infection FraudLo.sxm

Bonjour,
depuis quelques jours mon ordinateurest infecté par de nombreux virus, dont TR/Dldr.FraudLo.sxm
j'ai essayé avast, antivir, norton, anti-malwarebytes, spybot et des antivirus en ligne mais rien n'y fait.
Je vous poste ci-dessous les rapports HiJackThis et OldTimer, si quelqu'un veut bien avoir la gentillesse de me dire quoi faire après... je ne sais pas du tout analyser ces rapports (mais j'aimerai apprendre si vous êtes motivés pour m'expliquer).
Merci d'avance



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:31, on 21/08/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\msword98.exe
C:\WINDOWS\system32\msword98.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Documents and Settings\Administrateur\msword98.exe
C:\Documents and Settings\Administrateur\msword98.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [msword98] C:\WINDOWS\system32\msword98.exe
O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msword98] C:\Documents and Settings\Administrateur\msword98.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [braviax] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ikowin32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetecti(...)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Files Management Service (mscicosd) - Unknown owner - C:\WINDOWS\system32\mscico.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9034 bytes

OTL logfile created on: 21/08/2009 18:05:17 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

502,79 Mb Total Physical Memory | 83,64 Mb Available Physical Memory | 16,64% Memory free
1,94 Gb Paging File | 1,40 Gb Available in Paging File | 72,25% Paging File free
Paging file location(s): C:\pagefile.sys 1512 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76,32 Gb Total Space | 11,20 Gb Free Space | 14,68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
PRC - C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
PRC - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
PRC - C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
PRC - C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
PRC - C:\WINDOWS\System32\msword98.exe ()
PRC - C:\WINDOWS\System32\msword98.exe ()
PRC - C:\Program Files\Brother\ControlCenter3\brccMCtl.exe (Brother Industries, Ltd.)
PRC - C:\Documents and Settings\Administrateur\msword98.exe ()
PRC - C:\Documents and Settings\Administrateur\msword98.exe ()
PRC - C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe (Brother Industries, Ltd.)
PRC - C:\Program Files\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
PRC - C:\WINDOWS\System32\braviax.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir PersonalEdition Classic\GUARDGUI.EXE (Avira GmbH)
PRC - C:\Program Files\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.)
PRC - C:\Documents and Settings\Administrateur\Bureau\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (a2AntiMalware [Auto | Running]) -- C:\Program Files\a-squared Anti-Malware\a2service.exe (Emsi Software GmbH)
SRV - (aawservice [Disabled | Stopped]) -- C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe (Lavasoft)
SRV - (AntiVirScheduler [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (brmfrmps [Disabled | Stopped]) -- C:\WINDOWS\System32\Brmfrmps.exe (Brother Industries, Ltd.)
SRV - (Brother XP spl Service [Disabled | Stopped]) -- C:\WINDOWS\System32\brsvc01a.exe (brother Industries Ltd)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (Irmon [Auto | Running]) -- C:\WINDOWS\System32\irmon.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (maconfservice [On_Demand | Stopped]) -- C:\Program Files\ma-config.com\maconfservice.exe (CybelSoft)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe (Microsoft Corporation)
SRV - (mscicosd [Auto | Stopped]) -- File not found
SRV - (NMIndexingService [Disabled | Stopped]) -- File not found
SRV - (NVSvc [Auto | Stopped]) -- C:\WINDOWS\System32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ServiceLayer [On_Demand | Running]) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (SmcService [On_Demand | Stopped]) -- C:\Program Files\Sygate\SPF\smc.exe (Sygate Technologies, Inc.)
SRV - (SymWSC [Auto | Stopped]) -- C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe (Symantec Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ALCXWDM [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (Aspi32 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aspi32.sys (Adaptec)
DRV - (atapi [Boot | Running]) -- C:\WINDOWS\System32\drivers\atapi.sys ()
DRV - (atksgt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\atksgt.sys ()
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (avgntflt [On_Demand | Running]) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (brfilt [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\Brfilt.sys (Brother Industries Ltd.)
DRV - (BrScnUsb [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys (Brother Industries Ltd.)
DRV - (BrSerWDM [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbScn [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\BrUsbScn.sys (Brother Industries Ltd.)
DRV - (cmuda [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\cmuda.sys (C-Media Inc)
DRV - (d346bus [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\d346bus.sys ( )
DRV - (d346prt [Boot | Running]) -- C:\WINDOWS\System32\Drivers\d346prt.sys ( )
DRV - (driverhardwarev2 [On_Demand | Stopped]) -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys (Ma-Config.com)
DRV - (fbxusb [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fbxusb32.sys (FreeBox SA)
DRV - (hwpsgt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\hwpsgt.sys ()
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (irsir [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\irsir.sys (Microsoft Corporation)
DRV - (lemsgt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\lemsgt.sys ()
DRV - (lirsgt [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\lirsgt.sys ()
DRV - (mf [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\mf.sys (Microsoft Corporation)
DRV - (nmwcd [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nmwcd.sys (Nokia)
DRV - (nmwcdc [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nmwcdc.sys (Nokia)
DRV - (nmwcdcj [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nmwcdcj.sys (Nokia)
DRV - (nmwcdcm [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\nmwcdcm.sys (Nokia)
DRV - (Ntfs [Disabled | Running]) -- C:\WINDOWS\System32\drivers\ntfs.sys ()
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (pavboot [Boot | Running]) -- C:\WINDOWS\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (ProtoWall [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\ProtoWall.sys ()
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (rtl8139 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sfdrv01 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology)
DRV - (sfhlp02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology)
DRV - (sfsync02 [Boot | Running]) -- C:\WINDOWS\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (ssmdrv [System | Running]) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys (AVIRA GmbH)
DRV - (Teefer [Boot | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (VIAudio [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (wg3n [Auto | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.)
DRV - (wg4n [Auto | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.)
DRV - (wg5n [Auto | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.)
DRV - (wg6n [Auto | Running]) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.)
DRV - (wpsdrvnt [System | Running]) -- C:\WINDOWS\System32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1715567821-2052111302-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1715567821-2052111302-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1715567821-2052111302-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-21-1715567821-2052111302-725345543-500\S-1-5-21-1715567821-2052111302-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/11/04 14:08:49 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/10 23:34:39 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.12\Extensions\\Components: C:\Program Files\Mozilla Firefox\components\ [2009/07/06 18:35:45 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 1.5.0.12\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins\ [2009/07/06 18:35:45 | 00,000,000 | ---D | M]

[2009/08/15 12:20:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\mozilla\Firefox\Profiles\9id2a3ig.default\extensions
[2007/12/19 13:55:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\mozilla\Firefox\Profiles\9id2a3ig.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2007/06/20 07:50:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\mozilla\Firefox\Profiles\9id2a3ig.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/11/24 20:29:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\mozilla\Firefox\Profiles\9id2a3ig.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}
[2009/08/15 12:18:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\mozilla\Firefox\Profiles\9id2a3ig.default\extensions\fsonlinescanner@f-secure.com
[2009/08/15 12:18:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\mozilla\Firefox\Profiles\9id2a3ig.default\extensions\staged-xpis
[2008/07/25 00:43:05 | 00,000,998 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\9id2a3ig.default\searchplugins\aolsearch.gif
[2008/07/25 00:43:05 | 00,000,294 | ---- | M] () -- C:\Documents and Settings\Administrateur\Application Data\Mozilla\FireFox\Profiles\9id2a3ig.default\searchplugins\aolsearch.src
[2009/08/15 12:20:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2007/01/16 22:32:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2007/05/31 23:38:54 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/10 23:34:58 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2007/05/31 23:38:44 | 00,061,038 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2007/05/31 23:38:45 | 00,049,256 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2007/05/31 23:38:46 | 00,166,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2007/04/30 17:29:22 | 00,049,152 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\np32dsw.dll
[2009/03/10 23:34:38 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2006/12/12 10:48:22 | 01,440,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll
[2007/03/23 00:55:21 | 00,114,688 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2007/05/31 23:38:52 | 00,017,032 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/11/04 14:08:26 | 00,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nppl3260.dll
[2007/03/06 00:51:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2007/03/06 00:51:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2007/03/06 00:51:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2007/03/06 00:51:44 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2007/03/06 00:51:45 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2007/03/06 00:51:45 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2007/03/06 00:51:45 | 00,131,072 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2008/11/04 14:09:06 | 00,008,192 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprjplug.dll
[2008/11/04 14:07:35 | 00,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mozilla firefox\plugins\nprpjplug.dll
[2006/11/09 16:20:40 | 02,111,096 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2009/03/24 11:10:44 | 00,114,688 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2007/01/18 21:14:56 | 00,000,680 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.png
[2007/01/18 21:14:56 | 00,000,782 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-france.src
[2008/01/31 14:16:57 | 00,002,151 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2007/01/18 21:14:56 | 00,000,210 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.gif
[2007/01/18 21:14:57 | 00,001,081 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-france.src
[2007/01/18 21:14:57 | 00,001,076 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2007/01/18 21:14:57 | 00,000,718 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2007/01/18 21:14:57 | 00,000,115 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.gif
[2007/01/18 21:14:57 | 00,000,686 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\MediaDICO-fr.src
[2007/01/18 21:14:57 | 00,000,459 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.png
[2007/01/18 21:14:57 | 00,001,457 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-fr.src
[2007/01/18 21:14:57 | 00,000,088 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.gif
[2007/01/18 21:14:57 | 00,001,221 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-france.src

O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1715567821-2052111302-725345543-500\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-1715567821-2052111302-725345543-500\..\Toolbar\WebBrowser: (no name) - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - No CLSID value found.
O3 - HKU\S-1-5-21-1715567821-2052111302-725345543-500\..\Toolbar\WebBrowser: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [a-squared] C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe (Emsi Software GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [braviax] File not found
O4 - HKLM..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [msword98] C:\WINDOWS\System32\msword98.exe ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [Regedit32] C:\WINDOWS\System32\regedit.exe File not found
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe ()
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\.DEFAULT..\Run: [braviax] File not found
O4 - HKU\.DEFAULT..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe File not found
O4 - HKU\S-1-5-18..\Run: [braviax] File not found
O4 - HKU\S-1-5-18..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-1715567821-2052111302-725345543-500..\Run: [braviax] File not found
O4 - HKU\S-1-5-21-1715567821-2052111302-725345543-500..\Run: [msword98] C:\Documents and Settings\Administrateur\msword98.exe ()
O4 - Startup: C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ikowin32.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-2052111302-725345543-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1715567821-2052111302-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1715567821-2052111302-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1715567821-2052111302-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NofolderOptions = 0
O7 - HKU\S-1-5-21-1715567821-2052111302-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKU\S-1-5-21-1715567821-2052111302-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O7 - HKU\S-1-5-21-1715567821-2052111302-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-21-1715567821-2052111302-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-1715567821-2052111302-725345543-500_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.79\AMVConverter\grab.html ()
O8 - Extra context menu item: E&xporter vers Microsoft Excel - C:\Program Files\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.79\MediaManager\grab.html ()
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-19\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-20\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1715567821-2052111302-725345543-500\..Trusted Domains: 34 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} http://webscanner.kaspersky.fr/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.zebulon.fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} http://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetecti(...) (HardwareDetection Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} http://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.240 212.27.40.241
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - File not found
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/11/10 13:09:53 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/08/21 18:03:47 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2009/08/21 18:01:00 | 00,001,744 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk
[2009/08/21 18:01:00 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/08/21 18:00:54 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe
[2009/08/21 17:51:22 | 00,189,791 | ---- | C] () -- C:\WINDOWS\System32\wisdstr.exe
[2009/08/21 17:51:19 | 00,011,264 | ---- | C] () -- C:\WINDOWS\System32\braviax.exe
[2009/08/15 15:15:35 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2009/08/15 15:15:22 | 00,339,257 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\CleanUp452.exe
[2009/08/15 15:11:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Bureau\sauvegarde registre
[2009/08/15 14:24:50 | 25,509,54536 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\adsl TV 2009-08-15 14-24-42 TMC.mpg
[2009/08/15 14:18:16 | 16,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Documents and Settings\Administrateur\Bureau\setup-spybotsd162.exe
[2009/08/15 13:56:53 | 74,627,288 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Bureau\TrendMicro_TIS_17.10_en-US_32-bit.exe
[2009/08/15 13:55:57 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\beep.sys
[2009/08/15 13:55:57 | 00,004,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\beep.sys
[2009/08/15 13:54:47 | 00,026,686 | ---- | C] () -- C:\WINDOWS\System32\msword98.exe
[2009/08/15 12:30:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Bureau\TrendMicro_TIS_17.10_en-US_32-bit
[2009/08/15 12:26:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Bureau\TrendMicro_Downloader
[2009/08/15 12:25:34 | 01,975,504 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Administrateur\Bureau\TrendMicro_Downloader.exe
[2009/08/15 12:25:00 | 00,138,384 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/08/15 12:15:58 | 00,007,680 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\RKL39.tmp.sys
[2009/08/14 23:17:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\HouseCall 6.6
[2009/08/08 17:08:38 | 00,000,004 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\adsl TV 2009-08-08 17-08-36 TMC.mpg
[2009/08/08 15:38:15 | 19,082,03613 | ---- | C] () -- C:\Documents and Settings\Administrateur\Mes documents\adsl TV 2009-08-08 15-38-01 TMC.mpg
[2009/08/07 13:42:41 | 00,084,669 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\assurance.pdf
[2009/08/07 13:40:25 | 00,009,347 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\exportAS.pdf
[2009/08/06 14:45:56 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2009/08/06 09:38:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Mes documents\Devastation
[2009/08/06 09:32:57 | 00,000,000 | ---D | C] -- C:\Program Files\Digitalo Studios
[2009/08/04 08:50:46 | 00,000,000 | ---D | C] -- C:\Program Files\Codemasters
[2009/08/04 08:50:44 | 00,151,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MSOSS.DLL
[2009/08/03 22:32:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Application Data\dvdcss
[2009/08/02 22:40:01 | 00,000,000 | ---D | C] -- C:\Program Files\MSECache
[2009/08/02 22:38:33 | 00,014,665 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\COURRIER DEBUT SAISON 2009-2010(2).docx
[2009/08/02 22:30:13 | 00,014,617 | ---- | C] () -- C:\Documents and Settings\Administrateur\Bureau\COURRIER DEBUT SAISON 2009-2010.docx
[2009/08/02 22:29:36 | 29,017,528 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrateur\Bureau\FileFormatConverters.exe
[2009/08/02 09:53:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrateur\Bureau\films
[2009/01/24 12:16:37 | 00,031,831 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/11/29 22:50:35 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/11/29 22:50:34 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/11/29 22:50:29 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/11/29 22:50:29 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/11/29 22:50:28 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/11/29 22:50:23 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/11/29 22:50:23 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/11/29 09:12:46 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2008/11/28 14:19:02 | 00,147,456 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2008/11/11 17:39:52 | 00,002,801 | ---- | C] () -- C:\WINDOWS\Wininit.ini
[2008/10/26 19:30:50 | 00,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2008/10/26 19:30:49 | 00,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2008/10/22 15:46:36 | 00,000,079 | ---- | C] () -- C:\WINDOWS\SW_Win2000X2.DLL
[2008/10/22 15:46:36 | 00,000,050 | ---- | C] () -- C:\WINDOWS\SW_Win2000X3.DLL
[2008/10/22 15:40:24 | 00,002,923 | ---- | C] () -- C:\WINDOWS\CD_SearchHistory.INI
[2008/10/22 15:39:35 | 01,654,784 | ---- | C] () -- C:\WINDOWS\System32\beconvlib.dll
[2008/10/22 15:39:35 | 00,204,800 | ---- | C] () -- C:\WINDOWS\System32\bprgcomm.dll
[2008/10/22 15:39:34 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\SII_PDF.dll
[2008/10/22 15:39:34 | 00,131,072 | ---- | C] () -- C:\WINDOWS\System32\CSVSpecialProcessing.dll
[2008/10/22 15:39:34 | 00,102,400 | ---- | C] () -- C:\WINDOWS\System32\SARzilla.dll
[2008/10/22 15:39:34 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\DVM.dll
[2008/10/22 15:39:34 | 00,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2008/10/19 20:18:24 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2008/10/19 20:18:09 | 00,001,716 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2008/10/19 20:17:57 | 00,000,479 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2008/10/19 20:17:57 | 00,000,267 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2008/10/19 20:17:57 | 00,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2008/09/14 15:17:23 | 00,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNRAR3.dll
[2008/09/14 15:17:23 | 00,075,264 | ---- | C] () -- C:\WINDOWS\System32\unacev2.dll
[2008/08/27 23:44:45 | 00,000,009 | ---- | C] () -- C:\WINDOWS\nfsc_patch.ini
[2008/07/30 19:12:54 | 00,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/07/30 19:12:52 | 00,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/07/20 15:59:59 | 00,000,047 | ---- | C] () -- C:\WINDOWS\System32\09wutili.sys
[2008/02/21 14:51:37 | 00,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2008/02/05 16:42:37 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2008/02/05 16:42:37 | 00,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2007/12/03 22:54:57 | 00,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2007/12/03 22:54:57 | 00,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2007/12/03 22:53:42 | 00,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2007/09/27 00:18:43 | 00,000,009 | ---- | C] () -- C:\WINDOWS\sierra.ini
[2007/08/22 22:09:12 | 00,000,177 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/08/09 01:41:45 | 00,137,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\hwpsgt.sys
[2007/08/09 01:41:45 | 00,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\lemsgt.sys
[2007/07/04 14:37:19 | 00,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/03/30 00:00:40 | 00,203,264 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2007/02/25 20:34:23 | 00,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/01/24 16:08:58 | 00,000,458 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/01/24 10:37:21 | 00,000,202 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/01/02 17:24:23 | 00,156,800 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346bus.sys
[2007/01/02 17:24:23 | 00,005,248 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\d346prt.sys
[2006/12/20 23:48:19 | 00,000,126 | ---- | C] () -- C:\WINDOWS\auddrive.ini
[2006/12/19 18:20:31 | 00,000,385 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/10 22:32:22 | 00,000,132 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2006/12/10 22:21:25 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/12/01 18:34:16 | 00,053,248 | ---- | C] () -- C:\WINDOWS\System32\PhysXLoader.dll
[2006/11/22 11:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2006/11/22 11:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2006/11/22 11:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2006/11/22 11:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2006/11/22 11:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2006/11/22 11:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2006/11/22 11:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2006/11/22 11:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2006/11/22 11:37:08 | 00,045,056 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2006/11/10 17:05:09 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2006/11/10 16:42:32 | 00,000,092 | ---- | C] () -- C:\WINDOWS\CMISETUP.INI
[2006/11/10 16:42:31 | 00,000,026 | ---- | C] () -- C:\WINDOWS\CMCDPLAY.INI
[2006/11/10 16:42:21 | 00,028,672 | ---- | C] () -- C:\WINDOWS\CMIRmDriver.dll
[2006/11/10 16:34:02 | 00,002,552 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2006/11/10 16:33:59 | 00,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2006/10/22 12:22:00 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 01,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 00,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/03/14 15:38:28 | 00,000,469 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2004/10/15 19:31:56 | 00,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2004/09/16 14:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 14:26:40 | 00,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2004/03/15 20:28:50 | 00,069,120 | ---- | C] () -- C:\WINDOWS\daemon.dll
[2004/01/28 16:35:54 | 00,021,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\ProtoWall.sys
[2002/11/01 17:17:50 | 00,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/07/04 16:05:34 | 00,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 14:34:46 | 00,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2001/10/02 20:19:28 | 00,000,793 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/10/02 20:19:14 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2001/10/02 20:18:40 | 00,619,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\ntfs.sys
[2001/10/02 20:17:18 | 00,095,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atapi.sys
[1999/07/23 14:46:48 | 00,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 11:53:20 | 00,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[11 C:\WINDOWS\System32\*.tmp files]
[31 C:\WINDOWS\*.tmp files]
[2009/08/21 18:08:30 | 00,189,791 | ---- | M] () -- C:\WINDOWS\System32\wisdstr.exe
[2009/08/21 18:03:47 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrateur\Bureau\OTL.exe
[2009/08/21 18:01:01 | 00,001,744 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\HijackThis.lnk
[2009/08/21 18:00:53 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrateur\Bureau\HJTInstall.exe
[2009/08/21 17:51:19 | 00,011,264 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
[2009/08/21 17:49:28 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/08/21 17:49:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/21 17:49:26 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/08/15 18:03:51 | 25,509,54536 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\adsl TV 2009-08-15 14-24-42 TMC.mpg
[2009/08/15 16:30:12 | 00,002,801 | ---- | M] () -- C:\WINDOWS\Wininit.ini
[2009/08/15 15:39:26 | 00,000,202 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/08/15 15:15:20 | 00,339,257 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\CleanUp452.exe
[2009/08/15 14:26:10 | 16,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Administrateur\Bureau\setup-spybotsd162.exe
[2009/08/15 13:58:33 | 74,627,288 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\All Users\Bureau\TrendMicro_TIS_17.10_en-US_32-bit.exe
[2009/08/15 13:54:47 | 00,026,686 | ---- | M] () -- C:\WINDOWS\System32\msword98.exe
[2009/08/15 12:37:10 | 00,000,581 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\Mes dossiers de partage.lnk
[2009/08/15 12:25:34 | 01,975,504 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Administrateur\Bureau\TrendMicro_Downloader.exe
[2009/08/15 12:15:58 | 00,007,680 | ---- | M] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\RKL39.tmp.sys
[2009/08/14 23:06:09 | 00,619,072 | ---- | M] () -- C:\WINDOWS\System32\drivers\ntfs.sys
[2009/08/14 23:06:09 | 00,619,072 | ---- | M] () -- C:\WINDOWS\System32\dllcache\ntfs.sys
[2009/08/10 10:56:03 | 00,129,536 | ---- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/08 17:08:39 | 00,000,004 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\adsl TV 2009-08-08 17-08-36 TMC.mpg
[2009/08/08 17:08:36 | 19,082,03613 | ---- | M] () -- C:\Documents and Settings\Administrateur\Mes documents\adsl TV 2009-08-08 15-38-01 TMC.mpg
[2009/08/07 13:42:44 | 00,084,669 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\assurance.pdf
[2009/08/07 13:40:22 | 00,009,347 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\exportAS.pdf
[2009/08/06 15:48:28 | 02,108,752 | -H-- | M] () -- C:\Documents and Settings\Administrateur\Local Settings\Application Data\IconCache.db
[2009/08/05 07:41:34 | 00,157,160 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/08/02 22:43:26 | 00,014,665 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\COURRIER DEBUT SAISON 2009-2010(2).docx
[2009/08/02 22:39:49 | 29,017,528 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Administrateur\Bureau\FileFormatConverters.exe
[2009/08/02 22:35:52 | 00,002,923 | ---- | M] () -- C:\WINDOWS\CD_SearchHistory.INI
[2009/08/02 22:30:12 | 00,014,617 | ---- | M] () -- C:\Documents and Settings\Administrateur\Bureau\COURRIER DEBUT SAISON 2009-2010.docx

========== LOP Check ==========

[2009/08/15 13:54:43 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\Administrateur\Application Data
[2007/03/11 14:04:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\3M
[2007/07/21 18:45:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Ahead
[2008/04/26 22:55:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\AVG7
[2008/07/25 00:11:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Azureus
[2009/07/07 12:06:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Babylon
[2008/10/19 20:30:52 | 00,000,000 | R--D | M] -- C:\Documents and Settings\Administrateur\Application Data\Brother
[2008/07/18 22:25:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\COWON
[2007/02/22 17:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\DarkBls
[2009/08/03 22:53:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\dvdcss
[2007/04/17 00:31:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\ESTsoft
[2008/04/26 15:40:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Grisoft
[2009/08/15 14:06:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\HouseCall 6.6
[2008/06/22 15:44:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\LimeWire
[2009/03/13 13:41:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Nokia
[2009/04/11 21:18:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Nokia Multimedia Player
[2009/08/02 22:38:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\OpenOffice.org2
[2009/03/13 13:41:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\PC Suite
[2008/08/24 18:44:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\SecondLife
[2008/05/22 21:43:30 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrateur\Application Data\SecuROM
[2009/03/15 15:11:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Shareaza
[2008/09/14 15:17:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software
[2009/06/21 21:18:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Soldat
[2008/10/20 09:44:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\Uniblue
[2009/01/11 14:17:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\UseNeXT
[2007/11/29 19:30:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrateur\Application Data\WholeSecurity
[2009/07/07 12:06:27 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2008/07/24 23:06:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/07/07 12:06:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Babylon
[2007/04/01 01:33:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOONTY
[2009/01/18 18:36:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brother
[2008/10/04 19:29:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\dirmbwhw
[2008/10/20 09:44:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2008/07/28 20:17:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/09/27 11:01:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2007/04/17 00:31:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ESTsoft
[2008/04/26 22:10:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/03/13 13:24:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2008/10/05 07:29:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kdizsfgv
[2008/04/28 09:09:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lgtgjkba
[2008/10/04 19:29:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\lyjglanm
[2008/11/24 19:13:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ma-config.com
[2008/11/01 14:42:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2008/09/21 12:19:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/03/13 13:28:16 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/01/24 12:16:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/01/29 11:23:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/06 18:35:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2006/11/10 12:55:35 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2008/12/21 01:43:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2007/02/23 01:20:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2009/06/26 09:58:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/06/26 09:58:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Xfire
[2001/10/02 20:18:30 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/08/21 17:49:28 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
< End of report >

OTL Extras logfile created on: 21/08/2009 18:05:17 - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Administrateur\Bureau
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

502,79 Mb Total Physical Memory | 83,64 Mb Available Physical Memory | 16,64% Memory free
1,94 Gb Paging File | 1,40 Gb Available in Paging File | 72,25% Paging File free
Paging file location(s): C:\pagefile.sys 1512 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 76,32 Gb Total Space | 11,20 Gb Free Space | 14,68% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: PC
Current User Name: Administrateur
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{11964613-805F-432D-A12B-169554B793E7}" = Nokia Connectivity Cable Driver
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{19B72AA9-985A-11D4-9C8A-00D0B75D1498}" = Colin McRae Rally 2
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic (TM)
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{350C97B8-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A4EE7A4-356E-43B7-A4A3-9C55B22A05B3}" = Ma-Config.com
"{56CA5D3B-3002-4E7B-90FE-071D8FDF3814}" =
"{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime
"{6076AA59-9E37-47C9-8902-3AF310ED3098}_is1" = Trojan Killer 1.4
"{66333C41-085E-4DA1-8273-E2BCA382D766}" = NET Installation Assistance for VB6 App (Runtime Only)
"{6A78CBDE-0845-43BA-8675-A132B7C49E09}" = Devastation
"{7032E73F-68A0-48F9-8100-E70E79169BAE}" = AGEIA PhysX v6.12.02
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7784A172-61F1-445E-8368-601607E0DD22}" = MP3 Player Utilities 3.79
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90120000-0020-040C-0000-0000000FF1CE}" = Module de compatibilité pour Microsoft Office System 2007
"{9028040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional avec FrontPage
"{99A40651-0BC2-4095-8F9A-A40FAB224FEF}" = PC Connectivity Solution
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}" = Nokia PC Suite
"{AC76BA86-7AD7-1036-7B44-A70700000002}" = Adobe Reader 7.0.7 - Français
"{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}" = Assistant de connexion Windows Live
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6694BAA-7604-46AA-A41F-B5F1E6DADE7A}" = OpenOffice.org 2.4
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{BADF6744-3787-48F6-B8C9-4C4995401D65}" = Windows Live Messenger
"{C33DC9DF-0841-4B28-AD0B-68EF59FAC53C}" = Brother MFL-Pro Suite
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}" = Windows Live installer
"0C5EDC3653FED5B121F464339EAC12534D253B25" = Package de pilotes Windows - Nokia Modem (02/15/2007 3.1)
"4077F884D1BB007055BDB83B621D87220A73F30F" = Package de pilotes Windows - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer
"adsl TV" = adsl TV
"ALZip_is1" = ALZip
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"a-squared Anti-Malware_is1" = a-squared Anti-Malware 4.0
"Audacity_is1" = Audacity 1.2.6
"B726756F5B5A5AA9D798B399386FC6205A45F19E" = Package de pilotes Windows - Nokia Modem (02/15/2007 3.1)
"Canon Camera WIA Driver PowerShot A30" = Canon PowerShot A30 WIA Driver
"Capturino 1.4" = Capturino 1.4
"CCleaner" = CCleaner (remove only)
"CD8424B9400BFF7D34AA18F816C71322AC4BDAA7" = Package de pilotes Windows - Nokia Modem (05/24/2007 6.84.0.1)
"CleanUp!" = CleanUp!
"C-Media Audio" = C-Media 3D Audio
"Convert Doc_is1" = Convert Doc
"eMule" = eMule
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla" = FileZilla (remove only)
"GoldWave v5.06" = GoldWave v5.06
"GoldWave v5.25" = GoldWave v5.25
"Guitar Pro 5_is1" = Guitar Pro 5.0
"HijackThis" = HijackThis 2.0.2
"Hitman 2: Silent Assassin" = Hitman 2: Silent Assassin
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.3.4 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Midtown Madness 2.0" = Microsoft Midtown Madness 2
"Mozilla Firefox (1.5.0.12)" = Mozilla Firefox (1.5.0.12)
"MSN Toolbar" = Barre d'outils MSN
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PDF Editeur 2" = PDF Editeur 2
"PSN" = Post-it® Software Notes Lite
"RealPlayer 6.0" = RealPlayer
"Shockwave" = Shockwave
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"Troj an Remover_is1" = Trojan Remover 6.5.9
"VirtualDub 1.6.9 Fr" = VirtualDub 1.6.9 Fr
"VLC media player" = VideoLAN VLC media player 0.8.6a
"WinAce Archiver" = WinAce Archiver
"Winamp" = Winamp
"Winamp Toolbar for Firefox" = Winamp Toolbar for Firefox
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Lecteur Windows Media 10
"Windows XP Service Pack" = Windows XP Service Pack 2
"WinRAR archiver" = Archiveur WinRAR
"WksExcelConverter" = MS Works Spreadsheet to XLS Converter

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1715567821-2052111302-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Confidence Online EE" = Confidence Online(tm) for Web Applications
"TimeAdjuster" = Time Adjuster STANDARD 3.1

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/07/2009 13:33:50 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.8.20070.50813, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 09/07/2009 18:15:31 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.8.20070.50813, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 09/07/2009 18:15:49 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.8.20070.50813, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 09/07/2009 18:16:08 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Application bloquée firefox.exe, version 1.8.20070.50813, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 20/07/2009 13:05:17 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Application défaillante firefox.exe, version 1.8.20070.50813, module
défaillant nss3.dll, version 3.11.5.0, adresse de défaillance 0x000306df.

Error - 03/08/2009 16:47:48 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Application bloquée wmplayer.exe, version 10.0.0.3802, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 04/08/2009 03:05:38 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Application bloquée CMR2Demo.exe, version 0.0.1.8, module bloqué hungapp,
version 0.0.0.0, adresse de blocage 0x00000000.

Error - 04/08/2009 16:48:37 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Application bloquée msnmsgr.exe, version 8.5.1302.1018, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 07/08/2009 13:50:26 | Computer Name = PC | Source = Application Hang | ID = 1002
Description = Application bloquée wmplayer.exe, version 10.0.0.3802, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 15/08/2009 06:21:23 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Application défaillante wisdstr.exe, version 3.1.7.85, module défaillant
MSVCP60.dll, version 6.2.3104.0, adresse de défaillance 0x00017733.

[ System Events ]
Error - 05/04/2009 14:33:22 | Computer Name = PC | Source = Cdrom | ID = 262151
Description = Le périphérique \Device\CdRom1 comporte un bloc défectueux.

Error - 07/07/2009 06:06:42 | Computer Name = PC | Source = SideBySide | ID = 16842784
Description = L'assemblage dépendant Microsoft.VC90.CRT ne peut pas être trouvé.
La dernière erreur était L'assemblage référencé n'est pas installé sur votre système.


Error - 07/07/2009 06:06:42 | Computer Name = PC | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly a échoué pour Microsoft.VC90.CRT. Message
d'erreur de référence : L'assemblage référencé n'est pas installé sur votre système.
.

Error - 07/07/2009 06:06:42 | Computer Name = PC | Source = SideBySide | ID = 16842811
Description = Generate Activation Context a échoué pour C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\IXP000.TMP\Empty.exe.
Message
d'erreur de référence : Opération réussie. .

Error - 06/08/2009 08:49:11 | Computer Name = PC | Source = Cdrom | ID = 262151
Description = Le périphérique \Device\CdRom2 comporte un bloc défectueux.

Error - 07/08/2009 15:23:02 | Computer Name = PC | Source = Cdrom | ID = 262151
Description = Le périphérique \Device\CdRom2 comporte un bloc défectueux.

Error - 14/08/2009 17:55:53 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : agp440

Error - 15/08/2009 07:55:06 | Computer Name = PC | Source = Service Control Manager | ID = 7026
Description = Le pilote de démarrage système ou d'amorçage suivant n'a pas pu se
charger : agp440

Error - 15/08/2009 07:55:37 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Le service Beep n'a pas pu démarrer en raison de l'erreur : %%2

Error - 15/08/2009 07:56:25 | Computer Name = PC | Source = Service Control Manager | ID = 7000
Description = Le service Null n'a pas pu démarrer en raison de l'erreur : %%2


< End of report >

Bonsoir,

Ton système est bien infecté. Ne supprime aucun fichier pour le moment
Désactive tes logiciels de sécurité durant la procédure.

1) Désinstalle les applications suivantes (si présentes) via ajout/suppression de programmes :

Norton WMI Update
Trojan Killer ; peu efficace
a-squared Anti-Malware ; dépassé par les infection actuelles
Trojan Remover ; peu efficace


2) Télécharge le Norton Removal Tool afin de supprimer les éléments résiduels de Norton.

- Clique deux fois sur l'icône Norton Removal Tool.
- Suis les instructions. L'ordinateur pourra être redémarré plusieurs fois et tu seras peut-être invité à répéter certaines étapes.


3) Relance OTL

- Copie-colle l'entièreté de ceci ci dessous dans la partie "Customs Scans/Fixes" :

Clique ensuite sur "Run Fix". L'ordinateur peut demander à redémarrer, accepte.
Une fois l'opération terminée, un fichier texte apparaîtra à l'écran. Copie/colle son contenu ici.


4) Télécharge Combofix de sUBs : combofix.exe et sauvegarde-le sur ton bureau.

- Connecte tous tes supports amovibles (clés USB, disques, lecteurs MP3, etc.).
- Double-clic sur combofix, accepte la licence d'utilisation et laisse toi guider.
- Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.


Si tu n'as plus accès à Internet après l'utilisation de ComboFix :
Suis cette procédure :

1. Cliquez sur le bouton Démarrer.
2. Cliquez sur l'option de menu Paramètres.
3. Cliquez sur l'option Panneau de configuration.
4. Après l'ouverture du Panneau de configuration, faites un double clic sur l'icône Connexions réseau. Si votre Panneau de configuration est paramétré pour un affichage en catégories, faites un double clic sur Connexions réseau et Internet puis cliquez sur Connexions réseau tout en bas.
5. Vous verrez alors une liste de toutes les connexions réseau disponibles. Repérez la connexion vers votre adaptateur Sans Fil ou Réseau local et faites un clic droit dessus.
6. Vous verrez alors un menu similaire à celui de l'image ci-dessous. Cliquez simplement sur l'option de menu Réparer.


7. Laissez le processus de réparation se dérouler, et lorsqu'il a terminé, votre connexion Internet devrait être de nouveau opérationnelle.

Sinon, si une icône de votre réseau apparaît aussi dans la barre des tâches Windows, vous pouvez la réparer en faisant un clic droit sur l'icône et en choisissant Réparer comme le montre l'image ci-dessous:



Cordialement.

merci pour la réponse :-)
par contre quand je relance OTL l'ordinateur plante complèetement, qu'est ce que je dois faire ?
Merci

Continue directement avec l'étape 4)

je n'arrive pas à lancer combofix, je clic dessus mais rien ne se passe...

Essaie de renommer ComboFix.exe en tipoum.exe.

ComboFix 09-08-20.07 - Administrateur 21/08/2009 21:16.2.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.503.156 [GMT 2:00]
Running from: c:\documents and settings\Administrateur\Bureau\tipoum.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Application Data\wiaserva.log
c:\documents and settings\Administrateur\Local Settings\Temporary Internet Files\udafide.lib
c:\documents and settings\Administrateur\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\Install.txt
c:\windows\Installer\1ff8d.msi
c:\windows\Installer\3a2715.msi
c:\windows\patch.exe
c:\windows\SW_Win2000X2.DLL
c:\windows\SW_Win2000X3.DLL
c:\windows\system32\_scui.cpl
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\Ijl11.dll
c:\windows\system32\Install.txt
c:\windows\system32\wisdstr.exe

Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP102\A0017008.sys

Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0018155.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_AFISICX
-------\Legacy_MABIDWE
-------\Legacy_NOYTCYR
-------\Legacy_ROYTCTM
-------\Legacy_SOXPECA
-------\Legacy_TDYDOWKC
-------\Legacy_WSLDOEKD


((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-21 19:27 . 2001-10-02 18:17 4224 ----a-w- c:\windows\system32\drivers\beep.sys
2009-08-21 17:56 . 2009-08-21 17:56 -------- d-----w- C:\_OTL
2009-08-21 17:38 . 2009-08-21 17:39 -------- d-----w- c:\program files\InterActual
2009-08-21 16:09 . 2009-08-21 16:09 19042 ----a-w- c:\windows\udabymyt.bat
2009-08-21 16:09 . 2009-08-21 16:09 18478 ----a-w- c:\windows\gahos.pif
2009-08-21 16:09 . 2009-08-21 16:09 17944 ----a-w- c:\documents and settings\Administrateur\Application Data\hyxigeciwu.bat
2009-08-21 16:09 . 2009-08-21 16:09 17024 ----a-w- c:\windows\system32\mokakamy.sys
2009-08-21 16:09 . 2009-08-21 16:09 15504 ----a-w- c:\windows\iwoje.vbs
2009-08-21 16:09 . 2009-08-21 16:09 15061 ----a-w- c:\windows\system32\ahefi.vbs
2009-08-21 16:09 . 2009-08-21 16:09 14525 ----a-w- c:\windows\system32\ojokebafir.exe
2009-08-21 16:09 . 2009-08-21 16:09 13556 ----a-w- c:\program files\Fichiers communs\hikiwusux.exe
2009-08-21 16:09 . 2009-08-21 16:09 16425 ----a-w- c:\program files\Fichiers communs\gebo.reg
2009-08-21 16:09 . 2009-08-21 16:09 15435 ----a-w- c:\windows\system32\guceletop.bin
2009-08-21 16:01 . 2009-08-21 16:01 -------- d-----w- c:\program files\Trend Micro
2009-08-21 15:50 . 2009-08-21 19:30 148 ----a-w- c:\documents and settings\Administrateur\delself.bat
2009-08-15 13:15 . 2009-08-15 13:15 -------- d-----w- c:\program files\CleanUp!
2009-08-15 11:55 . 2009-08-21 18:01 29184 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-08-15 11:54 . 2009-08-15 11:54 26686 ----a-w- c:\windows\system32\msword98.exe
2009-08-15 11:54 . 2009-08-15 11:54 26686 ----a-w- c:\documents and settings\Administrateur\msword98.exe
2009-08-15 10:25 . 2008-03-30 16:55 1213784 ----a-w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6\vsapi32.dll
2009-08-15 10:25 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6\BPMNT.dll
2009-08-15 10:25 . 2007-12-24 15:37 138384 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-15 10:24 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6\tmcomm.sys
2009-08-15 10:24 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6\ssapi32.dll
2009-08-15 10:24 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6\tsc.exe
2009-08-15 10:15 . 2009-08-15 10:15 7680 ----a-w- c:\windows\system32\drivers\RKL39.tmp.sys
2009-08-14 21:17 . 2009-08-15 12:06 -------- d-----w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6
2009-08-06 12:45 . 2009-08-06 12:45 -------- d-----w- c:\program files\Microsoft Games
2009-08-06 07:32 . 2009-08-06 07:32 -------- d-----w- c:\program files\Digitalo Studios
2009-08-04 06:50 . 2009-08-04 06:50 -------- d-----w- c:\program files\Codemasters
2009-08-04 06:50 . 1999-04-23 20:22 151552 ----a-w- c:\windows\system32\MSOSS.DLL
2009-08-03 20:32 . 2009-08-03 20:53 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
2009-08-02 20:40 . 2009-08-02 20:40 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 19:31 . 2009-08-21 19:31 189791 ----a-w- c:\windows\system32\wisdstr.exe
2009-08-21 19:29 . 2001-10-02 18:18 629920 ----a-w- c:\windows\system32\drivers\ntfs.sys
2009-08-21 18:27 . 2007-07-28 15:47 -------- d-----w- c:\program files\adslTV
2009-08-21 17:45 . 2008-09-21 10:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-21 17:43 . 2008-04-28 12:37 -------- d-----w- c:\program files\a-squared Anti-Malware
2009-08-21 17:42 . 2009-01-29 09:13 -------- d-----w- c:\program files\Trojan Killer
2009-08-21 16:09 . 2009-08-21 16:09 15154 ----a-w- c:\program files\Fichiers communs\rynypoj._sy
2009-08-15 12:25 . 2007-05-13 11:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-15 12:20 . 2007-02-22 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-14 21:24 . 2008-10-05 09:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 21:24 . 2008-12-30 18:10 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-14 21:00 . 2007-01-16 07:29 -------- d-----w- c:\program files\eMule
2009-08-06 07:32 . 2006-11-10 14:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-03 11:36 . 2008-10-05 09:56 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-10-05 09:56 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 20:38 . 2008-10-11 00:58 -------- d-----w- c:\documents and settings\Administrateur\Application Data\OpenOffice.org2
2009-08-02 20:36 . 2008-10-11 00:58 1 ----a-w- c:\documents and settings\Administrateur\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-07-07 10:06 . 2009-07-07 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2009-07-07 10:06 . 2009-07-07 10:06 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Babylon
2009-07-06 16:35 . 2009-07-06 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-06-26 07:58 . 2009-06-26 07:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-06-21 19:21 . 2009-06-21 19:21 0 ----a-r- C:\logwmemory.bin
2009-06-02 21:26 . 2009-02-11 20:58 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2007-05-31 21:38 . 2007-01-16 20:32 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-05-31 21:38 . 2007-01-16 20:32 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-05-31 21:38 . 2007-01-16 20:32 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

------- Sigcheck -------

[7] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2001-10-02 18:18 533504 70FAE0DCFDFAA0838D6778FCA028CE01 c:\windows\$NtServicePackUninstall$\ntfs.sys
[7] 2004-08-03 22:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[7] 2004-08-03 22:15 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\ServicePackFiles\i386\ntfs.sys
[-] 2008-04-13 19:15 574976 78A08DD6A8D65E697C18E1DB01C5CDCA c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\ntfs.sys
[-] 2009-08-21 19:29 629920 B5FAC1A3E6CF6D59D92ECB071C0EAC3D c:\windows\system32\dllcache\ntfs.sys
[-] 2009-08-21 19:29 629920 B5FAC1A3E6CF6D59D92ECB071C0EAC3D c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msword98"="c:\documents and settings\Administrateur\msword98.exe" [2009-08-15 26686]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\System32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\System32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SetDefPrt"="c:\program files\Brother\Brmfl03a\BrStDvPt.exe" [2003-07-03 45056]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-11-04 185872]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 148888]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"msword98"="c:\windows\system32\msword98.exe" [2009-08-15 26686]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
ikowin32.exe [2004-8-19 23552]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-10 110592]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Post-it® Software Notes Lite.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Post-it® Software Notes Lite.lnk
backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SAVScan"=3 (0x3)
"navapsvc"=3 (0x3)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Brother XP spl Service"=2 (0x2)
"brmfrmps"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"aawservice"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [02/01/2007 17:24 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [02/01/2007 17:24 5248]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [05/02/2009 17:31 28544]
S0 edlyzw;edlyzw;c:\windows\system32\drivers\vrbldb.sys --> c:\windows\system32\drivers\vrbldb.sys [?]
S1 soqwx32;soqwx32;\??\c:\windows\system32\drivers\soqwx32.sys --> c:\windows\system32\drivers\soqwx32.sys [?]
S2 mscicosd;Files Management Service;c:\windows\system32\mscico.exe --> c:\windows\system32\mscico.exe [?]
S3 brfilt;Pilote de filtre Brother MFC;c:\windows\system32\drivers\BrFilt.sys [19/10/2008 20:18 2944]
S3 BrSerWDM;Pilote série WDM Brother;c:\windows\system32\drivers\BrSerWdm.sys [19/10/2008 20:17 61952]
S3 BrUsbMdm;Brother MFC USB modem télécopieur uniquement;c:\windows\system32\drivers\BrUsbMdm.sys [19/10/2008 20:18 11008]
S3 BrUsbScn;Pilote de scanneur Brother MFC USB;c:\windows\system32\drivers\BrUsbScn.sys [19/10/2008 20:18 10368]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [20/10/2004 15:23 21344]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/11/2008 09:05 195752]
S3 ProtoWall;ProtoWall Defender;c:\windows\system32\drivers\ProtoWall.sys [28/01/2004 16:35 21376]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PC Antispyware 2010 - c:\program files\PC_Antispyware2010\PC_Antispyware2010.exe
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.79\AMVConverter\grab.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.79\MediaManager\grab.html
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\9id2a3ig.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\9id2a3ig.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\9id2a3ig.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\9id2a3ig.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 21:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\wisdstr.exe 189791 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\vsdatant]
"ImagePath"=""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1715567821-2052111302-725345543-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{665DE6F6-C9D2-F457-CB3D-ACE90D0646B4}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iapnkodkbpaknbhpbj"=hex:6b,61,64,70,61,6e,70,70,63,67,6b,63,61,6f,66,66,61,65,
68,68,61,61,00,00
"hafnanalpdggbanp"=hex:6b,61,64,70,61,6e,70,70,64,67,65,6c,66,6e,6a,6c,64,65,
63,61,64,63,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3572)
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\docume~1\ADMINI~1\LOCALS~1\temp\LOADER.EXE
c:\qoobox\Quarantine\C\WINDOWS\system32\braviax.exe.vir.dll
c:\program files\Avira\AntiVir PersonalEdition Classic\guardgui.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\guardgui.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\guardgui.exe
.
**************************************************************************
.
Completion time: 2009-08-21 21:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-21 19:36

Pre-Run: 11 972 714 496 octets libres
Post-Run: 11 937 615 872 octets libres

280 --- E O F --- 2008-12-12 21:19

Bonsoir,

Utiles-tu ProtoWall ?
Désactive tes logiciels de sécurité durant la procédure.

1) Télécharge ATF-Cleaner by Atribune et enregistre-le sur ton bureau.

Ferme tes navigateurs et exécute le programme.

- Coche l'onglet "Select All".
- Clique sur "Empty Selected".


2) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture



- Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt


Comment se comporte le système ?


Cordialement.

Je n'utilise pas ProtoWall, je ne connais pas.
Apparement mon PC va mieux, il n'y a plus d'alertes depuis quelques minutes.
Merci beaucoup



ComboFix 09-08-20.07 - Administrateur 21/08/2009 22:31.3.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.503.176 [GMT 2:00]
Running from: c:\documents and settings\Administrateur\Bureau\tipoum.exe
Command switches used :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

FILE ::
"c:\documents and settings\Administrateur\Application Data\hyxigeciwu.bat"
"c:\documents and settings\Administrateur\delself.bat"
"c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ikowin32.exe"
"c:\documents and settings\Administrateur\msword98.exe"
"c:\program files\Fichiers communs\gebo.reg"
"c:\program files\Fichiers communs\hikiwusux.exe"
"c:\program files\Fichiers communs\rynypoj._sy"
"c:\windows\gahos.pif"
"c:\windows\iwoje.vbs"
"c:\windows\system32\ahefi.vbs"
"c:\windows\system32\drivers\pavboot.sys"
"c:\windows\system32\drivers\RKL39.tmp.sys"
"c:\windows\system32\drivers\soqwx32.sys"
"c:\windows\System32\drivers\tmcomm.sys"
"c:\windows\system32\drivers\vrbldb.sys"
"c:\windows\system32\guceletop.bin"
"c:\windows\system32\mokakamy.sys"
"c:\windows\system32\mscico.exe"
"c:\windows\system32\msword98.exe"
"c:\windows\system32\ojokebafir.exe"
"c:\windows\system32\wisdstr.exe"
"c:\windows\udabymyt.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrateur\Application Data\hyxigeciwu.bat
c:\documents and settings\Administrateur\Application Data\Uniblue
c:\documents and settings\Administrateur\delself.bat
c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\ikowin32.exe
c:\documents and settings\Administrateur\msword98.exe
c:\documents and settings\Administrateur\oashdihasidhasuidhiasdhiashdiuasdhasd
c:\documents and settings\All Users\Application Data\BOONTY
c:\documents and settings\All Users\Application Data\BOONTY\Licenses\B4F89000.dat
c:\documents and settings\All Users\Application Data\kdizsfgv
c:\documents and settings\All Users\Application Data\lgtgjkba
c:\documents and settings\All Users\Application Data\lyjglanm
c:\documents and settings\All Users\Application Data\Norton
c:\documents and settings\All Users\Application Data\Norton\00000082\0000002f\000000b0\cltLMS1.dat
c:\documents and settings\All Users\Application Data\Norton\00000082\0000002f\000000b0\cltLMS2.dat
c:\documents and settings\All Users\Application Data\Norton\symdata.xml
c:\documents and settings\All Users\Application Data\NortonInstaller
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\08-21-2009-19h44m19s\SymNRT-08-21-2009-19h44m19s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\08-21-2009-19h44m19s\SymNRT.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\10-28-2008-14h33m39s\Install.1.mft
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\10-28-2008-14h33m39s\NortonInstall-10-28-2008-14h33m39s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\10-28-2008-14h33m39s\OCSCtl-0x0F84.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\10-28-2008-14h33m39s\SyKnAppS_300110-0x0474.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\10-28-2008-14h33m39s\SyKnAppS_300110-0x04CC.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\10-28-2008-14h33m39s\SyKnAppS_300110-0x04D8.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\10-28-2008-14h33m39s\SyKnAppS_300110-0x0590.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\10-28-2008-14h33m39s\SymIMexe-0x06C0.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\11-1-2008-13h40m54s\BHCA-0x0728.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\11-1-2008-13h40m54s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\11-1-2008-13h40m54s\NortonInstall-11-1-2008-13h40m54s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\11-1-2008-13h40m54s\OCSCtl-0x0F08.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\11-1-2008-13h40m54s\SymIMexe-0x02D4.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\11-1-2008-13h42m29s\NortonInstall-11-1-2008-13h42m29s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\9-21-2008-12h15m34s\Log.Lue
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\9-21-2008-12h15m34s\NortonInstall-9-21-2008-12h15m34s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\9-21-2008-12h19m00s\NortonInstall-9-21-2008-12h19m00s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\9-21-2008-12h19m06s\BHCA-0x0F08.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\9-21-2008-12h19m06s\bootlog.etl
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\9-21-2008-12h19m06s\Install.1.mft.7z
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\9-21-2008-12h19m06s\log.etl
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\9-21-2008-12h19m06s\Log.Lue
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\9-21-2008-12h19m06s\NortonInstall-9-21-2008-12h19m06s.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\9-21-2008-12h19m06s\SymIMexe-0x073C.log
c:\documents and settings\All Users\Application Data\NortonInstaller\Logs\Url.txt
c:\documents and settings\All Users\Application Data\NortonInstaller\Settings\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}.7z
c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\SubEng\platformid.dat
c:\program files\Fichiers communs\gebo.reg
c:\program files\Fichiers communs\hikiwusux.exe
c:\program files\Fichiers communs\rynypoj._sy
c:\program files\Trojan Killer
c:\program files\Trojan Killer\logs\2009-01-29 [10-14-41].log
c:\program files\Trojan Killer\logs\2009-08-14 [23-22-57].log
c:\windows\gahos.pif
c:\windows\iwoje.vbs
c:\windows\system32\ahefi.vbs
c:\windows\system32\drivers\pavboot.sys
c:\windows\system32\drivers\RKL39.tmp.sys
c:\windows\System32\drivers\tmcomm.sys
c:\windows\system32\guceletop.bin
c:\windows\system32\mokakamy.sys
c:\windows\system32\msword98.exe
c:\windows\system32\ojokebafir.exe
c:\windows\udabymyt.bat

Infected copy of c:\windows\system32\drivers\ntfs.sys was found and disinfected
Restored copy from - c:\system volume information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0020214.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSCICOSD
-------\Legacy_NMINDEXINGSERVICE
-------\Legacy_PAVBOOT
-------\Legacy_TMCOMM
-------\Service_edlyzw
-------\Service_mscicosd
-------\Service_NMIndexingService
-------\Service_pavboot
-------\Service_soqwx32
-------\Service_tmcomm


((((((((((((((((((((((((( Files Created from 2009-07-21 to 2009-08-21 )))))))))))))))))))))))))))))))
.

2009-08-21 19:27 . 2001-10-02 18:17 4224 ------w- c:\windows\system32\drivers\beep.sys
2009-08-21 17:56 . 2009-08-21 17:56 -------- d-----w- C:\_OTL
2009-08-21 17:38 . 2009-08-21 17:39 -------- d-----w- c:\program files\InterActual
2009-08-21 16:01 . 2009-08-21 16:01 -------- d-----w- c:\program files\Trend Micro
2009-08-15 13:15 . 2009-08-15 13:15 -------- d-----w- c:\program files\CleanUp!
2009-08-15 11:55 . 2009-08-21 18:01 29184 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-08-15 10:25 . 2008-03-30 16:55 1213784 ----a-w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6\vsapi32.dll
2009-08-15 10:25 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6\BPMNT.dll
2009-08-15 10:24 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6\tmcomm.sys
2009-08-15 10:24 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6\ssapi32.dll
2009-08-15 10:24 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6\tsc.exe
2009-08-14 21:17 . 2009-08-15 12:06 -------- d-----w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6
2009-08-06 12:45 . 2009-08-06 12:45 -------- d-----w- c:\program files\Microsoft Games
2009-08-06 07:32 . 2009-08-06 07:32 -------- d-----w- c:\program files\Digitalo Studios
2009-08-04 06:50 . 2009-08-04 06:50 -------- d-----w- c:\program files\Codemasters
2009-08-04 06:50 . 1999-04-23 20:22 151552 ----a-w- c:\windows\system32\MSOSS.DLL
2009-08-03 20:32 . 2009-08-03 20:53 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
2009-08-02 20:40 . 2009-08-02 20:40 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-21 20:23 . 2007-01-16 07:29 -------- d-----w- c:\program files\eMule
2009-08-21 18:27 . 2007-07-28 15:47 -------- d-----w- c:\program files\adslTV
2009-08-21 17:43 . 2008-04-28 12:37 -------- d-----w- c:\program files\a-squared Anti-Malware
2009-08-15 12:25 . 2007-05-13 11:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-15 12:20 . 2007-02-22 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-14 21:24 . 2008-10-05 09:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 21:24 . 2008-12-30 18:10 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-06 07:32 . 2006-11-10 14:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-03 11:36 . 2008-10-05 09:56 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-10-05 09:56 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 20:38 . 2008-10-11 00:58 -------- d-----w- c:\documents and settings\Administrateur\Application Data\OpenOffice.org2
2009-08-02 20:36 . 2008-10-11 00:58 1 ----a-w- c:\documents and settings\Administrateur\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-07-07 10:06 . 2009-07-07 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2009-07-07 10:06 . 2009-07-07 10:06 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Babylon
2009-07-06 16:35 . 2009-07-06 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-06-26 07:58 . 2009-06-26 07:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-06-21 19:21 . 2009-06-21 19:21 0 ----a-r- C:\logwmemory.bin
2009-06-02 21:26 . 2009-02-11 20:58 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2007-05-31 21:38 . 2007-01-16 20:32 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-05-31 21:38 . 2007-01-16 20:32 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-05-31 21:38 . 2007-01-16 20:32 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\drivers\beep.sys ---
Company: Microsoft Corporation
File Description: BEEP Driver
File Version: 5.1.2600.0 (XPClient.010817-1148)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: beep.sys
File size: 4224
Created time: 2009-08-21 19:27
Modified time: 2001-10-02 18:17
MD5: DA1F27D85E0D1525F6621372E7B685E9
SHA1: E3D2DC5EB273FA701DE8AF13B60D6BAAC7629260


--- c:\windows\system32\drivers\ntfs.sys ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 629920
Created time: 2001-10-02 18:18
Modified time: 2009-08-21 19:29
MD5: B5FAC1A3E6CF6D59D92ECB071C0EAC3D
SHA1: A2D69D458EC5EA54BB44E6978F07B3FC3D73C747


--- c:\windows\system32\drivers\null.sys ---
Company: Microsoft Corporation
File Description: NULL Driver
File Version: 5.1.2600.0 (XPClient.010817-1148)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: null.sys
File size: 2944
Created time: 2001-10-02 18:18
Modified time: 2001-10-02 18:18
MD5: 73C1E1F395918BC2C6DD67AF7591A3AD
SHA1: 80EB8A76E5579B0136281E4DD4E2D4E56B249E4C


((((((((((((((((((((((((((((( SnapShot@2009-08-21_19.31.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-21 20:40 . 2009-08-21 20:40 16384 c:\windows\temp\Perflib_Perfdata_7d4.dat
+ 2001-10-02 18:18 . 2007-02-09 11:10 574464 c:\windows\system32\drivers\ntfs.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\System32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\System32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SetDefPrt"="c:\program files\Brother\Brmfl03a\BrStDvPt.exe" [2003-07-03 45056]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-11-04 185872]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 148888]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-10 110592]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Post-it® Software Notes Lite.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Post-it® Software Notes Lite.lnk
backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Brother XP spl Service"=2 (0x2)
"brmfrmps"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [02/01/2007 17:24 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [02/01/2007 17:24 5248]
S3 brfilt;Pilote de filtre Brother MFC;c:\windows\system32\drivers\BrFilt.sys [19/10/2008 20:18 2944]
S3 BrSerWDM;Pilote série WDM Brother;c:\windows\system32\drivers\BrSerWdm.sys [19/10/2008 20:17 61952]
S3 BrUsbMdm;Brother MFC USB modem télécopieur uniquement;c:\windows\system32\drivers\BrUsbMdm.sys [19/10/2008 20:18 11008]
S3 BrUsbScn;Pilote de scanneur Brother MFC USB;c:\windows\system32\drivers\BrUsbScn.sys [19/10/2008 20:18 10368]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [20/10/2004 15:23 21344]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/11/2008 09:05 195752]
S3 ProtoWall;ProtoWall Defender;c:\windows\system32\drivers\ProtoWall.sys [28/01/2004 16:35 21376]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.79\AMVConverter\grab.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.79\MediaManager\grab.html
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\9id2a3ig.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\9id2a3ig.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\9id2a3ig.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\9id2a3ig.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-21 22:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2009-08-21 22:47 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-21 20:47
ComboFix2.txt 2009-08-21 19:36

Pre-Run: 11 798 228 992 octets libres
Post-Run: 11 759 185 920 octets libres

320 --- E O F --- 2008-12-12 21:19

Bonsoir,

Il reste encore un peu de travail.
Désactive tes logiciels de sécurité durant la procédure.

1) Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :

- Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture



- Une fenêtre bleue va apparaître. Tape 1 si nécessaire.
- Patiente le temps du scan. Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
- Une fois le scan achevé, un rapport va s'afficher: poste son contenu, en précisant où en sont tes soucis.

- Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.


2) Lance Malwarebytes Anti-Malware

- Procède aux mises à jour.
- Coche la case "Exécuter un examen complet" puis clique sur Rechercher.
- Sélectionne (coche) toutes tes partitions puis clique sur "Lancer l'examen".
- Lorsque le scan est terminé, un message te prévient. Clique alors sur le bouton "Montrer les résultats".
- Dans la fenêtre suivante clique sur "Supprimer la sélection".Si le programme te propose de redémarrer l'ordinateur, accepte!
- Le rapport de scan va s'afficher. Sauvegarde le puis poste son contenu.


3) Configure AntiVir selon les instructions données par cette vidéo.

- Effectue un scan complet de tous tes disques durs.
- Poste le rapport de scan dans ton prochain message.


Comment se comporte le système ?


Cordialement.

ComboFix 09-08-20.07 - Administrateur 22/08/2009 9:36.4.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.503.95 [GMT 2:00]
Running from: c:\documents and settings\Administrateur\Bureau\tipoum.exe
Command switches used :: c:\documents and settings\Administrateur\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Sygate Personal Firewall *disabled* {BE898FE3-CD0B-4014-85A9-03DB9923DDB6}

FILE ::
"c:\windows\system32\drivers\ProtoWall.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\ProtoWall.sys

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\ntfs.sys --> c:\windows\system32\drivers\ntfs.sys
c:\windows\SoftwareDistribution\Download\d43a20c40794c502928d4b7d8ff0ea20\ntfs.sys --> c:\windows\system32\dllcache\ntfs.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ProtoWall


((((((((((((((((((((((((( Files Created from 2009-07-22 to 2009-08-22 )))))))))))))))))))))))))))))))
.

2009-08-21 19:27 . 2001-10-02 18:17 4224 ------w- c:\windows\system32\drivers\beep.sys
2009-08-21 17:56 . 2009-08-21 17:56 -------- d-----w- C:\_OTL
2009-08-21 17:38 . 2009-08-21 17:39 -------- d-----w- c:\program files\InterActual
2009-08-21 16:01 . 2009-08-21 16:01 -------- d-----w- c:\program files\Trend Micro
2009-08-15 13:15 . 2009-08-15 13:15 -------- d-----w- c:\program files\CleanUp!
2009-08-15 11:55 . 2009-08-21 18:01 29184 -c--a-w- c:\windows\system32\dllcache\beep.sys
2009-08-15 10:25 . 2008-03-30 16:55 1213784 ----a-w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6\vsapi32.dll
2009-08-15 10:25 . 2006-11-22 15:48 91744 ----a-w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6\BPMNT.dll
2009-08-15 10:24 . 2007-12-24 15:37 138384 ----a-w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6\tmcomm.sys
2009-08-15 10:24 . 2006-07-07 14:29 1197584 ----a-w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6\ssapi32.dll
2009-08-15 10:24 . 2009-03-27 15:38 366344 ----a-w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6\tsc.exe
2009-08-14 21:17 . 2009-08-15 12:06 -------- d-----w- c:\documents and settings\Administrateur\Application Data\HouseCall 6.6
2009-08-06 12:45 . 2009-08-06 12:45 -------- d-----w- c:\program files\Microsoft Games
2009-08-06 07:32 . 2009-08-06 07:32 -------- d-----w- c:\program files\Digitalo Studios
2009-08-04 06:50 . 2009-08-04 06:50 -------- d-----w- c:\program files\Codemasters
2009-08-04 06:50 . 1999-04-23 20:22 151552 ----a-w- c:\windows\system32\MSOSS.DLL
2009-08-03 20:32 . 2009-08-03 20:53 -------- d-----w- c:\documents and settings\Administrateur\Application Data\dvdcss
2009-08-02 20:40 . 2009-08-02 20:40 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-22 07:01 . 2007-01-16 07:29 -------- d-----w- c:\program files\eMule
2009-08-21 20:49 . 2006-11-10 15:19 29352 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-21 18:27 . 2007-07-28 15:47 -------- d-----w- c:\program files\adslTV
2009-08-21 17:43 . 2008-04-28 12:37 -------- d-----w- c:\program files\a-squared Anti-Malware
2009-08-15 12:25 . 2007-05-13 11:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-15 12:20 . 2007-02-22 22:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-14 21:24 . 2008-10-05 09:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-14 21:24 . 2008-12-30 18:10 3942047 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-06 07:32 . 2006-11-10 14:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-03 11:36 . 2008-10-05 09:56 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 11:36 . 2008-10-05 09:56 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 20:38 . 2008-10-11 00:58 -------- d-----w- c:\documents and settings\Administrateur\Application Data\OpenOffice.org2
2009-08-02 20:36 . 2008-10-11 00:58 1 ----a-w- c:\documents and settings\Administrateur\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-07-07 10:06 . 2009-07-07 10:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2009-07-07 10:06 . 2009-07-07 10:06 -------- d-----w- c:\documents and settings\Administrateur\Application Data\Babylon
2009-07-06 16:35 . 2009-07-06 16:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom
2009-06-26 07:58 . 2009-06-26 07:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-06-21 19:21 . 2009-06-21 19:21 0 ----a-r- C:\logwmemory.bin
2009-06-02 21:26 . 2009-02-11 20:58 75096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2007-05-31 21:38 . 2007-01-16 20:32 61038 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2007-05-31 21:38 . 2007-01-16 20:32 49256 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2007-05-31 21:38 . 2007-01-16 20:32 166000 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\drivers\beep.sys ---
Company: Microsoft Corporation
File Description: BEEP Driver
File Version: 5.1.2600.0 (XPClient.010817-1148)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: beep.sys
File size: 4224
Created time: 2009-08-21 19:27
Modified time: 2001-10-02 18:17
MD5: DA1F27D85E0D1525F6621372E7B685E9
SHA1: E3D2DC5EB273FA701DE8AF13B60D6BAAC7629260


--- c:\windows\system32\drivers\ntfs.sys ---
Company: Microsoft Corporation
File Description: NT File System Driver
File Version: 5.1.2600.3081 (xpsp_sp2_gdr.070209-0028)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: ntfs.sys
File size: 574464
Created time: 2001-10-02 18:18
Modified time: 2007-02-09 11:10
MD5: 19A811EF5F1ED5C926A028CE107FF1AF
SHA1: D1EFC83A3CB762BC596C1866C163DDAE8382A1D5


--- c:\windows\system32\drivers\null.sys ---
Company: Microsoft Corporation
File Description: NULL Driver
File Version: 5.1.2600.0 (XPClient.010817-1148)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: null.sys
File size: 2944
Created time: 2001-10-02 18:18
Modified time: 2001-10-02 18:18
MD5: 73C1E1F395918BC2C6DD67AF7591A3AD
SHA1: 80EB8A76E5579B0136281E4DD4E2D4E56B249E4C


((((((((((((((((((((((((((((( SnapShot@2009-08-21_19.31.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 07:45 . 2009-08-22 07:45 16384 c:\windows\temp\Perflib_Perfdata_1a0.dat
+ 2005-09-28 12:46 . 2005-09-28 12:46 1184984 c:\windows\system32\wvc1dmod.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\System32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\System32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\System32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"ISUSPM Startup"="c:\progra~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-08-09 221184]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"SetDefPrt"="c:\program files\Brother\Brmfl03a\BrStDvPt.exe" [2003-07-03 45056]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-11-04 185872]
"SSBkgdUpdate"="c:\program files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-10 148888]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.exe.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-12-10 110592]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.4.lnk]
path=c:\documents and settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.4.lnk
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Post-it® Software Notes Lite.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Post-it® Software Notes Lite.lnk
backup=c:\windows\pss\Post-it® Software Notes Lite.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Brother XP spl Service"=2 (0x2)
"brmfrmps"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 d346bus;d346bus;c:\windows\system32\drivers\d346bus.sys [02/01/2007 17:24 156800]
R0 d346prt;d346prt;c:\windows\system32\drivers\d346prt.sys [02/01/2007 17:24 5248]
S3 brfilt;Pilote de filtre Brother MFC;c:\windows\system32\drivers\BrFilt.sys [19/10/2008 20:18 2944]
S3 BrSerWDM;Pilote série WDM Brother;c:\windows\system32\drivers\BrSerWdm.sys [19/10/2008 20:17 61952]
S3 BrUsbMdm;Brother MFC USB modem télécopieur uniquement;c:\windows\system32\drivers\BrUsbMdm.sys [19/10/2008 20:18 11008]
S3 BrUsbScn;Pilote de scanneur Brother MFC USB;c:\windows\system32\drivers\BrUsbScn.sys [19/10/2008 20:18 10368]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\drivers\fbxusb32.sys [20/10/2004 15:23 21344]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/11/2008 09:05 195752]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to AMV Convert Tool... - c:\program files\MP3 Player Utilities 3.79\AMVConverter\grab.html
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 3.79\MediaManager\grab.html
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\9id2a3ig.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\9id2a3ig.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampPlayer.dll
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\9id2a3ig.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll
FF - component: c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\9id2a3ig.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-22 09:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
.
**************************************************************************
.
Completion time: 2009-08-22 9:51 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-22 07:51
ComboFix2.txt 2009-08-21 20:47
ComboFix3.txt 2009-08-21 19:36

Pre-Run: 6 281 048 064 octets libres
Post-Run: 6 241 230 848 octets libres

231 --- E O F --- 2008-12-12 21:19

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2675
Windows 5.1.2600 Service Pack 2

22/08/2009 11:01:21
mbam-log-2009-08-22 (11-01-21).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 159864
Temps écoulé: 1 hour(s), 4 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 4
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 16

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\ForceClassicControlPanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Qoobox\Quarantine\C\WINDOWS\cru629.dat.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\cru629.dat.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wisdstr.exe.vir (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\_scui.cpl.vir (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\beep.sys.vir (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP103\A0017038.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP103\A0017047.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0019151.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0019158.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0019159.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0020152.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0020158.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0020159.sys (Trojan.KillAV) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0020193.cpl (Rogue.HomeAntiVirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0020195.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dllcache\beep.sys (Trojan.KillAV) -> Quarantined and deleted successfully.

antivir a trouvé de nombreux virus mais ne peux pas les supprimer. j'ai eu des alertes entre les scan d'antimalware et anitivir mais plus après le scan d'antivir (pour l'instant du moins).


Avira AntiVir Personal
Date de création du fichier de rapport : samedi 22 août 2009 11:50

La recherche porte sur 1651917 souches de virus.

Détenteur de la licence :Avira AntiVir Personal - FREE Antivirus
Numéro de série : 0000149996-ADJIE-0000001
Plateforme : Windows XP
Version de Windows :(Service Pack 2) [5.1.2600]
Mode Boot : Démarré normalement
Identifiant : SYSTEM
Nom de l'ordinateur :PC

Informations de version :
BUILD.DAT : 8.2.0.61 17752 Bytes 25/05/2009 13:47:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00
AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16
LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:29:38
ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 08:20:48
ANTIVIR2.VDF : 7.1.5.146 3087360 Bytes 21/08/2009 09:34:54
ANTIVIR3.VDF : 7.1.5.149 9728 Bytes 21/08/2009 14:51:20
Version du moteur: 8.2.1.3
AEVDF.DLL : 8.1.1.1 106868 Bytes 30/04/2009 13:33:10
AESCRIPT.DLL : 8.1.2.25 459130 Bytes 12/08/2009 13:26:48
AESCN.DLL : 8.1.2.4 127348 Bytes 22/07/2009 15:43:44
AERDL.DLL : 8.1.2.4 430452 Bytes 14/07/2009 16:08:26
AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 16:10:34
AEOFFICE.DLL : 8.1.0.38 196987 Bytes 17/06/2009 13:32:46
AEHEUR.DLL : 8.1.0.155 1921400 Bytes 18/08/2009 13:02:16
AEHELP.DLL : 8.1.6.0 233846 Bytes 18/08/2009 13:02:16
AEGEN.DLL : 8.1.1.57 356725 Bytes 18/08/2009 13:02:16
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 09:49:36
AECORE.DLL : 8.1.7.6 184694 Bytes 22/07/2009 15:43:42
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 09:49:34
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58
AVREP.DLL : 8.0.0.3 155688 Bytes 20/04/2009 16:10:37
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16
RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43

Configuration pour la recherche actuelle :
Nom de la tâche..................: Contrôle intégral du système
Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp
Documentation....................: bas
Action principale................: interactif
Action secondaire................: ignorer
Recherche sur les secteurs d'amorçage maître: marche
Recherche sur les secteurs d'amorçage: marche
Secteurs d'amorçage..............: C:,
Recherche dans les programmes actifs: marche
Recherche en cours sur l'enregistrement: marche
Recherche de Rootkits............: marche
Fichier mode de recherche........: Tous les fichiers
Recherche sur les archives.......: marche
Limiter la profondeur de récursivité: 20
Archive Smart Extensions.........: marche
Heuristique de macrovirus........: marche
Heuristique fichier..............: moyen
Catégories de dangers divergentes: +APPL,+GAME,+JOKE,+PCK,+SPR,

Début de la recherche : samedi 22 août 2009 11:50

La recherche d'objets cachés commence.
'60054' objets ont été contrôlés, '0' objets cachés ont été trouvés.

La recherche sur les processus démarrés commence :
Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
Processus de recherche 'emule.exe' - '1' module(s) sont contrôlés
Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés
Processus de recherche 'ServiceLayer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wscntfy.exe' - '1' module(s) sont contrôlés
Processus de recherche 'wdfmgr.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'BrMfcMon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'mdm.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jqs.exe' - '1' module(s) sont contrôlés
Processus de recherche 'BrccMCtl.exe' - '1' module(s) sont contrôlés
Processus de recherche 'LaunchApplication.exe' - '1' module(s) sont contrôlés
Processus de recherche 'jusched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'BrMfcWnd.exe' - '1' module(s) sont contrôlés
Processus de recherche 'pptd40nt.exe' - '1' module(s) sont contrôlés
Processus de recherche 'soundman.exe' - '1' module(s) sont contrôlés
Processus de recherche 'realsched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'issch.exe' - '1' module(s) sont contrôlés
Processus de recherche 'qttask.exe' - '1' module(s) sont contrôlés
Processus de recherche 'igfxpers.exe' - '1' module(s) sont contrôlés
Processus de recherche 'hkcmd.exe' - '1' module(s) sont contrôlés
Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
'36' processus ont été contrôlés avec '36' modules

La recherche sur les secteurs d'amorçage maître commence :
Secteur d'amorçage maître HD0
[INFO] Aucun virus trouvé !

La recherche sur les secteurs d'amorçage commence :
Secteur d'amorçage 'C:\'
[INFO] Aucun virus trouvé !

La recherche sur les renvois aux fichiers exécutables (registre) commence.
Le registre a été contrôlé ( '59' fichiers).


La recherche sur les fichiers sélectionnés commence :

Recherche débutant dans 'C:\' <Windows XP>
C:\pagefile.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\Bibitte\psexec.cfexe
[0] Type d'archive: RSRC
--> Object
[RESULTAT] Contient le modèle de détection de l'application APPL/PsExec.E
[REMARQUE] Fichier supprimé.
C:\Qoobox\Quarantine\[4]-Submit_2009-08-21_22.30.54.zip
[0] Type d'archive: ZIP
--> ikowin32.exe
[RESULTAT] Contient le modèle de détection du programme backdoor (dangereux) BDS/Zdoogu.FC
--> msword98.exe
[RESULTAT] Contient le cheval de Troie TR/Dldr.Mutant.efk
--> msword98.exe.1
[RESULTAT] Contient le cheval de Troie TR/Dldr.Mutant.efk
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4aecd439.qua' !
C:\Qoobox\Quarantine\C\Documents and Settings\Administrateur\msword98.exe.vir
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Fichier supprimé.
C:\Qoobox\Quarantine\C\Program Files\Fichiers communs\hikiwusux.exe.vir
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4afad47e.qua' !
C:\Qoobox\Quarantine\C\WINDOWS\system32\msword98.exe.vir
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b06d48c.qua' !
C:\Qoobox\Quarantine\C\WINDOWS\system32\ojokebafir.exe.vir
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4afed485.qua' !
C:\Qoobox\Quarantine\C\WINDOWS\system32\_wisdstr_.exe.zip
[0] Type d'archive: ZIP
--> wisdstr.exe
[RESULTAT] Contient le cheval de Troie TR/Dldr.FraudLo.sxm
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4af8d495.qua' !
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\pavboot.sys.vir
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b05d482.qua' !
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\RKL39.tmp.sys.vir
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4adbd46f.qua' !
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\tmcomm.sys.vir
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4af2d493.qua' !
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0020187.sys
[RESULTAT] Contient le modèle de détection du programme SPR/Tool.Cutwail.L.8
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4abfd48c.qua' !
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0020215.sys
[RESULTAT] Contient le modèle de détection du programme SPR/Tool.Cutwail.L.8
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4abfd48f.qua' !
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0020304.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4abfd496.qua' !
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0020306.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b2d036f.qua' !
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0020310.sys
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4abfd497.qua' !
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0020311.sys
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4abfd498.qua' !
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0020312.sys
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b2d0361.qua' !
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0020313.sys
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4abfd49a.qua' !
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0020314.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4abfd499.qua' !
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0020315.exe
[RESULTAT] Contient le cheval de Troie TR/Trash.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4b2d0362.qua' !
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP105\A0020692.sys
[RESULTAT] Contient le cheval de Troie TR/Rootkit.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4abfd4ac.qua' !
C:\System Volume Information\_restore{27100DC1-09CC-4598-8A96-C79CDF234E62}\RP81\A0013400.exe
[RESULTAT] Contient le modèle de détection du programme de jeu GAME/Casino.Gen
[REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4abfd4b1.qua' !
C:\WINDOWS\system32\drivers\atapi.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !
C:\WINDOWS\system32\drivers\sptd.sys
[AVERTISSEMENT] Impossible d'ouvrir le fichier !


Fin de la recherche : samedi 22 août 2009 13:41
Temps nécessaire: 1:50:48 Heure(s)

La recherche a été effectuée intégralement

6405 Les répertoires ont été contrôlés
310018 Des fichiers ont été contrôlés
24 Des virus ou programmes indésirables ont été trouvés
0 Des fichiers ont été classés comme suspects
2 Des fichiers ont été supprimés
0 Des virus ou programmes indésirables ont été réparés
20 Les fichiers ont été déplacés dans la quarantaine
0 Les fichiers ont été renommés
3 Impossible de contrôler des fichiers
309991 Fichiers non infectés
3581 Les archives ont été contrôlées
3 Avertissements
22 Consignes
60054 Des objets ont été contrôlés lors du Rootkitscan
0 Des objets cachés ont été trouvés

Bonjour,

C'est parfait, tous les fichiers détectés se trouvent en zone de quarantaine ; ils ne sont donc pas actifs.
L'infection est à présent éradiquée.


Suppression des outils utilisés

1) Télécharge ToolsCleaner2 de A.Rothstein et enregistre-le sur ton bureau.


2) Double-clique sur ToolsCleaner2.exe pour lancer l'outil.

- Clique sur le bouton Recherche.
- Une fois la recherche terminée, clique sur le bouton Suppression.

- Copie/colle le rapport et poste-le dans ta prochaine réponse.

Tu peux ensuite supprimer ToolsCleaner.


Sécurisation du système

1) Ta version d'Adobe Reader n'est pas à jour. Des failles de sécurité peuvent permettre l'infection de ton ordinateur. Plus d'informations.

- Désinstalle ta version actuelle.
- Télécharge et installe Adobe Reader 9.1.3.


2) Java n'est également pas à jour. Télécharge JavaRa et suis les instructions de ce tutorial.
Poste le rapport obtenu.


3) Internet Explorer n'est pas à jour, il contient des failles de sécurités qui peuvent via des exploits sur des sites WEB conduire à l'infection.

Télécharge et installe Internet Explorer 8.


4) Windows n'est également pas à jour et, par conséquent, comporte lui-aussi des failles de sécurité.

Télécharge et installe le Service Pack 3.


Suppression des points de restauration système infectés

Certains malwares détectés se trouvent dans les points de restauration système. Ils ne sont pas actifs.

Il te suffit d'effacer le contenu de la restauration système :

- Cliquer droit sur "Poste de travail" puis choisir "Propriétés".
- Sélectionner l'onglet "Restauration du système".
- Cocher "Désactiver la Restauration du système sur tous les lecteurs" ou "Désactiver la Restauration du système" puis appliquer.

- Un message informera la suppression de tous les points de restauration existants.
- Confirmer par "Oui".
- Réactiver ensuite la restauration du système en décochant "Désactiver la Restauration du système".
- Appliquer puis valider par "OK".




Comment se comporte le système ?


Cordialement.

j'ai fait les dernières manipulations, tout fonctionne correctement je n'ai plus d'alertes. Merci beaucoup pour votre aide.
Est-ce que vous pouvez me conseiller des logiciels gratuits évitant d'avoir autant de virus svp ? Merci d'avance

Bonsoir,

L'infection a été éradiquée. Il n'existe aucun produit fiable à 100% pour se premunir contre les logiciels malveillants.
En revanche, un comportement adéquat se révèle efficace :


Je te conseille également la lecture de ce document.

Si tu désires mieux connaître le domaine de la sécurité informatique, je ne peux que t'encourager à visiter le site de Malekal_Morte.


Cordialement.