Sujet Précédent Sujet Suivant

Pub, antivirus, chargement de pages inconnu

Résolu/Fermé
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009 - 10 févr. 2009 à 16:25
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009 - 10 févr. 2009 à 22:15
Bonjour,

Depuis quelque jour mon PC commence à déconner de tout les cotés. Voici une liste de tout mes problèmes:
-Certaine pages sont longues à charger
-Ouverture de Pub dans une nouvelle fenêtre nommés: "Advertissement"
-Lors de certain click je me retrouve soit sur une page non demandé soit sur la page d'acceuille Google.
-Tout mes antivirus/spy ne veulent se mettre à jour.

J'ai fait un scan Ad aware+ Antivir en mod sans echec et cela n'a pas changé.

Voici le rapport Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:17:34 PM, on 2/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Thomson multimedia\USB Audio System\cs580.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Fichiers communs\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ThomsonUSBAudioSystemRemote] "C:\Program Files\Thomson multimedia\USB Audio System\cs580.exe"
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [RealtekAC] C:\WINDOWS\system32\RealtekAC.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.22\RivaTuner.exe" /S
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Télécharger la sélection avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Télécharger la vidéo avec Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/softwareupdate/su/ocx/15031/CTSUEng.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - https://www.fileplanet.com/
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D34AE66-F94C-4E65-A160-72944BB146AC}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{2FFDF581-2960-4547-9B01-F4E63A66A892}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{68DE324A-5AFD-4074-84AC-D2ACDF80CD4D}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{80842673-D1B4-45C1-BE39-312B15CCD48F}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{88DED9FC-D174-4FEE-BFB4-EBFD337DA283}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{A30A3130-A03D-4CB1-B31C-E8708D55A4FF}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{BBB9B419-0B5F-4BB0-A40E-076EFE9F0403}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{C55349B4-EDEE-45E3-B14B-CE5B3B2FD93A}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCEE7C38-914F-44CF-945D-1F63C1A77506}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{D9FAA2C8-D95F-4B34-96D5-DC36FF266917}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{EF66980A-813E-41A5-BA83-E7FCD6690289}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF9AF06A-A9BD-4CDF-A1A7-E6F19E13B918}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D34AE66-F94C-4E65-A160-72944BB146AC}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\..\{0D34AE66-F94C-4E65-A160-72944BB146AC}: NameServer = 85.255.114.51,85.255.112.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: FanSpeedNT Service - Unknown owner - J:\Fichiers\Overclock\Fanspeed\fanspeedNT.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - EMC Corporation - C:\Program Files\Retrospect\Retrospect 7.5\retrorun.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
A voir également:

28 réponses

Précédent
  • 1
  • 2
Réponse 21 / 28
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009
10 févr. 2009 à 20:17
Bon j'ai fait le Fix mais ça n'a pas changé, toujours impossible de mettre à jour.
0
Réponse 22 / 28
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
10 févr. 2009 à 20:27
- Fais un scan en ligne ici https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr (Avec Internet Explorer).

- En bas à droite, clique sur Démarrer Online-scanner.

- Dans la nouvelle fenêtre qui s'affiche, clique sur J'accepte.

- Accepte les Contrôles ActiveX.

- Choisis Poste de travail pour le scan.

- Celui-ci terminé, sauvegarde (Choisis fichier texte) et poste le rapport.

- Pour t'aider à utiliser le scan en ligne : Lien

Note : Si tu reçois le message La licence de Kaspersky On-line Scanner est périmée, va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte-toi sur le site de Kaspersky pour retenter le scan en ligne.
0
Réponse 23 / 28
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009
10 févr. 2009 à 20:39
Décidément, a chaque fois que je click sur Internet explorer, celui-ci m'annonce qu'il a rencontré un problème... je sens que je vais formater.
0
Réponse 24 / 28
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
10 févr. 2009 à 20:42
On va sortir le bazooka.

/!\ Désactive tes protections résidentes (Antivirus, etc...) /!\

--> Télécharge ComboFix (de sUBs) sur ton Bureau.
--> Double-clique sur ComboFix.exe (le .exe n'est pas forcément visible) afin de le lancer.
--> Il va te demander d'installer la console de récupération : accepte.
--> Lorsque la recherche sera terminée, un rapport apparaîtra. Poste ce rapport (C:\Combofix.txt) dans ta prochaine réponse.

Pour t'aider : Un guide et un tutoriel sur l'utilisation de ComboFix
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 28
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009
10 févr. 2009 à 21:39
ComboFix 09-02-10.01 - JEREMY 2009-02-10 21:23:08.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2047.1584 [GMT 1:00]
Running from: c:\documents and settings\JEREMY\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated)
.
[color=purple]The following files were disabled during the run:[/color]
c:\program files\SuperCopier2\SC2Hook.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\JEREMY\Application Data\.#
c:\documents and settings\JEREMY\Local Settings\Temporary Internet Files\pujorij.db
c:\program files\INSTALL.LOG
c:\windows\jestertb.dll
c:\windows\system32\drivers\gaopdxmxdqeoay.sys
c:\windows\system32\drivers\gaopdxobrqltim.sys
c:\windows\system32\drivers\gaopdxsgbnmche.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\gaopdxoyqmoqxy.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\win\
D:\resycled
J:\resycled

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys
-------\Legacy_XPROTECTOR
-------\Service_XPROTECTOR


((((((((((((((((((((((((( Files Created from 2009-01-10 to 2009-02-10 )))))))))))))))))))))))))))))))
.

2009-02-10 19:43 . 2009-02-10 19:43 <REP> d-------- C:\SAVEREG
2009-02-10 19:39 . 2009-02-10 19:43 <REP> d-------- C:\ERDNT
2009-02-10 18:27 . 2009-02-10 18:27 579,584 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-02-10 18:23 . 2009-02-10 18:23 <REP> d-------- c:\windows\ERUNT
2009-02-10 18:14 . 2009-02-10 18:58 <REP> d-------- C:\SDFix
2009-02-10 17:47 . 2009-02-10 17:50 250 --a------ c:\windows\gmer.ini
2009-02-10 17:21 . 2009-02-10 17:21 <REP> d-------- C:\rsit
2009-02-10 16:39 . 2009-02-10 16:39 <REP> d-------- c:\documents and settings\JEREMY\Application Data\Malwarebytes
2009-02-10 16:38 . 2009-02-10 16:38 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-10 16:38 . 2009-02-10 16:38 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-10 16:38 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-10 16:38 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-09 21:16 . 2009-01-18 22:35 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-09 20:59 . 2009-02-09 20:59 <REP> d-------- c:\program files\Lavasoft
2009-02-09 20:59 . 2009-02-09 20:59 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-09 20:59 . 2009-02-09 20:59 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-09 20:59 . 2009-01-18 22:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-09 19:43 . 2009-02-10 16:12 <REP> d-------- C:\ToolBar SD
2009-02-01 12:54 . 2009-02-01 12:54 <REP> d-------- c:\program files\Avira
2009-01-31 16:24 . 2009-01-31 16:24 <REP> d-------- c:\program files\Badaboom
2009-01-30 23:58 . 2009-02-01 12:54 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2009-01-30 22:56 . 2009-01-30 22:59 <REP> d-------- c:\program files\Navilog1
2009-01-28 15:11 . 2009-01-28 15:11 <REP> d-------- c:\program files\LibUSB-Win32-0.1.10.1
2009-01-28 15:11 . 2005-03-09 20:50 19,456 --a------ c:\windows\system32\libusbd-9x.exe
2009-01-28 15:11 . 2005-03-09 20:50 18,944 --a------ c:\windows\system32\libusbd-nt.exe
2009-01-26 18:42 . 2009-02-10 21:28 47,249 --a------ c:\windows\system32\oodbs.lor
2009-01-26 18:24 . 2009-01-26 18:24 <REP> d-------- c:\program files\Trend Micro
2009-01-26 17:46 . 2009-01-26 17:46 <REP> d-------- c:\program files\OO Software
2009-01-25 18:04 . 2009-01-25 18:04 <REP> d-------- c:\documents and settings\All Users\Application Data\Codemasters
2009-01-25 17:46 . 2009-01-25 23:29 <REP> d-------- c:\program files\Thoosje Vista Sidebar
2009-01-25 17:32 . 2009-01-25 17:44 <REP> d-------- c:\program files\Thoosje Vista Tweaker
2009-01-25 16:47 . 2009-01-25 16:48 <REP> d-------- c:\documents and settings\JEREMY\Application Data\ViStart
2009-01-25 15:58 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmpC8.tmp
2009-01-25 15:58 . 2008-04-28 15:53 805,400 -ra------ c:\windows\system32\tmpC7.tmp
2009-01-23 18:29 . 2009-01-23 18:29 <REP> d-------- c:\program files\The Game Creators
2009-01-23 18:29 . 2008-03-13 17:05 390,432 --a------ c:\windows\system32\NxCooking.dll
2009-01-23 18:29 . 2008-03-13 17:05 124,192 --a------ c:\windows\system32\NxCharacter.dll
2009-01-23 18:29 . 2008-03-13 17:05 118,784 --a------ c:\windows\system32\NxExtensions.dll
2009-01-23 18:23 . 2009-01-23 18:26 <REP> d-------- c:\documents and settings\JEREMY\Application Data\Download Manager
2009-01-22 19:05 . 2009-01-22 19:05 <REP> d-------- c:\program files\NVIDIA nTune Performance Application
2009-01-22 18:52 . 2008-12-26 00:08 453,152 --a------ c:\windows\system32\nvudisp.exe
2009-01-22 18:52 . 2008-12-26 00:08 18,725 --a------ c:\windows\system32\nvdisp.nvu
2009-01-22 18:50 . 2009-01-22 18:50 <REP> d-------- C:\NVIDIA
2009-01-11 00:49 . 2001-08-06 22:58 163,599 --a------ c:\windows\psuninst2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 20:21 --------- d-----w c:\program files\SuperCopier2
2009-02-10 17:18 --------- d-----w c:\documents and settings\JEREMY\Application Data\uTorrent
2009-02-10 17:11 --------- d-----w c:\program files\eMule
2009-02-09 21:54 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-02-09 19:53 --------- d-----w c:\program files\SUPERAntiSpyware
2009-02-09 19:53 --------- d-----w c:\documents and settings\JEREMY\Application Data\SUPERAntiSpyware.com
2009-02-09 18:59 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-02-09 18:59 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-09 18:46 --------- d-----w c:\documents and settings\JEREMY\Application Data\Skype
2009-02-09 17:44 --------- d-----w c:\documents and settings\JEREMY\Application Data\skypePM
2009-02-05 19:09 --------- d-----w c:\program files\RivaTuner v2.06
2009-02-03 19:23 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-03 19:14 --------- d-----w c:\program files\ElcomSoft
2009-01-30 19:25 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-30 19:03 --------- d-----w c:\program files\Frets on Fire
2009-01-26 22:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-25 22:21 --------- d-----w c:\program files\ASUS
2009-01-25 21:58 --------- d-----w c:\program files\Styler
2009-01-25 18:29 --------- d-----w c:\program files\Logitech
2009-01-25 18:29 --------- d-----w c:\program files\Fichiers communs\Logitech
2009-01-25 17:30 --------- d-----w c:\program files\SixaxisDriver
2009-01-25 16:41 --------- d-----w c:\program files\Google
2009-01-25 14:58 --------- d-----w c:\program files\OpenAL
2009-01-23 21:39 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-01-23 17:32 --------- d-----w c:\program files\NVIDIA Corporation
2009-01-23 14:10 --------- d-----w c:\program files\Java
2009-01-22 22:28 --------- d-----w c:\program files\AGEIA Technologies
2009-01-10 23:49 --------- d-----w c:\program files\Microsoft ActiveSync
2009-01-08 17:31 --------- d-----w c:\program files\dizzler
2009-01-08 17:28 --------- d-----w c:\program files\Fichiers communs\SWF Studio
2009-01-07 00:10 --------- d-----w c:\documents and settings\JEREMY\Application Data\Free Download Manager
2009-01-02 17:10 --------- d-----w c:\documents and settings\JEREMY\Application Data\4Pockets
2009-01-01 17:46 --------- d-----w c:\program files\RivaTuner v2.22
2009-01-01 17:34 --------- d-----w c:\program files\Driver Cleaner Pro
2008-12-29 12:44 --------- d-----w c:\program files\Flip3D
2008-12-29 12:43 --------- d-----w c:\program files\adslTV
2008-12-29 00:25 --------- d-----w c:\documents and settings\JEREMY\Application Data\vlc
2008-12-28 23:15 --------- d-----w c:\program files\iWizz
2008-12-25 23:08 6,301,344 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-12-20 14:32 --------- d-----w c:\program files\Microsoft.NET
2008-12-18 17:46 --------- d-----w c:\program files\Skype
2008-12-18 17:46 --------- d-----w c:\program files\Fichiers communs\Skype
2008-12-18 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-14 22:45 --------- d-----w c:\documents and settings\All Users\Application Data\America's Army Deploy Client
2008-12-14 22:44 --------- d-----w c:\program files\America's Army Server Manager
2008-12-14 16:00 --------- d-----w c:\program files\PS3Server
2008-12-14 10:57 --------- d-----w c:\program files\SystemRequirementsLab
2008-12-14 10:53 --------- d-----w c:\documents and settings\JEREMY\Application Data\SystemRequirementsLab
2008-12-12 23:36 --------- d-----w c:\program files\Power Video Downloader
2008-12-12 23:36 --------- d-----w c:\program files\ffdshow
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-10 23:05 --------- d-----w c:\documents and settings\JEREMY\Application Data\U3
2008-11-29 11:33 22,328 ----a-w c:\documents and settings\JEREMY\Application Data\PnkBstrK.sys
2008-11-23 13:04 38,568 ----a-w c:\documents and settings\JEREMY\Application Data\GDIPFONTCACHEV1.DAT
2008-10-08 12:46 10,701 ----a-w c:\program files\Fichiers communs\hinygucusa.bin
2006-11-22 18:10 1 ----a-w c:\documents and settings\JEREMY\SI.bin
2003-12-18 09:33 20,102 ----a-w c:\program files\Readme.txt
2003-09-03 05:46 10,960 ----a-w c:\program files\EULA.txt
2006-05-03 09:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2008-03-16 12:30 216,064 --sha-r c:\windows\system32\nbDX.dll
2008-05-19 20:18 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008051920080520\index.dat
.

------- Sigcheck -------

2008-04-14 03:34 1037312 b494e6ce8843d0f3e802c90252d42390 c:\windows\explorer.exe
2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
2007-06-13 14:22 1037312 d0288319660edcfed07c7e74c4ea38a5 c:\windows\$NtServicePackUninstall$\explorer.exe
2004-08-05 13:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa c:\windows\$NtUninstallKB938828$\explorer.exe
2008-04-14 03:34 1037312 b494e6ce8843d0f3e802c90252d42390 c:\windows\ServicePackFiles\i386\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@="{30351346-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@="{30351347-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@="{30351348-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@="{3035134B-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@="{3035134C-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@="{3035134D-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@="{3035134E-7B7D-4FCC-81B4-1E394CA267EB}"
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2008-02-16 11:35 536576 --a------ c:\program files\TortoiseSVN\bin\tortoisesvn.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-07-02 67128]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016]
"LVCOMSX"="c:\program files\Fichiers communs\Logitech\LComMgr\LVComSX.exe" [2006-08-03 244520]
"ThomsonUSBAudioSystemRemote"="c:\program files\Thomson multimedia\USB Audio System\cs580.exe" [2004-04-01 114688]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-05-16 430080]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-26 2524416]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"RivaTunerStartupDaemon"="c:\program files\RivaTuner v2.22\RivaTuner.exe" [2008-12-29 2732032]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 172544]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-19 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\JEREMY\Menu D‚marrer\Programmes\D‚marrage\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2006-11-18 3581680]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-07-02 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-17 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2002-08-20 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"vidc.asv2"= asusasv2.dll
"VIDC.MJPG"= pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]OODBS\[u]0[/u]lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^ASUS WiFi-AP Solo.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\ASUS WiFi-AP Solo.lnk
backup=c:\windows\pss\ASUS WiFi-AP Solo.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^MagicTune 3.6.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\MagicTune 3.6.lnk
backup=c:\windows\pss\MagicTune 3.6.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PCSuiteForNokia6600 Detect.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PCSuiteForNokia6600 Detect.lnk
backup=c:\windows\pss\PCSuiteForNokia6600 Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PCSuiteForNokia6600 TS.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PCSuiteForNokia6600 TS.lnk
backup=c:\windows\pss\PCSuiteForNokia6600 TS.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^JEREMY^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\JEREMY\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^JEREMY^Menu Démarrer^Programmes^Démarrage^Folding@Home 5.03.lnk]
path=c:\documents and settings\JEREMY\Menu Démarrer\Programmes\Démarrage\Folding@Home 5.03.lnk
backup=c:\windows\pss\Folding@Home 5.03.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^JEREMY^Menu Démarrer^Programmes^Démarrage^WinFlip.lnk]
path=c:\documents and settings\JEREMY\Menu Démarrer\Programmes\Démarrage\WinFlip.lnk
backup=c:\windows\pss\WinFlip.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
--a------ 2009-01-18 22:34 506712 c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ai Quicker Help]
--a------ 2006-07-19 08:52 3167744 c:\program files\ASUS\ASUS DH Remote\AsRc.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS SmartDoctor]
--a------ 2006-05-15 11:31 1081344 c:\program files\ASUS\SmartDoctor\SmartDoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-06-12 13:28 266497 c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-08 11:06 94208 c:\program files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTCheck]
--a------ 2007-11-06 10:08 397312 c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSyncU.exe]
--a------ 2007-07-17 10:03 868352 c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-09-14 21:09 157592 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2004-02-19 16:23 1089536 c:\program files\Fichiers communs\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core]
--a------ 2008-07-22 11:34 2772992 c:\program files\Electronic Arts\EADM\Core.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
--a------ 2008-08-02 14:52 5484544 c:\program files\eMule\emule.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzBackup Manager]
--a------ 2006-05-08 17:10 1901568 c:\program files\EzBackup\EZ-Backup Manager\EzBackupManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
--a------ 2008-02-25 21:17 2465839 c:\program files\Free Download Manager\fdm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2006-08-03 08:44 529968 c:\program files\Fichiers communs\Logitech\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Tray Application]
--a------ 2003-12-19 11:38 425984 c:\program files\Fichiers communs\Nokia\Tools\NclTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-11 11:24 1410296 j:\jeux pc\Steam\steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessKeyboard ]
--a------ 2005-06-16 14:29 245760 c:\program files\Multimedia Combo Set\PS2USBKbdDrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WireLessMouse ]
--a------ 2004-06-27 14:54 503808 c:\program files\Multimedia Combo Set\MouseDrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"EZ-Backup Manager"=2 (0x2)
"AVEService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GameFace Messenger\\GameFace.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\day of defeat source\\hl2.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\half-life 2 deathmatch\\hl2.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\half-life\\hl.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\counter-strike source\\hl2.exe"=
"j:\\Jeux PC\\Electronic Arts\\Démo de Battlefield 2142\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\half-life 2\\hl2.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"j:\\Jeux PC\\Ubisoft\\Crytek\\Far Cry\\Bin32\\FarCry.exe"=
"c:\\Program Files\\EasyPHP1-8\\apache\\Apache.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Intuwave\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\common\\roboblitz\\Binaries\\RoboGame.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"j:\\Jeux PC\\LucasArts\\Star Wars Battlefront II\\GameData\\battlefrontII.exe"=
"c:\\Program Files\\Simple DNS Plus\\sdnsmain.exe"=
"j:\\Jeux PC\\UT2004\\System\\UT2004.exe"=
"c:\\Program Files\\CF3B5\\PS3.ProxyServer\\PS3.ProxyServer.GUI.exe"=
"c:\\Program Files\\PS3PROXY\\ps3proxy.exe"=
"c:\\Program Files\\adslTV\\adsltv.exe"=
"c:\\Program Files\\PS3Portal\\hfs.exe"=
"j:\\Jeux PC\\CAPCOM\\LOST_PLANET_TRIAL_DX9\\LostPlanetDX9.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero MediaHome\\NeroMediaHome.exe"=
"c:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\source dedicated server\\srcds.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Softimage\\XSI_4.2_ModTool\\Application\\bin\\nt-x86-p3\\XSI.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"j:\\Jeux PC\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\garrysmod\\hl2.exe"=
"c:\\Program Files\\BT Softphone 2\\BTSoftphone2.exe"=
"c:\\Program Files\\Microsoft Games\\Freelancer\\EXE\\Freelancer.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"j:\\Jeux PC\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"j:\\Jeux PC\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"j:\\Jeux PC\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\jejebond_60@hotmail.com\\source sdk base 2007\\hl2.exe"=
"j:\\Jeux PC\\Codemasters\\GRID\\GRID.exe"=
"j:\\Jeux PC\\EA GAMES\\Battlefield 2\\BF2.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\common\\roboblitz\\Binaries\\RoboLaunch.exe"=
"j:\\Jeux PC\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1700:TCP"= 1700:TCP:MioNet Remote Drive Access
"1641:TCP"= 1641:TCP:MioNet Remote Drive Verification
"1647:TCP"= 1647:TCP:MioNet Storage Device Configuration
"5432:UDP"= 5432:UDP:MioNet Storage Device Discovery
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-09 64160]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-06-25 3712]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-05-16 102400]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [2006-10-27 223232]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.2;c:\windows\system32\drivers\libusb0.sys [2006-10-29 29184]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
S3 3xHybrid;Pinnacle PCTV 310i Stereo DVB-T;c:\windows\system32\drivers\3xHybrid.sys [2007-01-09 827008]
S3 DTV-DVBM9205;DTV-DVB USB Hybrid Analog/Capture;c:\windows\system32\drivers\M9205.sys [2007-01-13 70272]
S3 FanSpeedNT Service;FanSpeedNT Service;j:\fichiers\Overclock\Fanspeed\FanSpeedNT.exe [2007-01-02 61440]
S3 fspio;fspio;c:\windows\system32\drivers\fspio.sys [2007-01-02 3816]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187.sys [2006-10-26 176128]
S3 SaiH0463;SaiH0463;c:\windows\system32\drivers\SaiH0463.sys [2003-07-14 48128]
S3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [2006-10-26 13532]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2006-09-07 11520]
S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2007-06-06 27904]
S4 EZ-Backup Manager;EZ-Backup Manager;c:\program files\EzBackup\EZ-Backup Manager\EzBackup.exe [2006-10-26 1123840]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07ed5465-b3f0-11dd-a998-0018f3646db0}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51e2693e-65c8-11db-ab44-806d6172696f}]
\Shell\AutoRun\command - E:\Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2C6D55B5-A110-8D8F-0106-020701020700}]
c:\windows\system32\Win.exe
.
Contents of the 'Scheduled Tasks' folder

2009-02-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 22:34]

2009-02-10 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)
HKLM-Run-WD Button Manager - WDBtnMgr.exe
MSConfigStartUp-Launch Ai Booster - c:\program files\ASUS\Ai Booster\OverClk.exe
MSConfigStartUp-MediaPortal - c:\program files\Team MediaPortal\MediaPortal\mediaportal.exe
MSConfigStartUp-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-PCTV 310i Antenna Power - c:\program files\Pinnacle\Shared Files\Drivers\Tools\PCTV 310i Antenna Power.exe
MSConfigStartUp-PMCRemote - c:\program files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
MSConfigStartUp-PMCS - c:\program files\Pinnacle\Shared Files\\Programs\MediaCenterService\PMC.Service.Main.exe
MSConfigStartUp-Start WingMan Profiler - c:\program files\Logitech\Gaming Software\LWEMon.exe


.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = iexplore
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Télécharger avec Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: Télécharger la sélection avec Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Télécharger la vidéo avec Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://fichiers.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_9.cab
FF - ProfilePath - c:\documents and settings\JEREMY\Application Data\Mozilla\Firefox\Profiles\7l9se6s3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (FR)
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - plugin: c:\documents and settings\JEREMY\Application Data\Mozilla\Firefox\Profiles\7l9se6s3.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-10 21:33:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\JEREMY\LOCALS~1\Temp\mc21.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1390067357-343818398-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1390067357-343818398-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D459D1DF-8E7D-9734-3ECF-C454223F516F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ianfphgadepnadkmge"=hex:69,61,6b,69,6a,6a,6b,69,6e,6c,65,64,64,64,67,61,63,6a,
00,00
"hadghlfflbdnboop"=hex:69,61,6c,69,69,6b,64,68,65,61,70,63,6c,70,64,69,6f,6e,
00,00

[HKEY_USERS\S-1-5-21-1390067357-343818398-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:54,c2,6b,d2,0c,87,36,f7,28,7c,c3,a5,81,57,c1,b9,d3,91,e6,36,5d,27,b5,
e5,e9,5e,67,f2,3e,be,fa,37,dc,71,ce,b8,e7,0e,04,63,6d,9b,38,26,35,e0,a0,e4,\
"??"=hex:83,c8,99,f6,5f,d7,c8,97,32,7b,bf,46,ac,ba,40,4b

[HKEY_USERS\S-1-5-21-1390067357-343818398-725345543-1003\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:b5,7c,fe,82,dc,c4,36,31,02,90,ef,c4,14,7f,08,27,1f,b6,e1,57,41,
05,0d,25,40,d5,35,ed,14,4a,17,e6,c5,44,ec,ff,92,a5,7e,ad,bb,9d,a5,4c,6b,92,\
"rkeysecu"=hex:b7,c0,9a,5a,a2,e1,d2,24,2e,c4,d2,63,f2,34,8f,49

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,85,21,2a,51,fd,
92,f4,2f,c8,28,51,af,b0,29,a3,98,37,02,a6,6c,9f,f7,d9,81,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,70,cb,a2,2c,8c,
89,56,15,71,3b,04,66,8b,46,0d,96,9a,5f,13,d6,94,6e,a2,17,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,0b,76,33,b1,7c,
93,3c,0d,25,da,ec,7e,55,20,c9,26,9d,7c,18,bf,a7,5b,71,4a,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,df,81,b4,01,84,
8b,ca,5f,3e,1e,9e,e0,57,5a,93,61,80,8a,36,75,b2,4c,d2,22,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,9c,d1,75,1a,81,
77,c8,f8,cd,44,cd,b9,a6,33,6c,cd,56,02,4b,50,80,53,3e,68,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,f3,5b,a3,75,db,
49,a6,76,b0,18,ed,a7,3f,8d,37,a4,24,cf,c9,33,ad,74,50,c2,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,51,2e,0e,83,07,
ba,34,ea,31,77,e1,ba,b1,f8,68,02,0b,d3,fd,3c,de,35,8f,d9,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,4a,13,54,f4,6b,
f4,b0,8d,83,6c,56,8b,a0,85,96,ab,53,fd,17,da,55,8d,24,a3,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,42,6a,ff,33,7c,
2a,e1,c9,51,fa,6e,91,28,9e,14,cc,7e,d3,68,b9,46,05,17,f1,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,c3,50,c8,23,a7,
23,a3,f0,b1,cd,45,5a,a8,c4,f8,b9,e4,12,46,9a,37,15,8e,91,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,65,a0,30,25,c8,
c5,a3,ed,e3,0e,66,d5,eb,bc,2f,6b,a3,52,3f,ce,bb,34,65,60,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,ec,76,36,dc,28,
67,1f,68,fa,ea,66,7f,d4,3b,6b,70,42,6c,6a,16,1c,2c,7b,27,6c,43,2d,1e,aa,22,\

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="E6F5FA0F848F71B32AF964E657AE51586A998D5C935B721048F9F909725B3B77F35CE438A94BA4BF00B19066642D7EEF7FB46FD79218F047F61A16B7F7E666A11ECE7FC91B042AF6F04624B27CBBEF608CD9DBC19DA69838E435915CD91E54BFC0584A690F428B5E0D23FB5897901DE779F42AB0928E6A786FD861B6F8F9B361CDC9781E8990C49FF879A64901EAEFE73FB7E79E22DEDE4585D6AFEB8BF8A93A48B3EF54677FC68670BCE8D9D80A46676C96D569CFA95FFAA8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79338EDD5E5BE2F6E667FEBC9E127BECC74CBA7FD869164D67941BE6069DC555B69B71D00BB2CFABEA358FB72C0DD308C28EE743E7C5C4598CE4EBB7407B4F763D8627934D9D819F4DC16D8A5F060063282A9E46ADDB4CC420256B7C22521CBC7B4BBF54A12CC1041199A89873981CB06F71D43C35D826A19AEAA4325939863ECF71C80D3ED9B9FAEC37ECF7C9C7C341CAF47B7925E37E1144FBE706F71DEA05BD1291E8BCF8959CBAA92C7225E814568BD844838AF7049F8C314ADD713E298F69DDB1481C2D89F278151F052C25B02BABD3289655626BD503F723D0A1AE25501C940041BF6F4AFE4B2F3C62EAFBBFE8C635619F5AC7EB2BDC518EA8C256492DC50F1B1BEB8B90B17945C4EED0BD6CB19B5A6E41D11DC00DF1D2EBE679F202FE7735E2D14D259B726D35B9C3B01064980EB814D1D7AE295C40A6E03EC9123F15E686FD18712E2B9CB7F2612F43ED5BA6A758575DED1AE9ED6888D5171C99F5B0ED14D5D04AF107000885C5B222A3085693560521F653CA8A30C9F48B3FBF9E090A0695142D0BF75E37073404CDD4A49821E12B8FBB201670FED0306BE49036C65E152F2FD66ACAEE40A9400C2A75EFD0C4411E506A9C1DCFE116BABB216BBC08AF905923E45651DD422EBF69FCCFABD717C9F4BC9036B24D0BA70D31ED85B75FE7D98AA359E662C8FE6C4C6C7382207952E80A6325302E03CD26E23BA86530539568829A1B875743DE50C49A1BFE96F557207B88FDA0EAFCA4473D7513E631DC6BC4C0A2F4FA8C55EAD84A2FE80A5E00A982AEA0D9F3C93CABD3E03652BACCE93D8F8A0D1355657854984495343FCA4172394A56D8E62E37A229D38370E396DD07F8E95E0AFD471C6C385B70B60B31D57B7FB80AFD0E7E55F0B9E31959B9280E64C7ABCF4FB49A24AAF17F95922FEB4BB626A94CB14F28749D8820E6DEE91DC39956604DBE874DE6A815E18DC8C15BA83790906442E5196456B05D9038F1973E8A145E76145CD12F27857896422CE165B339234CDE5FC66C6B5E33ECFB273BAEC2013DA1746C9DBB0839FC2149AD656B8AA95D349BA0A6C35254FE88AAB0B03B6FB65B5664C32AC0D2BDEFD40E56CF9CB9"
"OODEFRAG11.00.00.01WORKSTATION"="37262371F698E25ED7827466978F5F8A2C3DCE27B1E10361B3962FEDF541678F77C2967CDD9B3F8608F0592AE9D2AEF48230FB4BF6483018B3A1A2E31FB409D6B8F38F2FADCC552A42BBB3EE9FBC18E1580A4916B8F36727B964853824B61F62C18254D1A50BA860E760AADA6271D054479BE0AA29EB309EB8A6A22C5FD4A0F0FDC9F0656C0B4132FD712A4B3EE890C10D4D2EE1DEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A6A0AC4980AC7933C038D530D6EB34528EDD5E5BE2F6E667F631EE2F0093524F7871D871C49D5956F67715D785F6703F75A048CE1777930A847A96087BC0F4E9B856DFCE80D7A1506EF4D2DDB35B74926BB741CBA0BC5C9F3E6AD284648E70BC7D1AFC540667D259CB78558232CBE5F53355A7F7B22F51914D2363834402D9ADB70E5E99354FFD626325593353ECF07FA88B633CB238DCBDAFC4FE05396377062B8525567EDA67BC5E9F8E06002A772AF77251229E011BEB39794C2E73BF4573EE5AE669E8168820381295AFB1310F57A3A4425B86F9E042116CEBC6B865F188EE69AED50ED18C2544A8080CF8F282C8813F77BA0FD5B34E314C6BBD62E9E1B86C9179BF9E24D4CAA496EE987828CDA63AE62DB96E0C4F7FE7CD52A2DDA5AD5F7938BA71D9E4F5F453124BF96748A3FB4D408BF274D7A02BD92997AAAB331E37FD47585998B238E71CD28EF6129268380BF635A6FD37CA09FB98AAAE6173B464B62A2A8943EC18CF22182079560AB5AE9AB93C3701EE24351A5B6A2B2A0BA4EAB2D10137D8BA463AD7A25A91A8F45918743BAAAF05053832D1B62CC140E1D5B3D6331DBCEA84A79908B80EF08F5BD50DE6B2FAB9A745446197F13938F5A3E28D5946B597A1F653C2CD24FC6EA58C5F0F14599D26973E3B0DB0D7CFF4B1C11B29C688F36A3503177319B15E069C1BDF02716F76E71BC344E13A399F866B6E041C7D79F5F9F4DF73C7B1B2DDD6B55DF52BC8B5DD1988EC396E20694D9E31A352DFB41FCD3143839CC2AEFD19A1C8EB7138B77420F24C14A8A9A63F738F241C74D07002021D162EFBCA7C6D2450C0275836B075FCD5E758D5E863961ED4F9D887B10F2D0C71F6DEAC2BDB5D86EA1E2FE41B7808A7C66E1EB66B43CF4E8A7B9E60273FB3D902065B7F10E2B0BAA2F16B04BC2AFE49ED0A0CF4D003CE79EF05F3063C05A74E4AF3AC790D784DAE49660557D532AFFD95740DF09C36F9086C0AA6345B37A3BEE5872153195B1B47D5346B3587D2F454AF00503CB644BD57088D45DAD70443F4991A48F80F9A085AE12CD0A5D422AE524E8EC99CEDE68938EE2A259C67682830C81CF80B2B1C07332F31A9E6A409BF6FA99B2F0DF02D5170F20CDDD1223A7621000E4ADE12988D101F39B06A42470E95"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(616)
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Retrospect\Retrospect 7.5\retrorun.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2009-02-10 21:37:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-10 20:37:03

Pre-Run: 15,783,268,352 octets libres
Post-Run: 17,943,396,352 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect

577 --- E O F --- 2009-01-22 19:10:55
0
Réponse 26 / 28
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
10 févr. 2009 à 21:44
Maintenant, tu peux faire la mise à jour de MBAM et faire un examen rapide ;)
0
Réponse 27 / 28
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009
10 févr. 2009 à 21:57
Examen refait :

Malwarebytes' Anti-Malware 1.33
Version de la base de données: 1742
Windows 5.1.2600 Service Pack 3

2/10/2009 9:57:24 PM
mbam-log-2009-02-10 (21-57-24).txt

Type de recherche: Examen rapide
Eléments examinés: 59047
Temps écoulé: 3 minute(s), 58 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\RECYCLER\S-1-5-21-0982818026-0792038349-964117139-9221\service.exe (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\winse32.exe (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\spoolsv.exe (Trojan.Agent) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise32.exe (Backdoor.Bot) -> Delete on reboot.
C:\RECYCLER\S-1-6-21-2434476501-1644491937-600003330-1213\autorunme.exe (Backdoor.Bot) -> Delete on reboot.
C:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\ise323.exe (Backdoor.Bot) -> Delete on reboot.
0
Réponse 28 / 28
Jejebond Messages postés 21 Date d'inscription mardi 10 février 2009 Statut Membre Dernière intervention 16 juin 2009
10 févr. 2009 à 22:15
J'ai rebooté comme demandé et tout remarche nikel: IE, plus de pub "advertissement", MAJ possibles... Pour l'instant^^

Je tiens à te remercier énormément pour ton aide et le temps que tu m'as consacrer. En espérant avoir de tes conseils une autres fois (on est jamais à l'abri^^), encore merci.

PS: Encore une chose... que me conseil tu pour me protéger au mieux ? (La totale quoi ^^ quel Anti-vir/troj...)
Actuellement j'ai Antivir et j'ésite entre Spybot S&D et Ad aware... à moin que tu m'en propose d'autres.

Si je fais Antivir, malwarebytes et spybot (pour protection continue) c'est bon ? C'est compatible aussi ?
0

Discussions similaires

[PIX] Commencer chaque poème sur une nouvelle page
ETHAN -
Willzac -

19 réponses
Google Chrome "  Échec de l'analyse antivirus "
jmpower -
Coco71 -

15 réponses
Musique pub Skoda IV
SkodaIV -
Duck -

16 réponses