWS\PQDISK.INI

[2003/08/18 01:39:56 | 00,000,083 | ---- | C] () -- C:\WINDOWS\alaunch.ini

[2003/04/01 10:58:02 | 00,005,260 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

[2002/12/14 22:46:02 | 00,237,568 | ---- | C] () -- C:\WINDOWS\System32\oggDS.dll

[2002/12/14 22:46:02 | 00,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2002/12/14 22:46:02 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[2002/12/14 21:46:04 | 00,921,600 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll

[2002/11/15 13:11:26 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll

[2001/12/26 16:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll

[2001/09/03 23:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll

[2001/07/30 16:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll

[2001/07/23 22:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll

[1996/04/03 21:33:26 | 00,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

[1980/01/01 00:00:00 | 00,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll

========== LOP Check ==========

[2006/12/17 20:49:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2007/01/17 22:15:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker

[2007/02/25 11:03:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft

[2007/02/25 11:03:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG7

[2007/08/12 17:36:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software

[2009/11/05 16:06:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite

[2005/11/29 15:20:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Smart Panel

[2005/12/07 19:36:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\EPSON

[2006/04/22 13:34:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\.gaim

[2006/04/29 14:18:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Leadertech

[2006/11/30 20:14:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Nvu

[2007/01/17 22:15:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\IconTweaker

[2007/06/10 19:52:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Aladdin Systems

[2007/08/12 17:37:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\TuneUp Software

[2007/10/03 18:42:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Mp3tag

[2007/12/05 19:45:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\gtk-2.0

[2008/01/14 16:55:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\uTorrent

[2008/01/27 13:34:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\FMZilla

[2008/07/18 17:33:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Thunderbird

[2008/09/21 23:57:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\albumart

[2008/10/05 15:11:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Opera

[2008/10/14 20:40:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\Notepad++

[2008/11/20 18:53:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\FileZilla

[2008/11/23 08:42:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\DAEMON Tools

[2009/11/05 16:06:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Renard\Application Data\DAEMON Tools Lite

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >

[2008/04/13 11:36:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys

[2008/04/13 11:36:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys

[2008/04/13 11:36:40 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >

[2003/04/24 12:00:00 | 00,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

[2009/12/09 18:34:02 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys

[2008/04/13 11:40:32 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys

[2009/12/09 18:34:02 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys

[2009/12/09 18:34:02 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys

< MD5 for: EVENTLOG.DLL >

[2008/04/13 19:33:26 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ERDNT\cache\eventlog.dll

[2008/04/13 19:33:26 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll

[2008/04/13 19:33:26 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=4EC800BDF80521B0207BD2301DFC7D14 -- C:\WINDOWS\system32\eventlog.dll

[2003/04/24 12:00:00 | 00,049,152 | ---- | M] (Microsoft Corporation) MD5=B1F4DD70AD2DF7B98C8323394D370B2A -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >

[2008/04/13 19:33:36 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ERDNT\cache\netlogon.dll

[2008/04/13 19:33:36 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll

[2008/04/13 19:33:36 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=04821179C3171554C1BD1F9888A113E2 -- C:\WINDOWS\system32\netlogon.dll

[2003/04/24 12:00:00 | 00,399,360 | ---- | M] (Microsoft Corporation) MD5=B05A56408A75A75345D399986751DDB7 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >

[2003/04/24 12:00:00 | 00,180,736 | ---- | M] (Microsoft Corporation) MD5=11F7656C69DA4CFB022CEC5445A647E8 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll

[2008/04/13 19:33:42 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ERDNT\cache\scecli.dll

[2008/04/13 19:33:42 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll

[2008/04/13 19:33:42 | 00,187,392 | ---- | M] (Microsoft Corporation) MD5=973B36634C544948C663E8269AA1B3A3 -- C:\WINDOWS\system32\scecli.dll

< End of report >

et le rapport extra:

OTL Extras logfile created on: 10/12/2009 10:43:58 - Run 1

OTL by OldTimer - Version 3.1.14.0 Folder = C:\Documents and Settings\Renard\Bureau

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

1,19 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 67,46% Memory free

1,74 Gb Paging File | 1,46 Gb Available in Paging File | 84,23% Paging File free

Paging file location(s): C:\pagefile.sys 700 800 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 27,47 Gb Total Space | 11,41 Gb Free Space | 41,53% Space Free | Partition Type: FAT32

Drive D: | 9,76 Gb Total Space | 4,09 Gb Free Space | 41,96% Space Free | Partition Type: FAT32

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: ACER

Current User Name: Renard

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 14 Days

Output = Standard

Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1

.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)

Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)

Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)

Directory [Personnalisation] -- IESHWIZ.EXE %1 (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)

CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe"

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 1

"AntiVirusOverride" = 1

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:1\Program Files\eMule\emule.exe" = C:1\Program Files\eMule\emule.exe:*:Enabled:emule.exe

"C:\Program Files\EasyPHP 3.0\mysql\bin\mysqld.exe" = C:\Program Files\EasyPHP 3.0\mysql\bin\mysqld.exe:*:Enabled:mysqld -- ()

"C:\Program Files\FileZilla FTP Client\filezilla.exe" = C:\Program Files\FileZilla FTP Client\filezilla.exe:*:Enabled:FileZilla FTP Client -- (FileZilla Project)

"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord

"{0BD83598-C2EF-3343-847B-7D2E84599128}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - FRA

"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth

"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{236BB7C4-4419-42FD-040C-1E257A25E34D}" = Adobe Photoshop CS2

"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1

"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6

"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types

"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3E31821C-7917-367E-938E-E65FC413EA31}" = Microsoft .NET Framework 3.5 Language Pack SP1 - fra

"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2

"{46518D5F-D910-44C1-AACA-FD18742403A3}" = CamMaestro 1.0.2.4 Build 390P

"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC

"{556EEE74-6788-4292-8252-8B17E2C7952A}" = Photosynth 2.0.1403.5

"{58FD9176-17BF-4D9A-8773-5ECA2947D391}" = Microsoft SQL Server Compact 3.5 SP1 - Français

"{5D26BF7B-BEF6-477D-8FC1-0C1C159B6364}_is1" = Quicksys RegDefrag 2.1

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel

"{72AD53CC-CCC0-3757-8480-9EE176866A7C}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - FRA

"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0

"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task

"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer

"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS

"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library

"{9312B85C-1D14-422D-81C8-8EEF4E3D27EF}" = NTI CD & DVD-Maker Gold

"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A5D20C78-D226-4B41-A553-EEEBEB824853}" = Outils de conception SQL Server Compact 3.5 SP1 - Français

"{AC76BA86-7AD7-1036-7B44-A81300000003}" = Adobe Reader 8.1.4 - Français

"{B3940EA5-7872-487E-AF15-CF20DBD65F1B}" = RapidLeecher

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B74D4E10-6884-0000-0000-000000000101}" = Adobe Bridge 1.0

"{BF448A52-C83E-455D-B5D3-FD9E964C9419}" = Sygate Personal Firewall Pro

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC

"{CB2174B0-F84A-11D4-ACAB-000000120080}" = GNAT GPL Ada Development Environment 2008

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus

"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0

"{F5346614-B7C4-4E94-826A-E2363155233D}" = EasyCleaner

"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects

"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio

"{FB8148DD-C575-4B0A-9F6C-0CFC46937930}" = Opera 10.10

"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows

"7-Zip" = 7-Zip 4.62

"AC3Filter" = AC3Filter (remove only)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-040C-1E257A25E34D}" = Adobe Photoshop CS2

"Adobe Shockwave Player" = Adobe Shockwave Player 11

"Agere Systems Soft Modem" = Agere Systems AC'97 Modem

"Aspire 1350" = Aspire 1350

"avast!" = avast! Antivirus

"AviSynth" = AviSynth 2.5

"Cheat Engine 5.4_is1" = Cheat Engine 5.4

"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)

"DioneSS Playlist Editor_is1" = DioneSS Playlist Editor v3.0

"DivX Codec" = DivX Pro Codec

"EPSON Printer and Utilities" = EPSON Logiciel imprimante

"EPSON Scanner" = EPSON Scan

"FastStone Image Viewer" = FastStone Image Viewer 3.5

"FileZilla Client" = FileZilla Client 3.2.8.1

"FileZilla Server" = FileZilla Server (remove only)

"GTK 2.0" = Bibliothèques GTK+ 2.6.9 rev a (supprimer uniquement)

"HijackThis" = HijackThis 2.0.2

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie7" = Windows Internet Explorer 7

"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1

"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX

"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX

"InstallShield_{46518D5F-D910-44C1-AACA-FD18742403A3}" = CamMaestro 1.0.2.4 Build 390P

"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX

"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX

"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX

"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library

"InstallShield_{9312B85C-1D14-422D-81C8-8EEF4E3D27EF}" = NTI CD & DVD-Maker Gold

"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX

"LameACM" = Lame ACM MP3 Codec

"LeechFTP" = LeechFTP MP3 CODE

"LManager" = Launch Manager

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MediaMonkey_is1" = MediaMonkey 3.1

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - fra" = Module linguistique Microsoft .NET Framework 3.5 SP1- fra

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.5.5)" = Mozilla Firefox (3.5.5)

"Mozilla Thunderbird (2.0.0.17)" = Mozilla Thunderbird (2.0.0.17)

"Mp3tag" = Mp3tag v2.39

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"Notepad++" = Notepad++

"OggDS" = Direct Show Ogg Vorbis Filter (remove only)

"PERF4180P Guide de référence" = PERF4180P Guide de référence

"RocketDock_is1" = RocketDock 1.2.5

"ShockwaveFlash" = Macromedia Flash Player 8

"SLD Codec Pack" = SLD Codec Pack

"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Unlocker" = Unlocker 1.8.7

"Vista Drive Icon" = Vista Drive Icon 1.3

"VLC media player" = VLC media player 0.9.4

"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter

"VTDisplay" = S3 S3Display

"VTGamma2" = S3 S3Gamma2

"VTInfo2" = S3 S3Info2

"VTOverlay" = S3 S3Overlay

"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

"Winamp" = Winamp

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Lecteur Windows Media 11

"Windows XP Service" = Windows XP Service Pack 3

"WinRAR archiver" = Archiveur WinRAR

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0

"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"IconTweaker" = IconTweaker 1.11

"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]

Error - 08/09/2008 15:24:59 | Computer Name = ACER-86U03S59CR | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

http://mirror.switch.ch/ftp/mirror/knoppix...07-01-04-EN.iso failed,

00000084.

Error - 17/09/2008 07:20:35 | Computer Name = ACER-86U03S59CR | Source = avast! | ID = 33554522

Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.

Error - 17/09/2008 07:20:35 | Computer Name = ACER-86U03S59CR | Source = avast! | ID = 33554522

Description = During the parsing of C:\Program Files\Alwil Software\Avast4\deftasks.xml

XML document, following error occurred: C.

Error - 17/09/2008 12:16:30 | Computer Name = ACER-86U03S59CR | Source = avast! | ID = 33554522

Description = AAVM - initialization error: AavmStart: avworkInitialize failed, 0000A438.

Error - 17/09/2008 12:16:30 | Computer Name = ACER-86U03S59CR | Source = avast! | ID = 33554522

Description = During the parsing of C:\Program Files\Alwil Software\Avast4\deftasks.xml

XML document, following error occurred: C.

Error - 12/11/2009 16:32:01 | Computer Name = ACER | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Documents and Settings\Renard\Application Data\Mozilla\Firefox\Profiles\bgtrn5xd.Utilisateur

par défaut\sessionstore-1.js failed, 0000A413.

Error - 12/11/2009 16:32:01 | Computer Name = ACER | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Documents and Settings\Renard\Application Data\Mozilla\Firefox\Profiles\bgtrn5xd.Utilisateur

par défaut\sessionstore.js failed, 0000A413.

Error - 12/11/2009 16:32:11 | Computer Name = ACER | Source = avast! | ID = 33554522

Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of

C:\Documents and Settings\Renard\Application Data\Mozilla\Firefox\Profiles\bgtrn5xd.Utilisateur

par défaut\sessionstore.js failed, 0000A413.

Error - 08/12/2009 16:39:32 | Computer Name = ACER | Source = avast! | ID = 33554522

Description = Internal error has occurred in module aswar scan function failed!,

function 00000002.

Error - 08/12/2009 16:44:38 | Computer Name = ACER | Source = avast! | ID = 33554522

Description = Internal error has occurred in module aswar scan function failed!,

function 00000002.

[ Application Events ]

Error - 19/07/2009 15:33:34 | Computer Name = ACER | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>'>http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.

Error - 21/07/2009 16:11:31 | Computer Name = ACER | Source = Application Error | ID = 1000

Description = Application défaillante opera.exe, version 9.64.10487.0, module défaillant

opera.dll, version 9.64.10487.0, adresse de défaillance 0x0023d81b.

Error - 04/08/2009 17:54:42 | Computer Name = ACER | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.

Error - 24/10/2009 05:57:28 | Computer Name = ACER | Source = MsiInstaller | ID = 1013

Description = Product: Zune -- DriverCA 11:57:19.146: Operation 'InstallHardwareDriver'

has finished with result 0x80070057.

Error - 24/10/2009 06:01:11 | Computer Name = ACER | Source = MsiInstaller | ID = 1013

Description = Product: Zune -- DriverCA 11:58:43.748: Operation 'InstallHardwareDriver'

has finished with result 0x80070057.

Error - 24/10/2009 06:01:24 | Computer Name = ACER | Source = MsiInstaller | ID = 11327

Description = Produit : Zune Language Pack (FR) -- Erreur 1327. Lecteur g:\ non

valide.

Error - 24/10/2009 11:09:22 | Computer Name = ACER | Source = SmcService | ID = 0

Description =

Error - 24/10/2009 11:09:40 | Computer Name = ACER | Source = SmcService | ID = 0

Description =

Error - 24/10/2009 12:58:50 | Computer Name = ACER | Source = SmcService | ID = 0

Description =

Error - 10/12/2009 05:34:13 | Computer Name = ACER | Source = crypt32 | ID = 131080

Description = Échec de la récupération de la mise à jour automatique du numéro de

séquence de la liste racine tierce partie à partir de : <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

avec l'erreur : Cette opération s'est terminée car le délai d'attente a expiré.

[ System Events ]

Error - 10/12/2009 05:28:46 | Computer Name = ACER | Source = Service Control Manager | ID = 7000

Description = Le service Zune Bus Enumerator Driver n'a pas pu démarrer en raison

de l'erreur : %%2

Error - 10/12/2009 05:28:46 | Computer Name = ACER | Source = Service Control Manager | ID = 7001

Description = Le service Hôte de périphérique universel Plug-and-Play dépend du

service Service de découvertes SSDP qui n'a pas pu démarrer en raison de l'erreur :

%%1058

Error - 10/12/2009 05:28:51 | Computer Name = ACER | Source = Service Control Manager | ID = 7026

Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se

charger : sptd

Error - 10/12/2009 05:29:02 | Computer Name = ACER | Source = RemoteAccess | ID = 20106

Description = Impossible d'ajouter l'interface {C5C6ADCC-E730-4713-A3E3-BD77E7429244}

avec le Gestionnaire de routage pour le protocole IP. L'erreur suivante s'est produite

: Impossible d'accomplir cette fonction.

Error - 10/12/2009 05:38:49 | Computer Name = ACER | Source = Ftdisk | ID = 262189

Description = Le système n'a pas pu charger le pilote du fichier de vidage sur incident.

Error - 10/12/2009 05:38:49 | Computer Name = ACER | Source = Ftdisk | ID = 262193

Description = Échec de la configuration du fichier d'échange pour le vidage sur

incident. Assurez-vous qu'un fichier d'échange est présent sur la partition d'amorçage

et

qu'il est suffisamment grand pour contenir toute la mémoire physique.

Error - 10/12/2009 05:39:48 | Computer Name = ACER | Source = Service Control Manager | ID = 7000

Description = Le service Zune Bus Enumerator Driver n'a pas pu démarrer en raison

de l'erreur : %%2

Error - 10/12/2009 05:39:48 | Computer Name = ACER | Source = Service Control Manager | ID = 7001

Description = Le service Hôte de périphérique universel Plug-and-Play dépend du

service Service de découvertes SSDP qui n'a pas pu démarrer en raison de l'erreur :

%%1058

Error - 10/12/2009 05:39:53 | Computer Name = ACER | Source = Service Control Manager | ID = 7026

Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se

charger : sptd

Error - 10/12/2009 05:40:45 | Computer Name = ACER | Source = RemoteAccess | ID = 20106

Description = Impossible d'ajouter l'interface {C5C6ADCC-E730-4713-A3E3-BD77E7429244}

avec le Gestionnaire de routage pour le protocole IP. L'erreur suivante s'est produite

: Impossible d'accomplir cette fonction.

< End of report >

Bon courage e encore merci.

firefox18 · le 10 décembre 2009

Sinon j'ai trouvé ça avec tes indications sur mon fichier patché.

http://forum.malekal.com/trojan-alureon-tr...dss-t21456.html

je voulais savoir si je pouvais me servir de son outil dans mon cas.

Le sioux · le 10 décembre 2009

Re

/!\ Ne prends pas d'initiatives hasardeuses stp./!\

La méthode décrite concerne un rootkit TDSS, rien n'est prouvé pour l'instant que ce soit ton cas, donc nous n'utiliserons pas TDSSKiller ou TDSSRemover entre autre

(A noter que le rapport OTL semble montré que atapi.sys n'est plus patché)

Je regarde tes rapports, mais comme tu as pu le constaté, ils sont légèrement indigestes : il me faut du temps pour ne pas passer à coté de quelque chose...

En attendant :

* Tu peux tenter de retrouver le rapport du second passage de ComboFix, tudis l'avoir exécuté deux fois, c'est apparemment le 1er rapport de cet outil:

J'ai lu différent posts et j'ai exécuté Combofix (2 fois) mais je suis incapable d'analyser le rapport

Regarde à la racine de ton disque C ou dans C:\qoobox si tu peux trouver cela.

* Tu peux faire ceci également stp :

Rends toi sur VirusTotal

Clique sur "Parcourir" et sélectionne le fichier en gras :

C:\WINDOWS\SlantAdj.dll
Recherche le fichier à analyser, puis clique ensuite sur " Envoyer le fichier".
Si VirusTotal dit que le fichier a déjà été analysé, clique sur "Ré-analyser le fichier maintenant".
Il faut patienter car tu es sur une file d'attente.
Le rapport ne sera complet que lorsque tu verras la mention "Terminé"sur la droite.
Tuto : http://forum.pcastuces.com/scan_chez_virus_total-f31s15.htm (Merci à Philae)
Note : Il est possible que tu aies besoin d'avoir accès aux dossiers et fichiers cachés, pour cela "Affiche les dossiers cachés".
Aide toi de B ) ici http://forum.pcastuces.com/afficher_les_do...ches-f31s42.htm si besoin.
Poste le rapport en réponse stp.
Re-cache les fichiers et dossiers cachés par la suite pour éviter de faire des bêtises

@ suivre

Modifié le 10 décembre 2009 par Le sioux

firefox18 · le 10 décembre 2009

Voilà les dernières nouvelles:

Fichier SlantAdj.dll reçu le 2009.12.10 10:58:14 (UTC)

Situation actuelle: terminé NON TROUVE

Résultat: 0/41 (0%)

pour combofix c'est bien le dernier rapport que j'ai posté.

Modifié le 10 décembre 2009 par firefox18

Le sioux · le 10 décembre 2009

Re

Autant pour moi, je commence à fatiguer pas tarder à aller dormir...

D'après l'entête du rapport :

ComboFix 09-12-08.04 - Renard 09/12/2009 18:41:38.3.1 - FAT32x86

Tu l'aurai lancé 3 fois et c'est bien le dernier rapport, je veux donc bien les deux premiers

@ plus.

firefox18 · le 10 décembre 2009

Oui j'ai vu ça! en fait j'ai galéré pour installer la console de récupération c'est pour ça!

sinon les rapports:

ComboFix 09-12-08.04 - Renard 09/12/2009 14:44:05.1.1 - FAT32x86

Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1214.789 [GMT 1:00]

Lancé depuis: c:\documents and settings\Renard\Bureau\ComboFix.exe

AV: avast! antivirus 4.8.1356 [VPS 091209-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: Norton AntiVirus 2005 *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Internet Worm Protection *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\Ijl11.dll

Une copie infectée de c:\windows\system32\DRIVERS\atapi.sys a été trouvée et désinfectée

Copie restaurée à partir de - Kitty ate it

.

((((((((((((((((((((((((((((( Fichiers créés du 2009-11-09 au 2009-12-09 ))))))))))))))))))))))))))))))))))))

.

2009-12-09 13:24 . 2009-12-09 15:59 -------- d-----w- C:\32788R22FWJFW

2009-12-08 21:35 . 2009-12-08 21:35 -------- d-----w- c:\windows\system32\wbem\Repository

2009-11-13 09:54 . 2009-11-13 09:54 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 2(2)

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-12-09 13:37 . 2007-10-21 12:26 96512 ----a-w- c:\windows\system32\drivers\atapi.sys