Pub, antivirus, chargement de pages inconnu

[Résolu/Fermé]
Signaler
Messages postés
21
Date d'inscription
mardi 10 février 2009
Statut
Membre
Dernière intervention
16 juin 2009
-
Messages postés
21
Date d'inscription
mardi 10 février 2009
Statut
Membre
Dernière intervention
16 juin 2009
-
Bonjour,

Depuis quelque jour mon PC commence à déconner de tout les cotés. Voici une liste de tout mes problèmes:
-Certaine pages sont longues à charger
-Ouverture de Pub dans une nouvelle fenêtre nommés: "Advertissement"
-Lors de certain click je me retrouve soit sur une page non demandé soit sur la page d'acceuille Google.
-Tout mes antivirus/spy ne veulent se mettre à jour.

J'ai fait un scan Ad aware+ Antivir en mod sans echec et cela n'a pas changé.

Voici le rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:34 PM, on 2/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Thomson multimedia\USB Audio System\cs580.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ThomsonUSBAudioSystemRemote] "C:\Program Files\Thomson multimedia\USB Audio System\cs580.exe"
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [RealtekAC] C:\WINDOWS\system32\RealtekAC.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.22\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D34AE66-F94C-4E65-A160-72944BB146AC}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FFDF581-2960-4547-9B01-F4E63A66A892}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{68DE324A-5AFD-4074-84AC-D2ACDF80CD4D}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{80842673-D1B4-45C1-BE39-312B15CCD48F}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{88DED9FC-D174-4FEE-BFB4-EBFD337DA283}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{A30A3130-A03D-4CB1-B31C-E8708D55A4FF}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBB9B419-0B5F-4BB0-A40E-076EFE9F0403}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{C55349B4-EDEE-45E3-B14B-CE5B3B2FD93A}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCEE7C38-914F-44CF-945D-1F63C1A77506}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9FAA2C8-D95F-4B34-96D5-DC36FF266917}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF66980A-813E-41A5-BA83-E7FCD6690289}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF9AF06A-A9BD-4CDF-A1A7-E6F19E13B918}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D34AE66-F94C-4E65-A160-72944BB146AC}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{0D34AE66-F94C-4E65-A160-72944BB146AC}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FanSpeedNT Service - Unknown owner - J:\Fichiers\Overclock\Fanspeed\fanspeedNT.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

28 réponses

Messages postés
21
Date d'inscription
mardi 10 février 2009
Statut
Membre
Dernière intervention
16 juin 2009

Bon j'ai fait le Fix mais ça n'a pas changé, toujours impossible de mettre à jour.
Messages postés
85925
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
30 octobre 2019
10 203
- Fais un scan en ligne ici https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr (Avec Internet Explorer).

- En bas à droite, clique sur Démarrer Online-scanner.

- Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte.

- Accepte les Contrôles ActiveX.

- Choisis Poste de travail pour le scan.

- Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport.

- Pour t'aider à utiliser le scan en ligne : Lien

Note : Si tu reçois le message La licence de Kaspersky On-line Scanner est périmée, va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
Messages postés
21
Date d'inscription
mardi 10 février 2009
Statut
Membre
Dernière intervention
16 juin 2009

Décidément, a chaque fois que je click sur Internet explorer, celui-ci m'annonce qu'il a rencontré un problème... je sens que je vais formater.
Messages postés
85925
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
30 octobre 2019
10 203
On va sortir le bazooka.

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
Messages postés
21
Date d'inscription
mardi 10 février 2009
Statut
Membre
Dernière intervention
16 juin 2009

ComboFix 09-02-10.01 - JEREMY 2009-02-10 21:23:08.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1584 [GMT 1:00]
Running from: c:\documents and settings\JEREMY\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)
.
[color=purple]The following files were disabled during the run:[/color]
c:\program files\SuperCopier2\SC2Hook.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JEREMY\Application Data\.#
c:\documents and settings\JEREMY\Local Settings\Temporary Internet Files\pujorij.db
c:\program files\INSTALL.LOG
c:\windows\jestertb.dll
c:\windows\system32\drivers\gaopdxmxdqeoay.sys
c:\windows\system32\drivers\gaopdxobrqltim.sys
c:\windows\system32\drivers\gaopdxsgbnmche.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\gaopdxoyqmoqxy.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\win\
D:\resycled
J:\resycled

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys
-------\Legacy_XPROTECTOR
-------\Service_XPROTECTOR


((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 )))))))))))))))))))))))))))))))
.

2009-02-10 19:43 . 2009-02-10 19:43 <REP> d-------- C:\SAVEREG
2009-02-10 19:39 . 2009-02-10 19:43 <REP> d-------- C:\ERDNT
2009-02-10 18:27 . 2009-02-10 18:27 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-10 18:23 . 2009-02-10 18:23 <REP> d-------- c:\windows\ERUNT
2009-02-10 18:14 . 2009-02-10 18:58 <REP> d-------- C:\SDFix
2009-02-10 17:47 . 2009-02-10 17:50 250 --a------ c:\windows\gmer.ini
2009-02-10 17:21 . 2009-02-10 17:21 <REP> d-------- C:\rsit
2009-02-10 16:39 . 2009-02-10 16:39 <REP> d-------- c:\documents and settings\JEREMY\Application Data\Malwarebytes
2009-02-10 16:38 . 2009-02-10 16:38 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-10 16:38 . 2009-02-10 16:38 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-10 16:38 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-10 16:38 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 21:16 . 2009-01-18 22:35 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-09 20:59 . 2009-02-09 20:59 <REP> d-------- c:\program files\Lavasoft
2009-02-09 20:59 . 2009-02-09 20:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-09 20:59 . 2009-02-09 20:59 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-09 20:59 . 2009-01-18 22:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-09 19:43 . 2009-02-10 16:12 <REP> d-------- C:\ToolBar SD
2009-02-01 12:54 . 2009-02-01 12:54 <REP> d-------- c:\program files\Avira
2009-01-31 16:24 . 2009-01-31 16:24 <REP> d-------- c:\program files\Badaboom
2009-01-30 23:58 . 2009-02-01 12:54 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-30 22:56 . 2009-01-30 22:59 <REP> d-------- c:\program files\Navilog1
2009-01-28 15:11 . 2009-01-28 15:11 <REP> d-------- c:\program files\LibUSB-Win32-0.1.10.1
2009-01-28 15:11 . 2005-03-09 20:50 19,456 --a------ c:\windows\system32\libusbd-9x.exe
2009-01-28 15:11 . 2005-03-09 20:50 18,944 --a------ c:\windows\system32\libusbd-nt.exe
2009-01-26 18:42 . 2009-02-10 21:28 47,249 --a------ c:\windows\system32\oodbs.lor
2009-01-26 18:24 . 2009-01-26 18:24 <REP> d-------- c:\program files\Trend Micro
2009-01-26 17:46 . 2009-01-26 17:46 <REP> d-------- c:\program files\OO Software
2009-01-25 18:04 . 2009-01-25 18:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Codemasters
2009-01-25 17:46 . 2009-01-25 23:29 <REP> d-------- c:\program files\Thoosje Vista Sidebar
2009-01-25 17:32 . 2009-01-25 17:44 <REP> d-------- c:\program files\Thoosje Vista Tweaker
2009-01-25 16:47 . 2009-01-25 16:48 <REP> d-------- c:\documents and settings\JEREMY\Application Data\ViStart
2009-01-25 15:58 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmpC8.tmp
2009-01-25 15:58 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmpC7.tmp
2009-01-23 18:29 . 2009-01-23 18:29 <REP> d-------- c:\program files\The Game Creators
2009-01-23 18:29 . 2008-03-13 17:05 390,432 --a------ c:\windows\system32\NxCooking.dll
2009-01-23 18:29 . 2008-03-13 17:05 124,192 --a------ c:\windows\system32\NxCharacter.dll
2009-01-23 18:29 . 2008-03-13 17:05 118,784 --a------ c:\windows\system32\NxExtensions.dll
2009-01-23 18:23 . 2009-01-23 18:26 <REP> d-------- c:\documents and settings\JEREMY\Application Data\Download Manager
2009-01-22 19:05 . 2009-01-22 19:05 <REP> d-------- c:\program files\NVIDIA nTune Performance Application
2009-01-22 18:52 . 2008-12-26 00:08 453,152 --a------ c:\windows\system32\nvudisp.exe
2009-01-22 18:52 . 2008-12-26 00:08 18,725 --a------ c:\windows\system32\nvdisp.nvu
2009-01-22 18:50 . 2009-01-22 18:50 <REP> d-------- C:\NVIDIA
2009-01-11 00:49 . 2001-08-06 22:58 163,599 --a------ c:\windows\psuninst2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 20:21 --------- d-----w c:\program files\SuperCopier2
2009-02-10 17:18 --------- d-----w c:\documents and settings\JEREMY\Application Data\uTorrent
2009-02-10 17:11 --------- d-----w c:\program files\eMule
2009-02-09 21:54 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-02-09 19:53 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-09 19:53 --------- d-----w c:\documents and settings\JEREMY\Application Data\SUPERAntiSpyware.com
2009-02-09 18:59 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-09 18:59 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-09 18:46 --------- d-----w c:\documents and settings\JEREMY\Application Data\Skype
2009-02-09 17:44 --------- d-----w c:\documents and settings\JEREMY\Application Data\skypePM
2009-02-05 19:09 --------- d-----w c:\program files\RivaTuner v2.06
2009-02-03 19:23 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-03 19:14 --------- d-----w c:\program files\ElcomSoft
2009-01-30 19:25 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-30 19:03 --------- d-----w c:\program files\Frets on Fire
2009-01-26 22:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-25 22:21 --------- d-----w c:\program files\ASUS
2009-01-25 21:58 --------- d-----w c:\program files\Styler
2009-01-25 18:29 --------- d-----w c:\program files\Logitech
2009-01-25 18:29 --------- d-----w c:\program files\Fichiers communs\Logitech
2009-01-25 17:30 --------- d-----w c:\program files\SixaxisDriver
2009-01-25 16:41 --------- d-----w c:\program files\Google
2009-01-25 14:58 --------- d-----w c:\program files\OpenAL
2009-01-23 21:39 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-01-23 17:32 --------- d-----w c:\program files\NVIDIA Corporation
2009-01-23 14:10 --------- d-----w c:\program files\Java
2009-01-22 22:28 --------- d-----w c:\program files\AGEIA Technologies
2009-01-10 23:49 --------- d-----w c:\program files\Microsoft ActiveSync
2009-01-08 17:31 --------- d-----w c:\program files\dizzler
2009-01-08 17:28 --------- d-----w c:\program files\Fichiers communs\SWF Studio
2009-01-07 00:10 --------- d-----w c:\documents and settings\JEREMY\Application Data\Free Download Manager
2009-01-02 17:10 --------- d-----w c:\documents and settings\JEREMY\Application Data\4Pockets
2009-01-01 17:46 --------- d-----w c:\program files\RivaTuner v2.22
2009-01-01 17:34 --------- d-----w c:\program files\Driver Cleaner Pro
2008-12-29 12:44 --------- d-----w c:\program files\Flip3D
2008-12-29 12:43 --------- d-----w c:\program files\adslTV
2008-12-29 00:25 --------- d-----w c:\documents and settings\JEREMY\Application Data\vlc
2008-12-28 23:15 --------- d-----w c:\program files\iWizz
2008-12-25 23:08 6,301,344 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-12-20 14:32 --------- d-----w c:\program files\Microsoft.NET
2008-12-18 17:46 --------- d-----w c:\program files\Skype
2008-12-18 17:46 --------- d-----w c:\program files\Fichiers communs\Skype
2008-12-18 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-14 22:45 --------- d-----w c:\documents and settings\All Users\Application Data\America's Army Deploy Client
2008-12-14 22:44 --------- d-----w c:\program files\America's Army Server Manager
2008-12-14 16:00 --------- d-----w c:\program files\PS3Server
2008-12-14 10:57 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-14 10:53 --------- d-----w c:\documents and settings\JEREMY\Application Data\SystemRequirementsLab
2008-12-12 23:36 --------- d-----w c:\program files\Power Video Downloader
2008-12-12 23:36 --------- d-----w c:\program files\ffdshow
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 23:05 --------- d-----w c:\documents and settings\JEREMY\Application Data\U3
2008-11-29 11:33 22,328 ----a-w c:\documents and settings\JEREMY\Application Data\PnkBstrK.sys
2008-11-23 13:04 38,568 ----a-w c:\documents and settings\JEREMY\Application Data\GDIPFONTCACHEV1.DAT
2008-10-08 12:46 10,701 ----a-w c:\program files\Fichiers communs\hinygucusa.bin
2006-11-22 18:10 1 ----a-w c:\documents and settings\JEREMY\SI.bin
2003-12-18 09:33 20,102 ----a-w c:\program files\Readme.txt
2003-09-03 05:46 10,960 ----a-w c:\program files\EULA.txt
2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sha-r c:\windows\system32\nbDX.dll
2008-05-19 20:18 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051920080520\index.dat
.

------- Sigcheck -------

2008-04-14 03:34 1037312 b494e6ce8843d0f3e802c90252d42390 c:\windows\explorer.exe
2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-05 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 03:34 1037312 b494e6ce8843d0f3e802c90252d42390 c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-02 67128]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-08-03 244520]
"ThomsonUSBAudioSystemRemote"="c:\program files\Thomson multimedia\USB Audio System\cs580.exe" [2004-04-01 114688]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-26 2524416]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.22\RivaTuner.exe" [2008-12-29 2732032]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172544]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\JEREMY\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2006-11-18 3581680]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-07-02 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-17 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2002-08-20 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.asv2"= asusasv2.dll
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]OODBS\[u]0[/u]lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS WiFi-AP Solo.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS WiFi-AP Solo.lnk
backup=c:\windows\pss\ASUS WiFi-AP Solo.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MagicTune 3.6.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\MagicTune 3.6.lnk
backup=c:\windows\pss\MagicTune 3.6.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PCSuiteForNokia6600 Detect.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PCSuiteForNokia6600 Detect.lnk
backup=c:\windows\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PCSuiteForNokia6600 TS.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PCSuiteForNokia6600 TS.lnk
backup=c:\windows\pss\PCSuiteForNokia6600 TS.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^JEREMY^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\JEREMY\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^JEREMY^Menu Démarrer^Programmes^Démarrage^Folding@Home 5.03.lnk]
path=c:\documents and settings\JEREMY\Menu Démarrer\Programmes\Démarrage\Folding@Home 5.03.lnk
backup=c:\windows\pss\Folding@Home 5.03.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^JEREMY^Menu Démarrer^Programmes^Démarrage^WinFlip.lnk]
path=c:\documents and settings\JEREMY\Menu Démarrer\Programmes\Démarrage\WinFlip.lnk
backup=c:\windows\pss\WinFlip.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-01-18 22:34 506712 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Quicker Help]
--a------ 2006-07-19 08:52 3167744 c:\program files\ASUS\ASUS DH Remote\AsRc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
--a------ 2006-05-15 11:31 1081344 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 13:28 266497 c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-08 11:06 94208 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
--a------ 2007-11-06 10:08 397312 c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--a------ 2007-07-17 10:03 868352 c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-09-14 21:09 157592 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2004-02-19 16:23 1089536 c:\program files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-07-22 11:34 2772992 c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
--a------ 2008-08-02 14:52 5484544 c:\program files\eMule\emule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzBackup Manager]
--a------ 2006-05-08 17:10 1901568 c:\program files\EzBackup\EZ-Backup Manager\EzBackupManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
--a------ 2008-02-25 21:17 2465839 c:\program files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2006-08-03 08:44 529968 c:\program files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Tray Application]
--a------ 2003-12-19 11:38 425984 c:\program files\Fichiers communs\Nokia\Tools\NclTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-11 11:24 1410296 j:\jeux pc\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessKeyboard ]
--a------ 2005-06-16 14:29 245760 c:\program files\Multimedia Combo Set\PS2USBKbdDrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessMouse ]
--a------ 2004-06-27 14:54 503808 c:\program files\Multimedia Combo Set\MouseDrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"EZ-Backup Manager"=2 (0x2)
"AVEService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GameFace Messenger\\GameFace.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\day of defeat source\\hl2.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\half-life 2 deathmatch\\hl2.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\half-life\\hl.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\counter-strike source\\hl2.exe"=
"j:\\Jeux PC\\Electronic Arts\\Démo de Battlefield 2142\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\half-life 2\\hl2.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"j:\\Jeux PC\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\EasyPHP1-8\\apache\\Apache.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\common\\roboblitz\\Binaries\\RoboGame.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"j:\\Jeux PC\\LucasArts\\Star Wars Battlefront II\\GameData\\battlefrontII.exe"=
"c:\\Program Files\\Simple DNS Plus\\sdnsmain.exe"=
"j:\\Jeux PC\\UT2004\\System\\UT2004.exe"=
"c:\\Program Files\\CF3B5\\PS3.ProxyServer\\PS3.ProxyServer.GUI.exe"=
"c:\\Program Files\\PS3PROXY\\ps3proxy.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\PS3Portal\\hfs.exe"=
"j:\\Jeux PC\\CAPCOM\\LOST_PLANET_TRIAL_DX9\\LostPlanetDX9.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\source dedicated server\\srcds.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Softimage\\XSI_4.2_ModTool\\Application\\bin\\nt-x86-p3\\XSI.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"j:\\Jeux PC\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\garrysmod\\hl2.exe"=
"c:\\Program Files\\BT Softphone 2\\BTSoftphone2.exe"=
"c:\\Program Files\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"j:\\Jeux PC\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"j:\\Jeux PC\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"j:\\Jeux PC\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\source sdk base 2007\\hl2.exe"=
"j:\\Jeux PC\\Codemasters\\GRID\\GRID.exe"=
"j:\\Jeux PC\\EA GAMES\\Battlefield 2\\BF2.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\common\\roboblitz\\Binaries\\RoboLaunch.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-09 64160]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-06-25 3712]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-16 102400]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [2006-10-27 223232]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.2;c:\windows\system32\drivers\libusb0.sys [2006-10-29 29184]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S3 3xHybrid;Pinnacle PCTV 310i Stereo DVB-T;c:\windows\system32\drivers\3xHybrid.sys [2007-01-09 827008]
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;c:\windows\system32\drivers\M9205.sys [2007-01-13 70272]
S3 FanSpeedNT Service;FanSpeedNT Service;j:\fichiers\Overclock\Fanspeed\FanSpeedNT.exe [2007-01-02 61440]
S3 fspio;fspio;c:\windows\system32\drivers\fspio.sys [2007-01-02 3816]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2006-10-26 176128]
S3 SaiH0463;SaiH0463;c:\windows\system32\drivers\SaiH0463.sys [2003-07-14 48128]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2006-10-26 13532]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2006-09-07 11520]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2007-06-06 27904]
S4 EZ-Backup Manager;EZ-Backup Manager;c:\program files\EzBackup\EZ-Backup Manager\EzBackup.exe [2006-10-26 1123840]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07ed5465-b3f0-11dd-a998-0018f3646db0}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51e2693e-65c8-11db-ab44-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C6D55B5-A110-8D8F-0106-020701020700}]
c:\windows\system32\Win.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 22:34]

2009-02-10 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)
HKLM-Run-WD Button Manager - WDBtnMgr.exe
MSConfigStartUp-Launch Ai Booster - c:\program files\ASUS\Ai Booster\OverClk.exe
MSConfigStartUp-MediaPortal - c:\program files\Team MediaPortal\MediaPortal\mediaportal.exe
MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-PCTV 310i Antenna Power - c:\program files\Pinnacle\Shared Files\Drivers\Tools\PCTV 310i Antenna Power.exe
MSConfigStartUp-PMCRemote - c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
MSConfigStartUp-PMCS - c:\program files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe
MSConfigStartUp-Start WingMan Profiler - c:\program files\Logitech\Gaming Software\LWEMon.exe


.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_9.cab
FF - ProfilePath - c:\documents and settings\JEREMY\Application Data\Mozilla\Firefox\Profiles\7l9se6s3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (FR)
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\documents and settings\JEREMY\Application Data\Mozilla\Firefox\Profiles\7l9se6s3.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 21:33:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\JEREMY\LOCALS~1\Temp\mc21.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1390067357-343818398-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1390067357-343818398-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D459D1DF-8E7D-9734-3ECF-C454223F516F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ianfphgadepnadkmge"=hex:69,61,6b,69,6a,6a,6b,69,6e,6c,65,64,64,64,67,61,63,6a,
00,00
"hadghlfflbdnboop"=hex:69,61,6c,69,69,6b,64,68,65,61,70,63,6c,70,64,69,6f,6e,
00,00

[HKEY_USERS\S-1-5-21-1390067357-343818398-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:54,c2,6b,d2,0c,87,36,f7,28,7c,c3,a5,81,57,c1,b9,d3,91,e6,36,5d,27,b5,
e5,e9,5e,67,f2,3e,be,fa,37,dc,71,ce,b8,e7,0e,04,63,6d,9b,38,26,35,e0,a0,e4,\
"??"=hex:83,c8,99,f6,5f,d7,c8,97,32,7b,bf,46,ac,ba,40,4b

[HKEY_USERS\S-1-5-21-1390067357-343818398-725345543-1003\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:b5,7c,fe,82,dc,c4,36,31,02,90,ef,c4,14,7f,08,27,1f,b6,e1,57,41,
05,0d,25,40,d5,35,ed,14,4a,17,e6,c5,44,ec,ff,92,a5,7e,ad,bb,9d,a5,4c,6b,92,\
"rkeysecu"=hex:b7,c0,9a,5a,a2,e1,d2,24,2e,c4,d2,63,f2,34,8f,49

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,85,21,2a,51,fd,
92,f4,2f,c8,28,51,af,b0,29,a3,98,37,02,a6,6c,9f,f7,d9,81,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,70,cb,a2,2c,8c,
89,56,15,71,3b,04,66,8b,46,0d,96,9a,5f,13,d6,94,6e,a2,17,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,0b,76,33,b1,7c,
93,3c,0d,25,da,ec,7e,55,20,c9,26,9d,7c,18,bf,a7,5b,71,4a,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,df,81,b4,01,84,
8b,ca,5f,3e,1e,9e,e0,57,5a,93,61,80,8a,36,75,b2,4c,d2,22,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,9c,d1,75,1a,81,
77,c8,f8,cd,44,cd,b9,a6,33,6c,cd,56,02,4b,50,80,53,3e,68,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,f3,5b,a3,75,db,
49,a6,76,b0,18,ed,a7,3f,8d,37,a4,24,cf,c9,33,ad,74,50,c2,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,51,2e,0e,83,07,
ba,34,ea,31,77,e1,ba,b1,f8,68,02,0b,d3,fd,3c,de,35,8f,d9,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,4a,13,54,f4,6b,
f4,b0,8d,83,6c,56,8b,a0,85,96,ab,53,fd,17,da,55,8d,24,a3,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,42,6a,ff,33,7c,
2a,e1,c9,51,fa,6e,91,28,9e,14,cc,7e,d3,68,b9,46,05,17,f1,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,c3,50,c8,23,a7,
23,a3,f0,b1,cd,45,5a,a8,c4,f8,b9,e4,12,46,9a,37,15,8e,91,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,65,a0,30,25,c8,
c5,a3,ed,e3,0e,66,d5,eb,bc,2f,6b,a3,52,3f,ce,bb,34,65,60,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,ec,76,36,dc,28,
67,1f,68,fa,ea,66,7f,d4,3b,6b,70,42,6c,6a,16,1c,2c,7b,27,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="E6F5FA0F848F71B32AF964E657AE51586A998D5C935B721048F9F909725B3B77F35CE438A94BA4BF00B19066642D7EEF7FB46FD79218F047F61A16B7F7E666A11ECE7FC91B042AF6F04624B27CBBEF608CD9DBC19DA69838E435915CD91E54BFC0584A690F428B5E0D23FB5897901DE779F42AB0928E6A786FD861B6F8F9B361CDC9781E8990C49FF879A64901EAEFE73FB7E79E22DEDE4585D6AFEB8BF8A93A48B3EF54677FC68670BCE8D9D80A46676C96D569CFA95FFAA8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667FEBC9E127BECC74CBA7FD869164D67941BE6069DC555B69B71D00BB2CFABEA358FB72C0DD308C28EE743E7C5C4598CE4EBB7407B4F763D8627934D9D819F4DC16D8A5F060063282A9E46ADDB4CC420256B7C22521CBC7B4BBF54A12CC1041199A89873981CB06F71D43C35D826A19AEAA4325939863ECF71C80D3ED9B9FAEC37ECF7C9C7C341CAF47B7925E37E1144FBE706F71DEA05BD1291E8BCF8959CBAA92C7225E814568BD844838AF7049F8C314ADD713E298F69DDB1481C2D89F278151F052C25B02BABD3289655626BD503F723D0A1AE25501C940041BF6F4AFE4B2F3C62EAFBBFE8C635619F5AC7EB2BDC518EA8C256492DC50F1B1BEB8B90B17945C4EED0BD6CB19B5A6E41D11DC00DF1D2EBE679F202FE7735E2D14D259B726D35B9C3B01064980EB814D1D7AE295C40A6E03EC9123F15E686FD18712E2B9CB7F2612F43ED5BA6A758575DED1AE9ED6888D5171C99F5B0ED14D5D04AF107000885C5B222A3085693560521F653CA8A30C9F48B3FBF9E090A0695142D0BF75E37073404CDD4A49821E12B8FBB201670FED0306BE49036C65E152F2FD66ACAEE40A9400C2A75EFD0C4411E506A9C1DCFE116BABB216BBC08AF905923E45651DD422EBF69FCCFABD717C9F4BC9036B24D0BA70D31ED85B75FE7D98AA359E662C8FE6C4C6C7382207952E80A6325302E03CD26E23BA86530539568829A1B875743DE50C49A1BFE96F557207B88FDA0EAFCA4473D7513E631DC6BC4C0A2F4FA8C55EAD84A2FE80A5E00A982AEA0D9F3C93CABD3E03652BACCE93D8F8A0D1355657854984495343FCA4172394A56D8E62E37A229D38370E396DD07F8E95E0AFD471C6C385B70B60B31D57B7FB80AFD0E7E55F0B9E31959B9280E64C7ABCF4FB49A24AAF17F95922FEB4BB626A94CB14F28749D8820E6DEE91DC39956604DBE874DE6A815E18DC8C15BA83790906442E5196456B05D9038F1973E8A145E76145CD12F27857896422CE165B339234CDE5FC66C6B5E33ECFB273BAEC2013DA1746C9DBB0839FC2149AD656B8AA95D349BA0A6C35254FE88AAB0B03B6FB65B5664C32AC0D2BDEFD40E56CF9CB9"
"OODEFRAG11.00.00.01WORKSTATION"="37262371F698E25ED7827466978F5F8A2C3DCE27B1E10361B3962FEDF541678F77C2967CDD9B3F8608F0592AE9D2AEF48230FB4BF6483018B3A1A2E31FB409D6B8F38F2FADCC552A42BBB3EE9FBC18E1580A4916B8F36727B964853824B61F62C18254D1A50BA860E760AADA6271D054479BE0AA29EB309EB8A6A22C5FD4A0F0FDC9F0656C0B4132FD712A4B3EE890C10D4D2EE1DEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB34528EDD5E5BE2F6E667F631EE2F0093524F7871D871C49D5956F67715D785F6703F75A048CE1777930A847A96087BC0F4E9B856DFCE80D7A1506EF4D2DDB35B74926BB741CBA0BC5C9F3E6AD284648E70BC7D1AFC540667D259CB78558232CBE5F53355A7F7B22F51914D2363834402D9ADB70E5E99354FFD626325593353ECF07FA88B633CB238DCBDAFC4FE05396377062B8525567EDA67BC5E9F8E06002A772AF77251229E011BEB39794C2E73BF4573EE5AE669E8168820381295AFB1310F57A3A4425B86F9E042116CEBC6B865F188EE69AED50ED18C2544A8080CF8F282C8813F77BA0FD5B34E314C6BBD62E9E1B86C9179BF9E24D4CAA496EE987828CDA63AE62DB96E0C4F7FE7CD52A2DDA5AD5F7938BA71D9E4F5F453124BF96748A3FB4D408BF274D7A02BD92997AAAB331E37FD47585998B238E71CD28EF6129268380BF635A6FD37CA09FB98AAAE6173B464B62A2A8943EC18CF22182079560AB5AE9AB93C3701EE24351A5B6A2B2A0BA4EAB2D10137D8BA463AD7A25A91A8F45918743BAAAF05053832D1B62CC140E1D5B3D6331DBCEA84A79908B80EF08F5BD50DE6B2FAB9A745446197F13938F5A3E28D5946B597A1F653C2CD24FC6EA58C5F0F14599D26973E3B0DB0D7CFF4B1C11B29C688F36A3503177319B15E069C1BDF02716F76E71BC344E13A399F866B6E041C7D79F5F9F4DF73C7B1B2DDD6B55DF52BC8B5DD1988EC396E20694D9E31A352DFB41FCD3143839CC2AEFD19A1C8EB7138B77420F24C14A8A9A63F738F241C74D07002021D162EFBCA7C6D2450C0275836B075FCD5E758D5E863961ED4F9D887B10F2D0C71F6DEAC2BDB5D86EA1E2FE41B7808A7C66E1EB66B43CF4E8A7B9E60273FB3D902065B7F10E2B0BAA2F16B04BC2AFE49ED0A0CF4D003CE79EF05F3063C05A74E4AF3AC790D784DAE49660557D532AFFD95740DF09C36F9086C0AA6345B37A3BEE5872153195B1B47D5346B3587D2F454AF00503CB644BD57088D45DAD70443F4991A48F80F9A085AE12CD0A5D422AE524E8EC99CEDE68938EE2A259C67682830C81CF80B2B1C07332F31A9E6A409BF6FA99B2F0DF02D5170F20CDDD1223A7621000E4ADE12988D101F39B06A42470E95"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Retrospect\Retrospect 7.5\retrorun.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2009-02-10 21:37:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-10 20:37:03

Pre-Run: 15,783,268,352 octets libres
Post-Run: 17,943,396,352 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

577 --- E O F --- 2009-01-22 19:10:55
Messages postés
85925
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
30 octobre 2019
10 203
Maintenant, tu peux faire la mise à jour de MBAM et faire un examen rapide ;)
Messages postés
21
Date d'inscription
mardi 10 février 2009
Statut
Membre
Dernière intervention
16 juin 2009

Examen refait :

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1742
Windows 5.1.2600 Service Pack 3

2/10/2009 9:57:24 PM
mbam-log-2009-02-10 (21-57-24).txt

Type de recherche: Examen rapide
Eléments examinés: 59047
Temps écoulé: 3 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\RECYCLER\S-1-5-21-0982818026-0792038349-964117139-9221\service.exe (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe (Backdoor.Bot) -> Delete on reboot.
C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe (Backdoor.Bot) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise323.exe (Backdoor.Bot) -> Delete on reboot.
Messages postés
21
Date d'inscription
mardi 10 février 2009
Statut
Membre
Dernière intervention
16 juin 2009

J'ai rebooté comme demandé et tout remarche nikel: IE, plus de pub "advertissement", MAJ possibles... Pour l'instant^^

Je tiens à te remercier énormément pour ton aide et le temps que tu m'as consacrer. En espérant avoir de tes conseils une autres fois (on est jamais à l'abri^^), encore merci.

PS: Encore une chose... que me conseil tu pour me protéger au mieux ? (La totale quoi ^^ quel Anti-vir/troj...)
Actuellement j'ai Antivir et j'ésite entre Spybot S&D et Ad aware... à moin que tu m'en propose d'autres.

Si je fais Antivir, malwarebytes et spybot (pour protection continue) c'est bon ? C'est compatible aussi ?