analyse log hijackthis trojan horse + fenetre internet.....

Sécurité et insécurité. Virus, Trojans, Spywares, Failles etc. …

Modérateur: Modérateurs et Modératrices

Règles du forum
Assiste.com a suspendu l'assistance à la décontamination après presque 15 ans sur l'ancien forum puis celui-ci. Voir :

Procédure de décontamination 1 - Anti-malware
Décontamination anti-malwares

Procédure de décontamination 2 - Anti-malware et antivirus (La Manip)
La Manip - Procédure standard de décontamination

Entretien périodique d'un PC sous Windows
Entretien périodique d'un PC sous Windows

Protection des navigateurs, de la navigation et de la vie privée
Protéger le navigateur, la navigation et la vie privée

analyse log hijackthis trojan horse + fenetre internet.....

Messagede ILPROCB » 08 Oct 2009, 17:47

Bonjour,

Pourriez vous me dire , s'il vous plait ,comment eliminer un trojan horse ds c:\winxp\system32\clusapii.dll avec winxp pro pack1, norton antivirus + quelques fenetres internet intempestives (titre windows explorer avec un malware)
ci joint mon rapport hijack
merci de votre aide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:01:39, on 08/10/2009
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
F:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
H:\Bertrand\Antivirus\aawservice.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINXP\System32\RUNDLL32.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
F:\Program Files\SonyTray.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINXP\System32\nvsvc32.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\WINXP\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://portail.free.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B81C9A69-B1C2-4D82-9EAE-6D296FA50EA0} - C:\WINXP\System32\certcl.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINXP\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINXP\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINXP\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SmcService] F:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [RegistrySmart] H:\Bertrand\Antivirus\RegistrySmart.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINXP\PCHEALTH\HELPCTR\Binaries\msconfig.exe /auto
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINXP\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINXP\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINXP\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINXP\web\related.htm
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9722642281
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9806219734
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - H:\Bertrand\Antivirus\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: GhostStartService - NOS Microsystems Ltd. - (no file)
O23 - Service: Service Google Update (gupdate1c9be7531b64650) (gupdate1c9be7531b64650) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINXP\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - F:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9419 bytes
ILPROCB
 
Messages: 10
Inscription: 08 Oct 2009, 17:41

Messagede nickW » 08 Oct 2009, 20:19

Bonsoir,


HijackThis est insuffisant pour les nuisibles actuels.


Peux-tu suivre les instructions de ce sujet et envoyer les trois rapports demandés?


A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede ILPROCB » 09 Oct 2009, 17:37

Bonjour voici le extras



OTL Extras logfile created on: 09/10/2009 18:32:10 - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Admin\Bureau
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 71,11% Memory free
3,86 Gb Paging File | 3,43 Gb Available in Paging File | 88,74% Paging File free
Paging file location(s): E:\pagefile.sys 2059 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 3,92 Gb Free Space | 26,73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 5,86 Gb Total Space | 3,82 Gb Free Space | 65,14% Space Free | Partition Type: NTFS
Drive F: | 19,53 Gb Total Space | 8,54 Gb Free Space | 43,71% Space Free | Partition Type: NTFS
Drive G: | 58,59 Gb Total Space | 58,53 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
Drive H: | 58,59 Gb Total Space | 37,02 Gb Free Space | 63,18% Space Free | Partition Type: NTFS
Drive I: | 75,65 Gb Total Space | 75,58 Gb Free Space | 99,91% Space Free | Partition Type: NTFS

Computer Name: FMI-PLH974V8Y3B
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINXP\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINXP\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "F:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05AE605F-3146-46ED-BC52-0A14EBF57962}" = Windows Live Toolbar
"{109D28C7-FB38-483A-9C91-001CB59E2699}" = EPSON CardMonitor
"{1526D87C-A955-4FAB-BF18-697BA457E352}" = Norton WMI Update
"{1B4AA674-F5CA-4BB5-831A-CD37B4021959}" = ImageMixer for Sony
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{350C940c-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43C3D832-AC96-463A-2003-1B8D1BFA2523}" = Norton SystemWorks 2003
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = PhotoImpression 5
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76A17C28-A6F7-4670-A09E-14CDAA66D964}" = ASUS nVidia Driver
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BD0A2D8-4EA0-43C6-BDF8-DDA87B8031C6}" = PIF DESIGNER2.1
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{88E26CEC-3784-40C9-8BFD-2DA7E6CC551A}" = RegistrySmart
"{9011040C-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1036-7B44-A70500000002}" = Adobe Reader 7.0.5 - Français
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BABAEBE4-9FFB-4B5D-9453-64FF11517CA2}" = Tom Clancy's Splinter Cell Chaos Theory
"{C48817E7-AA05-4151-A99D-1E1E550CE801}" = EPSON PhotoStarter3.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F34D9A5F-484A-4E31-A9D3-908CB265B289}" = Sygate Personal Firewall
"{F6326B60-1B1D-4ABF-BFCD-7B7404F44411}" = Windows Live Messenger
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"CCleaner" = CCleaner (remove only)
"CloneDVD2" = CloneDVD2
"DVD Decrypter" = DVD Decrypter (Remove Only)
"eMule" = eMule
"EPSON Printer and Utilities" = EPSON Logiciel imprimante
"EPSON Scanner" = EPSON Scan
"ESPRX420 Guide de réf." = ESPRX420 Guide de réf.
"ESPRX420 Guide des logiciels" = ESPRX420 Guide des logiciels
"GF38_Immersive_Stadium" = GF38
"HijackThis" = HijackThis 2.0.2
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 2.77 Full
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 1.80 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoFiltre" = PhotoFiltre
"sswim" = Favorit
"SuperCopier2" = SuperCopier2
"Trojan Remover_is1" = Trojan Remover 6.8.1
"VLC media player" = VideoLAN VLC media player 0.8.5
"Windows Live Toolbar" = Windows Live Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 07/10/2009 17:24:03 | Computer Name = FMI-PLH974V8Y3B | Source = Google Update | ID = 20
Description =

Error - 08/10/2009 10:52:35 | Computer Name = FMI-PLH974V8Y3B | Source = EventSystem | ID = 4609
Description = Le système d'événements de COM+ a détecté un code de renvoi erroné
lors de son traitement interne. Le HRESULT est 8007043C à partir de la ligne 44
de d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp. Contactez les services
du Support Technique Microsoft pour signaler cette erreu

Error - 08/10/2009 10:52:35 | Computer Name = FMI-PLH974V8Y3B | Source = VSS | ID = 8193
Description = Erreur du service de cliché instantané des volumes : erreur lors de
l'appel de la routine CoCreateInstance. hr = 0x80040206.

Error - 08/10/2009 11:36:41 | Computer Name = FMI-PLH974V8Y3B | Source = Application Error | ID = 1000
Description = Application défaillante iexplore.exe, version 6.0.2800.1106, module
défaillant mshtml.dll, version 6.0.2800.1561, adresse de défaillance 0x00175a6a.

Error - 08/10/2009 11:41:22 | Computer Name = FMI-PLH974V8Y3B | Source = Application Hang | ID = 1002
Description = Application bloquée IEXPLORE.EXE, version 6.0.2800.1106, module bloqué
hungapp, version 0.0.0.0, adresse de blocage 0x00000000.

Error - 08/10/2009 12:24:01 | Computer Name = FMI-PLH974V8Y3B | Source = Google Update | ID = 20
Description =

Error - 08/10/2009 13:24:00 | Computer Name = FMI-PLH974V8Y3B | Source = Google Update | ID = 20
Description =

Error - 08/10/2009 14:24:00 | Computer Name = FMI-PLH974V8Y3B | Source = Google Update | ID = 20
Description =

Error - 09/10/2009 06:15:46 | Computer Name = FMI-PLH974V8Y3B | Source = Application Error | ID = 1000
Description = Application défaillante services.exe, version 5.1.2600.0, module défaillant
rpcrt4.dll, version 5.1.2600.1361, adresse de défaillance 0x00001841.

Error - 09/10/2009 12:24:04 | Computer Name = FMI-PLH974V8Y3B | Source = Google Update | ID = 20
Description =


<End>
ILPROCB
 
Messages: 10
Inscription: 08 Oct 2009, 17:41

Messagede ILPROCB » 09 Oct 2009, 17:38

voici le OTL


OTL logfile created on: 09/10/2009 18:32:10 - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Admin\Bureau
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 71,11% Memory free
3,86 Gb Paging File | 3,43 Gb Available in Paging File | 88,74% Paging File free
Paging file location(s): E:\pagefile.sys 2059 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 3,92 Gb Free Space | 26,73% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 5,86 Gb Total Space | 3,82 Gb Free Space | 65,14% Space Free | Partition Type: NTFS
Drive F: | 19,53 Gb Total Space | 8,54 Gb Free Space | 43,71% Space Free | Partition Type: NTFS
Drive G: | 58,59 Gb Total Space | 58,53 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
Drive H: | 58,59 Gb Total Space | 37,02 Gb Free Space | 63,18% Space Free | Partition Type: NTFS
Drive I: | 75,65 Gb Total Space | 75,58 Gb Free Space | 99,91% Space Free | Partition Type: NTFS

Computer Name: FMI-PLH974V8Y3B
Current User Name: Admin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- F:\Program Files\Sygate\SPF\smc.exe
PRC - [2002/08/22 12:26:20 | 00,313,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
PRC - [2008/12/21 00:36:02 | 00,611,664 | ---- | M] (Lavasoft) -- H:\Bertrand\Antivirus\aawservice.exe
PRC - [2002/08/29 11:45:10 | 01,008,128 | ---- | M] (Microsoft Corporation) -- C:\WINXP\Explorer.EXE
PRC - [2006/07/20 07:04:38 | 00,847,872 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/07/13 08:12:26 | 00,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
PRC - [2007/03/14 03:43:44 | 00,083,608 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
PRC - [2002/08/22 12:26:14 | 00,050,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
PRC - [2007/01/19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
PRC - [2006/04/03 18:04:02 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2006/07/13 16:59:32 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2007/03/22 04:50:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINXP\System32\nvsvc32.exe
PRC - [2006/07/13 16:59:48 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/04/03 18:04:02 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
PRC - [2002/08/29 11:45:16 | 00,203,776 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\wbem\wmiprvse.exe
PRC - [2002/11/19 14:09:48 | 00,116,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
PRC - [2006/08/31 20:33:02 | 00,115,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
PRC - [2002/08/29 11:45:10 | 00,091,136 | -HS- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/09 18:10:27 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Bureau\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/12/21 00:36:02 | 00,611,664 | ---- | M] (Lavasoft) -- H:\Bertrand\Antivirus\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2002/08/22 12:26:20 | 00,313,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2002/08/22 12:26:38 | 00,063,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2006/04/03 18:04:02 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface [Auto | Running])
SRV - [2009/07/14 14:36:00 | 00,066,056 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper [On_Demand | Stopped])
SRV - File not found -- -- (GhostStartService [Auto | Stopped])
SRV - [2009/04/16 11:24:37 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9be7531b64650 [Auto | Stopped])
SRV - [2002/08/29 11:44:56 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - File not found -- -- (Microsoft Agent [Auto | Stopped])
SRV - [2002/11/19 14:09:48 | 00,116,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe -- (navapsvc [On_Demand | Running])
SRV - [2006/07/13 16:59:48 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])
SRV - [2006/07/13 16:59:32 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running])
SRV - [2007/03/22 04:50:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINXP\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2001/08/13 23:18:36 | 00,054,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe -- (SBService [Auto | Stopped])
SRV - [2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- F:\Program Files\Sygate\SPF\smc.exe -- (SmcService [Auto | Running])
SRV - [2004/11/02 16:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Stopped])
SRV - [2002/08/29 11:44:56 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Running])
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2001/08/24 14:00:00 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\mspmspsv.dll -- (WmdmPmSp [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/07/25 09:24:58 | 00,247,296 | R--- | M] (Analog Devices, Inc.) -- C:\WINXP\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2006/04/27 00:42:40 | 00,093,824 | R--- | M] (Andrea Electronics Corporation) -- C:\WINXP\System32\drivers\AEAudio.sys -- (AEAudio [On_Demand | Running])
DRV - [2002/08/14 15:03:36 | 00,017,005 | ---- | M] (Adaptec) -- C:\WINXP\System32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
DRV - [2004/01/27 21:13:45 | 00,009,728 | ---- | M] (Elaborate Bytes AG) -- C:\WINXP\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
DRV - [2004/01/27 21:13:45 | 00,003,840 | ---- | M] (Elaborate Bytes) -- C:\WINXP\System32\Drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
DRV - [2001/08/24 14:00:00 | 00,023,424 | ---- | M] (Ahead Software AG) -- C:\WINXP\system32\drivers\fqglbdtu.sys -- (fqglbdtu [Boot | Running])
DRV - [2004/10/27 15:21:36 | 00,138,240 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINXP\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/08/13 20:56:20 | 00,005,810 | R--- | M] () -- C:\WINXP\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2009/08/26 10:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20091007.002\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/08/26 10:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20091007.002\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2007/03/22 04:50:00 | 06,704,736 | ---- | M] (NVIDIA Corporation) -- C:\WINXP\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/08/14 08:51:28 | 00,105,344 | R--- | M] (NVIDIA Corporation) -- C:\WINXP\System32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2006/07/11 15:38:28 | 00,057,856 | R--- | M] (NVIDIA Corporation) -- C:\WINXP\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2006/07/11 15:38:30 | 00,020,480 | R--- | M] (NVIDIA Corporation) -- C:\WINXP\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2001/08/24 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINXP\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/01/27 16:47:50 | 00,235,744 | ---- | M] (Symantec Corporation) -- C:\WINXP\System32\Drivers\SAVRT.SYS -- (SAVRT [On_Demand | Running])
DRV - [2004/01/27 16:47:52 | 00,035,552 | ---- | M] (Symantec Corporation) -- C:\WINXP\System32\Drivers\SAVRTPEL.SYS -- (SAVRTPEL [Auto | Running])
DRV - [2007/08/27 14:04:35 | 00,011,973 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINXP\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2006/03/17 12:18:58 | 00,392,960 | R--- | M] (Sensaura) -- C:\WINXP\System32\drivers\Senfilt.sys -- (SenFiltService [On_Demand | Running])
DRV - [2005/05/17 14:48:21 | 00,050,176 | ---- | M] (Protection Technology) -- C:\WINXP\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2005/05/16 15:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINXP\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2005/05/16 15:23:38 | 00,019,968 | ---- | M] (Protection Technology) -- C:\WINXP\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2005/06/27 09:14:35 | 00,066,560 | ---- | M] (Protection Technology) -- C:\WINXP\System32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
DRV - [2002/10/15 23:41:06 | 00,102,220 | ---- | M] (Sony Corporation) -- C:\WINXP\System32\DRIVERS\sonypvs1.sys -- (sonypvs1 [On_Demand | Stopped])
DRV - [2001/08/17 22:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINXP\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2002/08/15 19:59:58 | 00,073,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2002/08/15 17:45:36 | 00,015,640 | ---- | M] (Symantec Corporation) -- C:\WINXP\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2002/08/15 17:45:42 | 00,181,400 | ---- | M] (Symantec Corporation) -- C:\WINXP\System32\Drivers\SYMTDI.SYS -- (SYMTDI [Auto | Running])
DRV - [2004/10/15 18:17:02 | 00,060,496 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINXP\SYSTEM32\Drivers\Teefer.sys -- (Teefer [Boot | Running])
DRV - [2002/08/29 02:32:32 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004/10/15 18:32:38 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINXP\SYSTEM32\Drivers\wg3n.sys -- (wg3n [Auto | Running])
DRV - [2004/10/15 18:32:40 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINXP\SYSTEM32\Drivers\wg4n.sys -- (wg4n [Auto | Running])
DRV - [2004/10/15 18:32:42 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINXP\SYSTEM32\Drivers\wg5n.sys -- (wg5n [Auto | Running])
DRV - [2004/10/15 18:32:44 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINXP\SYSTEM32\Drivers\wg6n.sys -- (wg6n [Auto | Running])
DRV - [2004/10/15 18:18:46 | 00,021,075 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINXP\System32\drivers\wpsdrvnt.sys -- (wpsdrvnt [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1644491937-2139871995-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-1644491937-2139871995-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-1644491937-2139871995-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-21-1644491937-2139871995-839522115-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://portail.free.fr/
IE - HKU\S-1-5-21-1644491937-2139871995-839522115-1005\S-1-5-21-1644491937-2139871995-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1644491937-2139871995-839522115-1005\S-1-5-21-1644491937-2139871995-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local



O1 HOSTS File: (790 bytes) - C:\WINXP\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {B81C9A69-B1C2-4D82-9EAE-6D296FA50EA0} - C:\WINXP\System32\certcl.dll ()
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1644491937-2139871995-839522115-1005\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1644491937-2139871995-839522115-1005\..\Toolbar\ShellBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1644491937-2139871995-839522115-1005\..\Toolbar\ShellBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\S-1-5-21-1644491937-2139871995-839522115-1005\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1644491937-2139871995-839522115-1005\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe (Symantec Corporation)
O4 - HKLM..\Run: [EPSON Stylus Photo RX420 Series] C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe File not found
O4 - HKLM..\Run: [MSConfig] C:\WINXP\PCHEALTH\HELPCTR\Binaries\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINXP\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINXP\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINXP\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINXP\System32\nwiz.exe ()
O4 - HKLM..\Run: [RegistrySmart] H:\Bertrand\Antivirus\RegistrySmart.exe File not found
O4 - HKLM..\Run: [SmcService] F:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1644491937-2139871995-839522115-1005..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-2139871995-839522115-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: E&xporter vers Microsoft Excel - F:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINXP\bdoscandel.exe ()
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINXP\web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINXP\web\related.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINXP\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINXP\System32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/Shar ... vSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 9722642281 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 9806219734 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Fichiers communs\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINXP\System32\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\Explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\Bertrand\Antivirus\SASSEH.DLL File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/29 16:21:30 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINXP\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINXP\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/09 18:12:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/06 19:28:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/10/06 19:29:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/09 18:12:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2009/10/06 19:28:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Simply Super Software
[2009/09/29 21:15:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Temp
[2009/10/09 18:12:43 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/08 18:01:16 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/27 11:16:29 | 00,000,000 | ---D | C] -- C:\Program Files\TS
[2009/10/09 18:12:45 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbamswissarmy.sys
[2009/10/09 18:12:43 | 00,018,520 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys
[2009/10/09 18:10:52 | 04,045,528 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Bureau\mbam-setup.exe
[2009/10/09 18:10:25 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Bureau\OTL.exe
[2009/10/08 18:00:35 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Admin\Bureau\HJTInstall.exe
[2009/10/06 19:29:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Mes documents\Simply Super Software
[2009/10/06 19:29:04 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\ztvcabinet.dll
[2009/10/01 22:26:28 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/10/01 12:16:20 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\mucltui.dll
[2009/10/01 12:16:20 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\mucltui.dll.mui
[2009/09/14 16:19:18 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Mes documents\Eiffel 65 - Europop

========== Files - Modified Within 30 Days ==========

[1 C:\WINXP\System32\*.tmp files]
[10 C:\WINXP\*.tmp files]
[2009/10/09 18:31:33 | 00,000,272 | ---- | M] () -- C:\WINXP\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
[2009/10/09 18:24:04 | 00,001,054 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/09 18:13:32 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/10/09 18:11:02 | 04,045,528 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Admin\Bureau\mbam-setup.exe
[2009/10/09 18:10:27 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Bureau\OTL.exe
[2009/10/09 18:04:58 | 00,000,568 | ---- | M] () -- C:\WINXP\win.ini
[2009/10/09 18:04:58 | 00,000,227 | ---- | M] () -- C:\WINXP\system.ini
[2009/10/09 18:04:58 | 00,000,190 | -HS- | M] () -- C:\boot.ini
[2009/10/09 18:04:53 | 00,000,412 | ---- | M] () -- C:\WINXP\tasks\Symantec NetDetect.job
[2009/10/09 18:04:27 | 00,001,050 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/09 18:04:23 | 00,000,006 | -H-- | M] () -- C:\WINXP\tasks\SA.DAT
[2009/10/09 18:04:12 | 00,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2009/10/09 12:19:53 | 00,000,116 | ---- | M] () -- C:\WINXP\NeroDigital.ini
[2009/10/08 18:58:48 | 00,138,240 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/08 18:01:17 | 00,001,741 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\HijackThis.lnk
[2009/10/08 18:00:36 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Admin\Bureau\HJTInstall.exe
[2009/10/08 17:26:29 | 00,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2009/10/07 22:17:03 | 00,003,486 | ---- | M] () -- C:\WINXP\System32\tmp.reg
[2009/10/06 21:40:55 | 00,038,584 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/06 19:29:07 | 00,000,679 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Trojan Remover.lnk
[2009/10/02 22:07:18 | 00,000,518 | ---- | M] () -- C:\WINXP\tasks\Norton AntiVirus - Analyser mon ordinateur.job
[2009/10/02 12:16:20 | 00,162,728 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT
[2009/10/01 12:28:00 | 00,001,839 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2009/09/30 23:36:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/09/30 23:36:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/09/30 18:51:28 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/09/30 18:51:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/09/30 17:11:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/09/30 17:11:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/09/30 13:20:32 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/09/30 13:20:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/09/30 08:49:39 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/09/30 08:49:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/09/29 23:46:36 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/09/29 23:46:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/09/29 16:13:37 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/09/29 16:13:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/09/29 09:01:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/09/29 09:01:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/09/28 22:51:34 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/09/28 22:51:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/09/28 20:42:50 | 00,016,384 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\cordage_070708.xls
[2009/09/28 19:01:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/09/28 19:01:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/09/28 17:54:10 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/09/28 17:54:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/09/28 16:48:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/09/28 16:48:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/09/26 12:34:30 | 00,000,443 | ---- | M] () -- C:\Documents and Settings\Admin\Bureau\ACCIDENT_MOTO.lnk
[2009/09/25 17:30:01 | 00,000,280 | ---- | M] () -- C:\WINXP\tasks\Norton SystemWorks One Button Checkup.job
[2009/09/15 19:19:01 | 00,000,581 | ---- | M] () -- C:\Documents and Settings\Admin\Mes documents\Mes dossiers de partage.lnk
[2009/09/13 20:31:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/09/13 20:31:37 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:48 | 00,018,520 | ---- | M] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys

========== Files - No Company Name ==========
[2009/10/09 18:12:47 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/10/08 18:01:17 | 00,001,741 | ---- | C] () -- C:\Documents and Settings\Admin\Bureau\HijackThis.lnk
[2009/10/06 19:29:07 | 00,000,679 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Trojan Remover.lnk
[2009/10/06 19:29:04 | 00,162,304 | ---- | C] () -- C:\WINXP\System32\ztvunrar36.dll
[2009/10/06 19:29:04 | 00,153,088 | ---- | C] () -- C:\WINXP\System32\UNRAR3.dll
[2009/10/06 19:29:04 | 00,077,312 | ---- | C] () -- C:\WINXP\System32\ztvunace26.dll
[2009/10/06 19:29:04 | 00,075,264 | ---- | C] () -- C:\WINXP\System32\unacev2.dll
[2009/10/01 12:28:00 | 00,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2009/09/29 21:10:23 | 00,001,054 | ---- | C] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/29 21:10:23 | 00,001,050 | ---- | C] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job
[2009/06/26 15:19:39 | 00,409,081 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\sswim_nav.dat.vir
[2009/06/26 15:19:39 | 00,279,040 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\sswim.old
[2009/06/26 15:19:39 | 00,004,080 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\sswim.dat.vir
[2009/06/26 15:19:39 | 00,002,173 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\sswim_navps.dat.vir
[2009/05/27 23:12:00 | 00,123,904 | ---- | C] () -- C:\WINXP\System32\certcl.dll
[2008/12/12 18:13:39 | 00,000,809 | ---- | C] () -- C:\WINXP\wininit.ini
[2008/12/12 18:12:38 | 02,608,752 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\install.txt
[2008/11/18 20:02:17 | 00,108,800 | ---- | C] () -- C:\WINXP\System32\clusapii.dll
[2008/03/18 19:44:12 | 13,413,048 | ---- | C] () -- C:\Program Files\Google_Earth_BZXD.exe
[2008/01/31 14:56:42 | 00,690,136 | ---- | C] () -- C:\Program Files\installer-44484-33-TvAnts-French.exe
[2008/01/14 21:50:56 | 00,000,029 | ---- | C] () -- C:\WINXP\DEBUGSM.INI
[2007/12/04 23:48:12 | 00,003,654 | ---- | C] () -- C:\WINXP\System32\drivers\Sonyhcp.dll
[2007/11/16 23:04:16 | 00,038,584 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/11/16 22:54:51 | 00,138,240 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/14 21:16:54 | 00,000,233 | ---- | C] () -- C:\WINXP\QTW.INI
[2007/11/11 01:12:26 | 07,128,490 | -H-- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\IconCache.db
[2007/11/10 14:07:04 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Admin\Application Data\desktop.ini
[2007/07/12 23:20:34 | 00,096,768 | ---- | C] () -- C:\WINXP\SlantAdj.dll
[2007/07/12 23:20:34 | 00,000,072 | ---- | C] () -- C:\WINXP\System32\epDPE.ini
[2007/07/12 23:20:14 | 00,000,022 | ---- | C] () -- C:\WINXP\System32\PICSDK.ini
[2007/07/12 23:18:49 | 00,000,025 | ---- | C] () -- C:\WINXP\CDE RX420FG.ini
[2007/07/03 22:46:23 | 00,000,116 | ---- | C] () -- C:\WINXP\NeroDigital.ini
[2007/06/29 17:23:55 | 00,000,379 | ---- | C] () -- C:\WINXP\ODBC.INI
[2007/06/29 17:17:37 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/06/29 17:15:44 | 03,596,288 | ---- | C] () -- C:\WINXP\System32\qt-dx331.dll
[2007/06/29 17:15:44 | 00,856,064 | ---- | C] () -- C:\WINXP\System32\xvidcore.dll
[2007/06/29 17:15:44 | 00,593,938 | ---- | C] () -- C:\WINXP\System32\x264vfw.dll
[2007/06/29 17:15:44 | 00,217,088 | ---- | C] () -- C:\WINXP\System32\xvidvfw.dll
[2007/06/29 17:15:43 | 00,005,120 | ---- | C] () -- C:\WINXP\System32\ff_vfw.dll
[2007/06/29 17:15:43 | 00,000,547 | ---- | C] () -- C:\WINXP\System32\ff_vfw.dll.manifest
[2007/06/29 16:53:57 | 00,354,816 | ---- | C] () -- C:\WINXP\System32\psisdecd.dll
[2007/06/29 16:35:09 | 00,000,804 | R--- | C] () -- C:\WINXP\System32\AsusSetup.ini
[2007/06/29 16:35:09 | 00,000,276 | R--- | C] () -- C:\WINXP\System32\raidmgmt.ini
[2007/06/29 16:33:40 | 00,018,706 | ---- | C] () -- C:\WINXP\Ascd_log.ini
[2007/06/29 16:31:04 | 00,018,462 | ---- | C] () -- C:\WINXP\Ascd_tmp.ini
[2007/06/29 16:31:03 | 00,005,810 | R--- | C] () -- C:\WINXP\System32\drivers\ASACPI.sys
[2007/06/29 16:30:58 | 00,010,288 | ---- | C] () -- C:\WINXP\System32\drivers\ASUSHWIO.SYS
[2007/03/22 04:50:00 | 01,662,976 | ---- | C] () -- C:\WINXP\System32\nvwdmcpl.dll
[2007/03/22 04:50:00 | 01,470,464 | ---- | C] () -- C:\WINXP\System32\nview.dll
[2007/03/22 04:50:00 | 01,019,904 | ---- | C] () -- C:\WINXP\System32\nvwimg.dll
[2007/03/22 04:50:00 | 00,466,944 | ---- | C] () -- C:\WINXP\System32\nvshell.dll
[2007/03/22 04:50:00 | 00,286,720 | ---- | C] () -- C:\WINXP\System32\nvnt4cpl.dll
[2005/03/14 15:38:28 | 00,000,469 | ---- | C] () -- C:\WINXP\bdoscandellang.ini
[2004/10/15 18:31:56 | 00,218,264 | ---- | C] () -- C:\WINXP\System32\SetAid.dll
[2003/04/01 10:58:02 | 00,005,260 | ---- | C] () -- C:\WINXP\System32\OUTLPERF.INI
[2001/08/24 14:00:00 | 00,000,568 | ---- | C] () -- C:\WINXP\win.ini
[2001/08/24 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINXP\system.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
<End>
ILPROCB
 
Messages: 10
Inscription: 08 Oct 2009, 17:41

Messagede nickW » 10 Oct 2009, 00:53

Bonsoir,


Pas de rapport de MBAM? :shock:


%System%\clusapi.dll est normalement une DLL (bibliothèque) légitime.


Quelles sont les propriétés du fichier présent sur ton PC: C:\WINXP\System32\clusapii.dll (clic droit sur le fichier):
*- Taille
*- Date de création
*- Date de modification
*- Entreprise
*- Langue
*- Nom du fichier d'origine
*- Version du fichier
*- Version du produit

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede ILPROCB » 11 Oct 2009, 20:56

Bonsoir,

merci beaucoup pour le temps que vous passez à tenter de m'aider


voici le mbam et les caracteristiques du clusapii.dll


Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2929
Windows 5.1.2600 Service Pack 1

09/10/2009 18:30:34
mbam-log-2009-10-09 (18-30-29).txt

Type de recherche: Examen rapide
Eléments examinés: 109748
Temps écoulé: 11 minute(s), 47 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINXP\system32\certcl.dll (Trojan.Agent) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b81c9a69-b1c2-4d82-9eae-6d296fa50ea0} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{b81c9a69-b1c2-4d82-9eae-6d296fa50ea0} (Trojan.BHO.H) -> No action taken.
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\a1dc0fc00707a5a47b1b8c47064e8e01 (Rogue.RegistrySmart) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\a1dc0fc00707a5a47b1b8c47064e8e01 (Rogue.RegistrySmart) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\58fa5318502c61e40bb21991aecb25e5 (Rogue.RegistrySmart) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61bef09e2d118194e96583c90b1516ac (Rogue.RegistrySmart) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7e5ead8fa251c5a45a24533a7762dc9e (Rogue.RegistrySmart) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9de13aa5855d8404b8e108518d8a827b (Rogue.RegistrySmart) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\bc59f3451579e1940a4c1d66df324d81 (Rogue.RegistrySmart) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\d3fbc9a707fa89d43a63227c7e3b0b6d (Rogue.RegistrySmart) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\OOO (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RegistrySmart (Rogue.RegistrySmart) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\Admin\Application Data\RegistrySmart (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Admin\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Admin\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> No action taken.
C:\WINXP\system32\AppCert (Trojan.Downloader) -> No action taken.

Fichier(s) infecté(s):
C:\WINXP\system32\certcl.dll (Trojan.BHO.H) -> No action taken.
C:\Documents and Settings\Admin\Application Data\RegistrySmart\Registry Backups\2008-12-12_16-55-32.reg (Rogue.RegistrySmart) -> No action taken.
C:\Documents and Settings\Admin\Application Data\RegistrySmart\Registry Backups\2008-12-12_20-05-06.reg (Rogue.RegistrySmart) -> No action taken.
C:\Program Files\TS\tsc.exe (Rogue.TotalSecurity) -> No action taken.




POur ce qui concerne le clusapii.dll comme vous me l'avez demandé :

type de fichier : Extension de l'application
S'ouvre avec : Application inconnue
emplacement : C:\WINXP\system32
taille :106 Ko (108 800 octets)
taille sur le disque : 108 Ko (110 592 octets)
mardi 18 novembre 2008, 20:02:17
mercredi 27 mai 2009, 19:42:01

merci
ILPROCB
 
Messages: 10
Inscription: 08 Oct 2009, 17:41

Messagede nickW » 12 Oct 2009, 00:21

Bonsoir,


1/ Dans les propriétés du fichier C:\WINXP\System32\clusapii.dll (clic droit sur le fichier), peux-tu cliquer sur l'onglet Version (en haut) et copier le contenu des éléments ci-dessous:
*- Entreprise
*- Langue
*- Nom du fichier d'origine
*- Version du fichier
*- Version du produit



2/ MBAM a découvert pas mal de nuisibles qu'il faut nettoyer:


Note: Ces manips doivent être effectuées en ayant ouvert une session avec les "droits Administrateur" (ne pas utiliser le profil utilisateur nommé "Administrateur" visible en mode sans échec).
Sous Windows XP, pour vérifier si un compte a les droits "Administrateur":
Démarrer---->Paramètres---->Panneau de configuration---->Comptes d'utilisateurs
A côté de l'icône représentant certains comptes (hormis celui nommé "Administrateur"), il est indiqué "Administrateur de l'ordinateur"
C'est l'un de ces comptes qu'il faudra utiliser.




Étape 1: Désinstallation
Démarrer-->Paramètres-->Panneau de Configuration-->Ajout/Suppression de programmes
Rechercher et désinstaller (si trouvé) RegistrySmart


Étape 2: Pas de processus de contrôle en temps réel
Désactiver le module résident de l'antivirus et celui de l'antispyware.
Image Norton Antivirus: clic droit sur l'icône dans la SysBarre (à coté de l'horloge), choisir "Désactiver Auto-Protect"


Étape 3: Malwarebytes' Anti-Malware, nettoyage
Fermer toutes les fenêtres de programme ouvertes.
Lancer Malwarebytes' Anti-Malware via le Menu Démarrer.
Dans l'onglet Paramètres, vérifier que toutes les cases sont cochées sauf "Créer une option dans le menu contextuel pour analyser des fichiers (clic droit)".
Dans l'onglet Mise à jour, cliquer sur le bouton Recherche de mise à jour et installer toutes les mises à jour trouvées.
Dans l'onglet Recherche, cocher le bouton radio situé devant "Exécuter un examen rapide" puis cliquer sur le bouton Rechercher.
Attendre sans rien faire d'autre la fin de la recherche; dans la fenêtre annonçant la fin de l'analyse, cliquer sur OK; puis cliquer sur le bouton "Afficher les résultats".

Si des éléments nuisibles ont été détectés, cliquer sur le bouton "Supprimer la sélection"
Attendre patiemment sans rien faire d'autre la fin du nettoyage.
Un redémarrage est parfois nécessaire. Accepter.
Une fenêtre du Bloc-notes s'ouvre pour afficher le rapport. Fermer le Bloc-notes.
Cliquer sur le bouton "Quitter" pour fermer Malwarebytes' Anti-Malware.


Étape 4: Processus de contrôle en temps réel
Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.


Étape 5: OTL (de OldTimer), analyse
Fermer toutes les fenêtres de programme ouvertes.

Faire un double clic sur OTL.exe pour lancer l'outil.

L'écran principal de OTL s'affiche:
Image

Cocher (en haut) la case située devant Scan All Users:
Image

Puis cliquer sur le bouton Run Scan:
Image

Laisser l'outil travailler sans l'interrompre.
Lorsque l'outil a terminé, il y a ouverture d'une fenêtre du Bloc-notes contenant un rapport (log).
Fermer le Bloc-notes.
Fermer la fenêtre de OTL.


Étape 6: Résultats
Envoyer en réponse:
*- le log de Malwarebytes' Anti-Malware (contenu du fichier mbam-log-*-**-**** (**-**-**).txt situé dans le dossier SystemDrive\Documents and Settings\<tonprofil>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs / *-**-**** (**-**-**) représente la date [mois-jour-année] et l'heure [hh-mn-ss])
[SystemDrive représente la partition sur laquelle est installé le système, généralement C:]

Envoyer ensuite en réponse dans un message distinct (à cause de la longueur du log):
*- le rapport principal de OTL (contenu du fichier OTL.Txt situé sur le Bureau).
Le rapport envoyé sur le forum doit se terminer par une ligne contenant <End>. Si ce n'est pas le cas, il est incomplet, et doit alors être découpé en plusieurs messages.

Note importante: Pour l'envoi de ta(tes) réponse(s), il ne faut pas créer un nouveau sujet, mais cliquer sur le bouton "Répondre"
Image pour continuer dans ce fil de discussion.

A suivre,
nickW - Image
30/07/2012: Plus de désinfection de PC jusqu'à nouvel ordre.
Pas de demande d'analyse de log en MP (Message Privé)
Mes configs
Avatar de l’utilisateur
nickW
Modérateur
 
Messages: 21698
Inscription: 20 Mai 2004, 17:41
Localisation: Dordogne/Île de France

Messagede ILPROCB » 12 Oct 2009, 21:11

bonsoir,


Cette c:\winxp\system32\clusapii.dll ne possède qu'un seul onglet "général" , dés que je mets le pointeur de la souris dessus Norton me signale que c'est un trojan horse et ne le supprime pas ,effectivement la dll "normal" clusapi.dll suite clique droit, 3 onglets apparaissent , general, version ,resumé mais la pas la clusapii.Dll que je ne peux ni supprimer ,ni mettre en quarantaine
ce qui est pénible c'est que Norton me le signale mais ne le supprime pas .Il faudrait que je puisse demarrer en mode dos mais il ne le propose pas en mode sans echec

je fais suivre les differentes logs
encore merci pour votre aide
ILPROCB
 
Messages: 10
Inscription: 08 Oct 2009, 17:41

Messagede ILPROCB » 12 Oct 2009, 21:13

la log OTL

OTL logfile created on: 12/10/2009 18:07:55 - Run 2
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Admin\Bureau
Windows XP Professional Edition Service Pack 1 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 0000040C | Country: France | Language: FRA | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,48 Gb Available Physical Memory | 74,27% Memory free
3,86 Gb Paging File | 3,46 Gb Available in Paging File | 89,47% Paging File free
Paging file location(s): E:\pagefile.sys 2059 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINXP | %ProgramFiles% = C:\Program Files
Drive C: | 14,65 Gb Total Space | 3,95 Gb Free Space | 26,99% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 5,86 Gb Total Space | 3,82 Gb Free Space | 65,14% Space Free | Partition Type: NTFS
Drive F: | 19,53 Gb Total Space | 8,54 Gb Free Space | 43,72% Space Free | Partition Type: NTFS
Drive G: | 58,59 Gb Total Space | 58,53 Gb Free Space | 99,89% Space Free | Partition Type: NTFS
Drive H: | 58,59 Gb Total Space | 37,02 Gb Free Space | 63,18% Space Free | Partition Type: NTFS
Drive I: | 75,65 Gb Total Space | 75,58 Gb Free Space | 99,91% Space Free | Partition Type: NTFS

Computer Name: FMI-PLH974V8Y3B
Current User Name: Bertrand
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- F:\Program Files\Sygate\SPF\smc.exe
PRC - [2002/08/22 12:26:20 | 00,313,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
PRC - [2008/12/21 00:36:02 | 00,611,664 | ---- | M] (Lavasoft) -- H:\Bertrand\Antivirus\aawservice.exe
PRC - [2002/08/29 11:45:10 | 01,008,128 | ---- | M] (Microsoft Corporation) -- C:\WINXP\Explorer.EXE
PRC - [2006/07/20 07:04:38 | 00,847,872 | R--- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2006/07/13 08:12:26 | 00,729,088 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
PRC - [2007/03/14 03:43:44 | 00,083,608 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
PRC - [2004/04/09 05:00:00 | 00,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
PRC - [2004/11/10 11:57:02 | 00,218,240 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
PRC - [2002/08/22 12:26:14 | 00,050,872 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
PRC - [2007/01/19 12:55:02 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\msnmsgr.exe
PRC - [2006/04/03 18:04:02 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
PRC - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2006/07/13 16:59:32 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
PRC - [2007/03/22 04:50:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINXP\System32\nvsvc32.exe
PRC - [2006/07/13 16:59:48 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/04/03 18:04:02 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
PRC - [2002/11/19 14:09:48 | 00,116,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
PRC - [2002/08/29 11:45:16 | 00,203,776 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\wbem\wmiprvse.exe
PRC - [2007/05/31 13:37:40 | 12,310,368 | ---- | M] (Microsoft Corporation) -- F:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
PRC - [2009/10/09 18:10:27 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Bureau\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/12/21 00:36:02 | 00,611,664 | ---- | M] (Lavasoft) -- H:\Bertrand\Antivirus\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2002/08/22 12:26:20 | 00,313,024 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr [Auto | Running])
SRV - [2002/08/22 12:26:38 | 00,063,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc [On_Demand | Stopped])
SRV - [2006/04/03 18:04:02 | 00,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface [Auto | Running])
SRV - [2009/07/14 14:36:00 | 00,066,056 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper [On_Demand | Stopped])
SRV - File not found -- -- (GhostStartService [Auto | Stopped])
SRV - [2009/04/16 11:24:37 | 00,133,104 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate1c9be7531b64650 [Auto | Stopped])
SRV - [2002/08/29 11:44:56 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/04/04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - File not found -- -- (Microsoft Agent [Auto | Stopped])
SRV - [2002/11/19 14:09:48 | 00,116,320 | ---- | M] (Symantec Corporation) -- C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe -- (navapsvc [On_Demand | Running])
SRV - [2006/07/13 16:59:48 | 00,131,131 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp [Auto | Running])
SRV - [2006/07/13 16:59:32 | 00,065,599 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog [Auto | Running])
SRV - [2007/03/22 04:50:00 | 00,163,908 | ---- | M] (NVIDIA Corporation) -- C:\WINXP\System32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2003/07/28 20:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2001/08/13 23:18:36 | 00,054,408 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\Script Blocking\SBServ.exe -- (SBService [Auto | Stopped])
SRV - [2004/10/15 19:40:56 | 02,577,632 | ---- | M] (Sygate Technologies, Inc.) -- F:\Program Files\Sygate\SPF\smc.exe -- (SmcService [Auto | Running])
SRV - [2004/11/02 16:59:50 | 00,316,544 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe -- (SymWSC [Auto | Stopped])
SRV - [2002/08/29 11:44:56 | 00,029,696 | ---- | M] (Microsoft Corporation) -- C:\WINXP\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (uploadmgr [Auto | Running])
SRV - [2007/01/19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2001/08/24 14:00:00 | 00,047,104 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\mspmspsv.dll -- (WmdmPmSp [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2006/07/25 09:24:58 | 00,247,296 | R--- | M] (Analog Devices, Inc.) -- C:\WINXP\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService [On_Demand | Running])
DRV - [2006/04/27 00:42:40 | 00,093,824 | R--- | M] (Andrea Electronics Corporation) -- C:\WINXP\System32\drivers\AEAudio.sys -- (AEAudio [On_Demand | Running])
DRV - [2002/08/14 15:03:36 | 00,017,005 | ---- | M] (Adaptec) -- C:\WINXP\System32\drivers\ASPI32.SYS -- (Aspi32 [Auto | Running])
DRV - [2004/01/27 21:13:45 | 00,009,728 | ---- | M] (Elaborate Bytes AG) -- C:\WINXP\System32\Drivers\ElbyCDIO.sys -- (ElbyCDIO [Auto | Running])
DRV - [2004/01/27 21:13:45 | 00,003,840 | ---- | M] (Elaborate Bytes) -- C:\WINXP\System32\Drivers\ElbyDelay.sys -- (ElbyDelay [On_Demand | Running])
DRV - [2001/08/24 14:00:00 | 00,023,424 | ---- | M] (Ahead Software AG) -- C:\WINXP\system32\drivers\fqglbdtu.sys -- (fqglbdtu [Boot | Running])
DRV - [2004/10/27 15:21:36 | 00,138,240 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINXP\System32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004/08/13 20:56:20 | 00,005,810 | R--- | M] () -- C:\WINXP\System32\DRIVERS\ASACPI.sys -- (MTsensor [On_Demand | Running])
DRV - [2009/08/26 10:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20091007.002\NAVENG.SYS -- (NAVENG [On_Demand | Running])
DRV - [2009/08/26 10:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) -- C:\Program Files\Fichiers communs\Symantec Shared\VirusDefs\20091007.002\NAVEX15.SYS -- (NAVEX15 [On_Demand | Running])
DRV - [2007/03/22 04:50:00 | 06,704,736 | ---- | M] (NVIDIA Corporation) -- C:\WINXP\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/08/14 08:51:28 | 00,105,344 | R--- | M] (NVIDIA Corporation) -- C:\WINXP\System32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2006/07/11 15:38:28 | 00,057,856 | R--- | M] (NVIDIA Corporation) -- C:\WINXP\System32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2006/07/11 15:38:30 | 00,020,480 | R--- | M] (NVIDIA Corporation) -- C:\WINXP\System32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2001/08/24 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINXP\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/01/27 16:47:50 | 00,235,744 | ---- | M] (Symantec Corporation) -- C:\WINXP\System32\Drivers\SAVRT.SYS -- (SAVRT [On_Demand | Running])
DRV - [2004/01/27 16:47:52 | 00,035,552 | ---- | M] (Symantec Corporation) -- C:\WINXP\System32\Drivers\SAVRTPEL.SYS -- (SAVRTPEL [Auto | Running])
DRV - [2007/08/27 14:04:35 | 00,011,973 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINXP\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2006/03/17 12:18:58 | 00,392,960 | R--- | M] (Sensaura) -- C:\WINXP\System32\drivers\Senfilt.sys -- (SenFiltService [On_Demand | Running])
DRV - [2005/05/17 14:48:21 | 00,050,176 | ---- | M] (Protection Technology) -- C:\WINXP\System32\drivers\sfdrv01.sys -- (sfdrv01 [Boot | Running])
DRV - [2005/05/16 15:20:39 | 00,006,656 | ---- | M] (Protection Technology) -- C:\WINXP\System32\drivers\sfhlp02.sys -- (sfhlp02 [Boot | Running])
DRV - [2005/05/16 15:23:38 | 00,019,968 | ---- | M] (Protection Technology) -- C:\WINXP\System32\drivers\sfsync02.sys -- (sfsync02 [Boot | Running])
DRV - [2005/06/27 09:14:35 | 00,066,560 | ---- | M] (Protection Technology) -- C:\WINXP\System32\drivers\sfvfs02.sys -- (sfvfs02 [Boot | Running])
DRV - [2002/10/15 23:41:06 | 00,102,220 | ---- | M] (Sony Corporation) -- C:\WINXP\System32\DRIVERS\sonypvs1.sys -- (sonypvs1 [On_Demand | Stopped])
DRV - [2001/08/17 22:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINXP\System32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2002/08/15 19:59:58 | 00,073,224 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent [On_Demand | Running])
DRV - [2002/08/15 17:45:36 | 00,015,640 | ---- | M] (Symantec Corporation) -- C:\WINXP\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV [On_Demand | Running])
DRV - [2002/08/15 17:45:42 | 00,181,400 | ---- | M] (Symantec Corporation) -- C:\WINXP\System32\Drivers\SYMTDI.SYS -- (SYMTDI [Auto | Running])
DRV - [2004/10/15 18:17:02 | 00,060,496 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINXP\SYSTEM32\Drivers\Teefer.sys -- (Teefer [Boot | Running])
DRV - [2002/08/29 02:32:32 | 00,056,832 | ---- | M] (Microsoft Corporation) -- C:\WINXP\System32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2004/10/15 18:32:38 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINXP\SYSTEM32\Drivers\wg3n.sys -- (wg3n [Auto | Running])
DRV - [2004/10/15 18:32:40 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINXP\SYSTEM32\Drivers\wg4n.sys -- (wg4n [Auto | Running])
DRV - [2004/10/15 18:32:42 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINXP\SYSTEM32\Drivers\wg5n.sys -- (wg5n [Auto | Running])
DRV - [2004/10/15 18:32:44 | 00,014,568 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINXP\SYSTEM32\Drivers\wg6n.sys -- (wg6n [Auto | Running])
DRV - [2004/10/15 18:18:46 | 00,021,075 | ---- | M] (Sygate Technologies, Inc.) -- C:\WINXP\System32\drivers\wpsdrvnt.sys -- (wpsdrvnt [System | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1644491937-2139871995-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINXP\System32\blank.htm
IE - HKU\S-1-5-21-1644491937-2139871995-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE - HKU\S-1-5-21-1644491937-2139871995-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.free.fr/
IE - HKU\S-1-5-21-1644491937-2139871995-839522115-1004\S-1-5-21-1644491937-2139871995-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: (790 bytes) - C:\WINXP\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {B81C9A69-B1C2-4D82-9EAE-6D296FA50EA0} - C:\WINXP\System32\certcl.dll File not found
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1644491937-2139871995-839522115-1004\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1644491937-2139871995-839522115-1004\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ccRegVfy] C:\Program Files\Fichiers communs\Symantec Shared\ccRegVfy.exe (Symantec Corporation)
O4 - HKLM..\Run: [EPSON Stylus Photo RX420 Series] C:\WINXP\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe File not found
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINXP\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINXP\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINXP\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINXP\System32\nwiz.exe ()
O4 - HKLM..\Run: [SmcService] F:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe (Symantec Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrojanScanner] H:\Bertrand\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKU\.DEFAULT..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)
O4 - HKU\S-1-5-18..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-1644491937-2139871995-839522115-1004..\Run: [msnmsgr] C:\Program Files\MSN Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1644491937-2139871995-839522115-1004..\Run: [SUPERAntiSpyware] H:\Bertrand\Antivirus\SUPERAntiSpyware.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk = F:\Program Files\SonyTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk = F:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1644491937-2139871995-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINXP\bdoscandel.exe ()
O9 - Extra Button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINXP\web\related.htm ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINXP\web\related.htm ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINXP\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINXP\System32\rsvpsp.dll (Microsoft Corporation)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/Shar ... vSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 9722642281 (WUWebControl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/Shar ... /cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 9806219734 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.27.40.241 212.27.40.240
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Fichiers communs\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINXP\System32\msdxm.ocx (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINXP\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Ma page d'accueil) - About:Home
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - H:\Bertrand\Antivirus\SASSEH.DLL File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/06/29 16:21:30 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINXP\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINXP\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/10/09 18:12:44 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/10/06 19:28:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Simply Super Software
[2009/10/06 19:29:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/10/12 17:50:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bertrand\Application Data\Adobe
[2009/10/12 17:55:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bertrand\Application Data\Malwarebytes
[2009/10/12 17:49:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bertrand\Application Data\Symantec
[2009/10/12 17:54:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Bertrand\Local Settings\Application Data\Identities
[2009/10/09 18:12:43 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/10/08 18:01:16 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/09/27 11:16:29 | 00,000,000 | ---D | C] -- C:\Program Files\TS
[2009/10/09 18:12:45 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbamswissarmy.sys
[2009/10/09 18:12:43 | 00,018,520 | ---- | C] (Malwarebytes Corporation) -- C:\WINXP\System32\drivers\mbam.sys
[2009/10/06 19:29:04 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\ztvcabinet.dll
[2009/10/01 12:16:20 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\mucltui.dll
[2009/10/01 12:16:20 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINXP\System32\mucltui.dll.mui

========== Files - Modified Within 30 Days ==========

[1 C:\WINXP\System32\*.tmp files]
[10 C:\WINXP\*.tmp files]
[2009/10/12 18:04:53 | 00,000,412 | ---- | M] () -- C:\WINXP\tasks\Symantec NetDetect.job
[2009/10/12 18:04:49 | 00,000,568 | ---- | M] () -- C:\WINXP\win.ini
[2009/10/12 18:04:49 | 00,000,227 | ---- | M] () -- C:\WINXP\system.ini
[2009/10/12 18:04:49 | 00,000,190 | -HS- | M] () -- C:\boot.ini
[2009/10/12 18:04:39 | 00,001,050 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job
[2009/10/12 18:04:37 | 00,000,006 | -H-- | M] () -- C:\WINXP\tasks\SA.DAT
[2009/10/12 18:04:26 | 00,002,048 | --S- | M] () -- C:\WINXP\bootstat.dat
[2009/10/12 18:03:30 | 01,580,282 | -H-- | M] () -- C:\Documents and Settings\Bertrand\Local Settings\Application Data\IconCache.db
[2009/10/12 18:03:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/10/12 18:03:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/10/12 17:45:47 | 00,038,584 | ---- | M] () -- C:\Documents and Settings\Bertrand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/12 17:38:46 | 00,000,272 | ---- | M] () -- C:\WINXP\tasks\Vérifier les mises à jour de Windows Live Toolbar.job
[2009/10/12 17:21:29 | 00,000,116 | ---- | M] () -- C:\WINXP\NeroDigital.ini
[2009/10/12 12:23:27 | 00,001,054 | ---- | M] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job
[2009/10/09 20:11:50 | 00,000,518 | ---- | M] () -- C:\WINXP\tasks\Norton AntiVirus - Analyser mon ordinateur.job
[2009/10/09 18:13:32 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/10/08 17:26:29 | 00,002,206 | ---- | M] () -- C:\WINXP\System32\wpa.dbl
[2009/10/07 22:17:03 | 00,003,486 | ---- | M] () -- C:\WINXP\System32\tmp.reg
[2009/10/06 19:29:07 | 00,000,679 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Trojan Remover.lnk
[2009/10/02 12:16:20 | 00,162,728 | ---- | M] () -- C:\WINXP\System32\FNTCACHE.DAT
[2009/10/01 12:28:00 | 00,001,839 | ---- | M] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2009/09/30 23:36:30 | 00,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/09/30 23:36:30 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/09/30 18:51:28 | 00,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/09/30 18:51:28 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/09/30 17:11:14 | 00,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/09/30 17:11:14 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/09/30 13:20:32 | 00,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/09/30 13:20:32 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/09/30 08:49:39 | 00,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/09/30 08:49:39 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/09/29 23:46:36 | 00,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/09/29 23:46:36 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/09/29 16:13:37 | 00,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/09/29 16:13:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/09/29 09:01:08 | 00,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/09/29 09:01:08 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/09/28 22:51:34 | 00,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/09/28 22:51:34 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/09/28 19:01:31 | 00,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/09/28 19:01:31 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/09/28 17:54:10 | 00,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/09/28 17:54:10 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/09/28 16:48:52 | 00,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/09/28 16:48:52 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/09/25 17:30:01 | 00,000,280 | ---- | M] () -- C:\WINXP\tasks\Norton SystemWorks One Button Checkup.job
[2009/09/13 20:31:37 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/09/13 20:31:37 | 00,000,232 | -H-- | M] () -- C:\sqmdata03.sqm

========== Files - No Company Name ==========
[2009/10/12 18:04:48 | 00,000,317 | ---- | C] () -- C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Image Transfer.lnk
[2009/10/12 17:45:47 | 00,038,584 | ---- | C] () -- C:\Documents and Settings\Bertrand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/09 18:12:47 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Malwarebytes' Anti-Malware.lnk
[2009/10/06 19:29:07 | 00,000,679 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Trojan Remover.lnk
[2009/10/06 19:29:04 | 00,162,304 | ---- | C] () -- C:\WINXP\System32\ztvunrar36.dll
[2009/10/06 19:29:04 | 00,153,088 | ---- | C] () -- C:\WINXP\System32\UNRAR3.dll
[2009/10/06 19:29:04 | 00,077,312 | ---- | C] () -- C:\WINXP\System32\ztvunace26.dll
[2009/10/06 19:29:04 | 00,075,264 | ---- | C] () -- C:\WINXP\System32\unacev2.dll
[2009/10/01 12:28:00 | 00,001,839 | ---- | C] () -- C:\Documents and Settings\All Users\Bureau\Google Earth.lnk
[2009/09/29 21:10:23 | 00,001,054 | ---- | C] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineUA.job
[2009/09/29 21:10:23 | 00,001,050 | ---- | C] () -- C:\WINXP\tasks\GoogleUpdateTaskMachineCore.job
[2008/12/12 18:13:39 | 00,000,809 | ---- | C] () -- C:\WINXP\wininit.ini
[2008/11/18 20:02:17 | 00,108,800 | ---- | C] () -- C:\WINXP\System32\clusapii.dll
[2008/03/18 19:44:12 | 13,413,048 | ---- | C] () -- C:\Program Files\Google_Earth_BZXD.exe
[2008/01/31 14:56:42 | 00,690,136 | ---- | C] () -- C:\Program Files\installer-44484-33-TvAnts-French.exe
[2008/01/14 21:50:56 | 00,000,029 | ---- | C] () -- C:\WINXP\DEBUGSM.INI
[2007/12/04 23:48:12 | 00,003,654 | ---- | C] () -- C:\WINXP\System32\drivers\Sonyhcp.dll
[2007/11/14 21:16:54 | 00,000,233 | ---- | C] () -- C:\WINXP\QTW.INI
[2007/11/10 16:50:23 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Bertrand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/07 18:40:42 | 01,580,282 | -H-- | C] () -- C:\Documents and Settings\Bertrand\Local Settings\Application Data\IconCache.db
[2007/11/07 18:31:35 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Bertrand\Application Data\desktop.ini
[2007/07/12 23:20:34 | 00,096,768 | ---- | C] () -- C:\WINXP\SlantAdj.dll
[2007/07/12 23:20:34 | 00,000,072 | ---- | C] () -- C:\WINXP\System32\epDPE.ini
[2007/07/12 23:20:14 | 00,000,022 | ---- | C] () -- C:\WINXP\System32\PICSDK.ini
[2007/07/12 23:18:49 | 00,000,025 | ---- | C] () -- C:\WINXP\CDE RX420FG.ini
[2007/07/03 22:46:23 | 00,000,116 | ---- | C] () -- C:\WINXP\NeroDigital.ini
[2007/06/29 17:23:55 | 00,000,379 | ---- | C] () -- C:\WINXP\ODBC.INI
[2007/06/29 17:17:37 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini
[2007/06/29 17:15:44 | 03,596,288 | ---- | C] () -- C:\WINXP\System32\qt-dx331.dll
[2007/06/29 17:15:44 | 00,856,064 | ---- | C] () -- C:\WINXP\System32\xvidcore.dll
[2007/06/29 17:15:44 | 00,593,938 | ---- | C] () -- C:\WINXP\System32\x264vfw.dll
[2007/06/29 17:15:44 | 00,217,088 | ---- | C] () -- C:\WINXP\System32\xvidvfw.dll
[2007/06/29 17:15:43 | 00,005,120 | ---- | C] () -- C:\WINXP\System32\ff_vfw.dll
[2007/06/29 17:15:43 | 00,000,547 | ---- | C] () -- C:\WINXP\System32\ff_vfw.dll.manifest
[2007/06/29 16:53:57 | 00,354,816 | ---- | C] () -- C:\WINXP\System32\psisdecd.dll
[2007/06/29 16:35:09 | 00,000,804 | R--- | C] () -- C:\WINXP\System32\AsusSetup.ini
[2007/06/29 16:35:09 | 00,000,276 | R--- | C] () -- C:\WINXP\System32\raidmgmt.ini
[2007/06/29 16:33:40 | 00,018,706 | ---- | C] () -- C:\WINXP\Ascd_log.ini
[2007/06/29 16:31:04 | 00,018,462 | ---- | C] () -- C:\WINXP\Ascd_tmp.ini
[2007/06/29 16:31:03 | 00,005,810 | R--- | C] () -- C:\WINXP\System32\drivers\ASACPI.sys
[2007/06/29 16:30:58 | 00,010,288 | ---- | C] () -- C:\WINXP\System32\drivers\ASUSHWIO.SYS
[2007/03/22 04:50:00 | 01,662,976 | ---- | C] () -- C:\WINXP\System32\nvwdmcpl.dll
[2007/03/22 04:50:00 | 01,470,464 | ---- | C] () -- C:\WINXP\System32\nview.dll
[2007/03/22 04:50:00 | 01,019,904 | ---- | C] () -- C:\WINXP\System32\nvwimg.dll
[2007/03/22 04:50:00 | 00,466,944 | ---- | C] () -- C:\WINXP\System32\nvshell.dll
[2007/03/22 04:50:00 | 00,286,720 | ---- | C] () -- C:\WINXP\System32\nvnt4cpl.dll
[2005/03/14 15:38:28 | 00,000,469 | ---- | C] () -- C:\WINXP\bdoscandellang.ini
[2004/10/15 18:31:56 | 00,218,264 | ---- | C] () -- C:\WINXP\System32\SetAid.dll
[2003/04/01 10:58:02 | 00,005,260 | ---- | C] () -- C:\WINXP\System32\OUTLPERF.INI
[2001/08/24 14:00:00 | 00,000,568 | ---- | C] () -- C:\WINXP\win.ini
[2001/08/24 14:00:00 | 00,000,227 | ---- | C] () -- C:\WINXP\system.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
<End>
ILPROCB
 
Messages: 10
Inscription: 08 Oct 2009, 17:41

Messagede ILPROCB » 12 Oct 2009, 21:14

la MBAM


Malwarebytes' Anti-Malware 1.41
Version de la base de données: 2929
Windows 5.1.2600 Service Pack 1

12/10/2009 18:02:20
mbam-log-2009-10-12 (18-02-20).txt

Type de recherche: Examen rapide
Eléments examinés: 110165
Temps écoulé: 3 minute(s), 30 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 11
Valeur(s) du Registre infectée(s): 5
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 4
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINXP\system32\certcl.dll (Trojan.Agent) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b81c9a69-b1c2-4d82-9eae-6d296fa50ea0} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{b81c9a69-b1c2-4d82-9eae-6d296fa50ea0} (Trojan.BHO.H) -> Delete on reboot.
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\a1dc0fc00707a5a47b1b8c47064e8e01 (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\a1dc0fc00707a5a47b1b8c47064e8e01 (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\58fa5318502c61e40bb21991aecb25e5 (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61bef09e2d118194e96583c90b1516ac (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7e5ead8fa251c5a45a24533a7762dc9e (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9de13aa5855d8404b8e108518d8a827b (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\bc59f3451579e1940a4c1d66df324d81 (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\d3fbc9a707fa89d43a63227c7e3b0b6d (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\OOO (Rogue.LivePlayer) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\Admin\Application Data\RegistrySmart (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\RegistrySmart\Log (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\RegistrySmart\Registry Backups (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\WINXP\system32\AppCert (Trojan.Downloader) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINXP\system32\certcl.dll (Trojan.BHO.H) -> Delete on reboot.
C:\Documents and Settings\Admin\Application Data\RegistrySmart\Registry Backups\2008-12-12_16-55-32.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Documents and Settings\Admin\Application Data\RegistrySmart\Registry Backups\2008-12-12_20-05-06.reg (Rogue.RegistrySmart) -> Quarantined and deleted successfully.
C:\Program Files\TS\tsc.exe (Rogue.TotalSecurity) -> Quarantined and deleted successfully.
ILPROCB
 
Messages: 10
Inscription: 08 Oct 2009, 17:41

Suivante

Retourner vers Sécurité (Contamination - Décontamination)

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 28 invités