Help Lag

Résolu
Navid_92 Messages postés 778 Statut Membre -  
Navid_92 Messages postés 778 Statut Membre -
Bonjour,
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:07, on 11/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Documents and Settings\Navid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Documents and Settings\Navid\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\Navid\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Steam\steam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OFFICE11\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Documents and Settings\Navid\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\flashget.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Navid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PSwitch] C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Navid\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\flashget.exe" /min
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Navid\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://euroafkabparis.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://studioladefense.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer = 212.27.40.240,212.27.40.241
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Planificateur PC-BaX - Unknown owner - C:\Program Files\Cristie\PC-BaX 4.30.1\_BSSVC.EXE (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 14925 bytes
POUVEZ VOUS M'INDIQUER SI IL Y A DES PROBLEMES
NAVID
Configuration: Windows XP
Firefox 3.0.5

14 réponses

  1. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    bonjour, passes toolbar S&D et poste le rapport , Merci

    Télécharge ToolBar-S&D ( Merci à Eric_71, Angeldark, Sham_Rock et XmichouX )
    https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

    Lances l'installation du programme en exécutant le fichier téléchargé.
    Double-clique maintenant sur le raccourci de Toolbar-S&D.
    Sélectionnes la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
    Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
    Postes le rapport généré. (C:\TB.txt)
    0
  2. Navid_92
     
    -----------\\ ToolBar S&D 1.2.8 XP/Vista

    Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3
    X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 3800+ )
    BIOS : )Phoenix - Award WorkstationBIOS v6.00PG
    USER : Navid ( Administrator )
    BOOT : Normal boot
    Antivirus : AVG Anti-Virus Free 8.0 (Activated)
    C:\ (Local Disk) - NTFS - Total:113 Go (Free:22 Go)
    D:\ (Local Disk) - FAT32 - Total:114 Go (Free:61 Go)
    E:\ (CD or DVD)
    G:\ (USB)
    H:\ (USB)
    I:\ (USB)
    K:\ (USB)

    "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
    Option : [1] ( 11/02/2009|22:23 )

    -----------\\ Recherche de Fichiers / Dossiers ...

    -----------\\ Extensions

    (Navid) - {b9db16a4-6edc-47ec-a1f4-b86292ed211d} => dwhelper

    -----------\\ [..\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr"
    "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
    "Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
    "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
    "Local Page"="C:\\windows\\system32\\blank.htm"
    "Start Page"="https://www.msn.com/fr-fr/"
    "Search Bar"="https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm"

    --------------------\\ Recherche d'autres infections

    Aucune autre infection trouvée !

    1 - "C:\ToolBar SD\TB_1.txt" - 11/02/2009|22:25 - Option : [1]

    -----------\\ Fin du rapport a 22:25:20,81

    CORDIALEMENT
    EN ATTENTE D UNE REPONSE !
    0
  3. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    bon , rien de particulier la dessus tu as des problème particulier ??? car je ne vois pas de problème mais passes< malwarebytes par sécurité

    Télécharge Malwarebytes' Anti-Malware: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    . sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
    . enregistres le sur le bureau
    . Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
    . si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
    . Il va se mettre à jour une fois faite
    . rend-toi dans l'onglet, Recherche
    . Sélectionnes Exécuter un examen complet
    . Cliques sur Rechercher
    . Le scan démarre.
    . A la fin de l'analyse, un message s'affiche :
    L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    . Cliques sur Ok pour poursuivre.
    . Si des malwares ont été détectés, cliques sur Afficher les résultats
    . Sélectionnes tout (ou laisses cochés)

    . cliques sur Supprimer la sélection

    . Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    . Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
    . redemarre le pc
    . une fois redémarré double-cliques sur malwarebytes
    . rends toi dans l'onglet rapport/log
    . tu cliques dessus pour l'afficher une fois affiché
    . tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
    . tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
    . tu cliques droit dans le cadre de la reponse et coller

    0
  4. Navid_92
     
    Merci, mon problème n'est pas très important mais tout de même car je sens que mon PC freeze et lag quand je lance une application ou autre.
    Je ne sais pas si cela viens de cookies ou virus,..
    L'analyse est lancée je te posterai le rapport de midi vers 13h20.
    Cordialement
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    ok si tu pense que c'est du à des cookies après malwarebytes tu peux passer ccleaner comme expliqué

    passes Ccleaner avec ces réglages LA

    télécharge Ccleaner à partir de cette adresses

    .enregistres le sur le bureau
    .double-cliques sur le fichier pour lancer l'installation
    .sur la fenêtre de l'installation langage bien choisir français et OK
    .cliques sur suivant
    .lis la licence et j'accepte
    .cliques sur suivant
    .la tu ne gardes de coché que mettre un raccourci sur le bureau et puis contrôler automatiquement les mises à jour de Ccleaner
    .cliques sur intaller
    .cliques sur fermer
    .double-cliques sur l'icône de Ccleaner pour l'ouvrir
    .une fois ouvert tu cliques sur option et puis avancé
    .tu décoches effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures
    .cliques sur nettoyeur
    .cliques sur windows et dans la colonne avancé
    .cochesla première case vieilles données du perfetch que celle-la ce qui te donnes la case vielles données du perfetch et la case avancé qui c'est coché automatiquement mais que celle-la
    .cliques sur analyse une fois l'analyse terminé
    .cliques sur lancer le nettoyage et sur la demande de confirmation OK il vas falloir que tu le refasses une autre fois une fois fini vériffis en appuiant de nouveau sur analyse pour être sur qu'il n'y est plus rien
    .cliques maintenant sur registre et puis sur rechercher les erreurs
    .laisses tout cochées et cliques sur réparrer les erreurs sélectionnées
    .il te demande de sauvegarder OUI
    .tu lui donnes un nom pour pouvoir la retrouver et enregistre
    .cliques sur corriger toutes les erreurs sélectionnées et sur la demande de confirmation OK
    .il supprime et fermer tu vériffis en relancant rechercher les erreurs
    .tu retournes dans option et tu recoches la case effacer uniquement les fichiers, du dossier temp de windows plus vieux que 48 heures et sur nettoyeur, windows sous avancé tu décoches la première case vieilles données du perfetch
    .tu peux fermer Ccleaner

    et pour mieux le connaire : https://jesses.pagesperso-orange.fr/Docs/Logiciels/CCleaner.htm
    0
  7. Navid_92
     
    Rebonjour,
    Après avoir fait une analyse malware bytes sa m'a écrit un élément infecté mais quand je fait afficher les résultats il n'y avait rien. Quand je veux enregistrer sa me met un message d'erreur. Cela est normal que l'analyse a duré 8 Hours, 54 Minutes, 45 Seconds.
    J'utilise CCleaner depuis longtemps et supprime les cookies et autre.
    Aurait-tu d'autre idée pour améliorer la vitesse du PC voir baisser les lags.
    0
  8. Navid_92
     
    Je te remet un rapport hijackthis cela peut toujours t'aider.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 07:56:57, on 12/02/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Stardock\CursorFX\CursorFX.exe
    C:\Documents and Settings\Navid\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Documents and Settings\Navid\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Documents and Settings\Navid\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Documents and Settings\Navid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Documents and Settings\Navid\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
    O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
    O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
    O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\flashget.exe" /min
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Navid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Navid\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
    O4 - HKCU\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\flashget.exe" /min
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Navid\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
    O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://euroafkabparis.spaces.live.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://studioladefense.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer = 212.27.40.240,212.27.40.241
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Planificateur PC-BaX - Unknown owner - C:\Program Files\Cristie\PC-BaX 4.30.1\_BSSVC.EXE (file missing)
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    0
  9. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    bonjour, bizare que malwarebytes si il te dit avoir trouvé quelque chose ne te l'affiche pas, coté infection sur hijackthis je ne vois rien mais tu peux toujours essayer combofix mais la perso comme c'est un outil à risque je te donne la procédure mais si tu l'utilises tu prends bien soins de suivre les recommendations du tutoriel officiel que tu prendras le temps de lire avant , et surtout de ne pas toucher au pc pendant qu'il travail

    Télécharge Combofix.exe de sUBs sur ton Bureau;

    tutoriel officiel prend le temps de le lire : https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    Déconnectes toi d'internet et désactives ton antivirus pour que Combofix puisse s'exécuter normalement.

    Doubles clique sur Combofix.exe
    Mets le en langue française F
    Tape sur la touche 1 (Yes) pour démarrer le scan.

    tu Ne touches à rien tant que le scan n'est pas terminé.

    En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

    Une fois le scan achevé, un rapport va s'afficher : Poste son contenu et un nouveau rapport HijackThis

    Réactives la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à Internet.

    Note : Le rapport se trouve également là : C:\Combofix.txt
    0
  10. Navid_92 Messages postés 778 Statut Membre 87
     
    ComboFix 09-02-12.03 - Navid 2009-02-12 23:01:11.2 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1022.249 [GMT 1:00]
    Lancé depuis: c:\documents and settings\Navid\Bureau\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Navid\Application Data\BITS
    c:\documents and settings\Navid\Application Data\BITS\BITS.ini
    c:\documents and settings\Navid\Application Data\BITS\DHTTable.dat
    c:\documents and settings\Navid\Application Data\BITS\ProxyList.ini
    c:\documents and settings\Navid\Application Data\BITS\UPnP.ini
    c:\program files\FlashGet Network
    c:\program files\FlashGet Network\FlashGet universal\dbtrans_verbose.log
    c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
    c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
    c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
    c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
    c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
    c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
    c:\program files\FlashGet Network\FlashGet universal\transaction.log
    c:\windows\system32\AutoRun.inf

    .
    ((((((((((((((((((((((((((((( Fichiers créés du 2009-01-12 au 2009-02-12 ))))))))))))))))))))))))))))))))))))
    .

    2009-02-12 13:13 . 2009-02-12 13:13 <REP> d-------- C:\rsit
    2009-02-12 07:17 . 2009-02-08 20:38 15,688 --a------ c:\windows\system32\lsdelete.exe
    2009-02-11 23:21 . 2009-02-11 23:21 <REP> d-------- c:\documents and settings\NetworkService\Bureau
    2009-02-11 22:23 . 2009-02-12 22:56 <REP> d-------- C:\ToolBar SD
    2009-02-11 17:28 . 2009-02-12 07:17 <REP> d-------- c:\windows\Patch Darluok
    2009-02-10 21:32 . 2009-02-10 21:32 <REP> d-------- c:\program files\adslTV
    2009-02-10 21:05 . 2007-05-16 16:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
    2009-02-10 21:05 . 2007-05-16 16:45 1,124,720 --a------ c:\windows\system32\D3DCompiler_34.dll
    2009-02-10 21:05 . 2007-05-16 16:45 443,752 --a------ c:\windows\system32\d3dx10_34.dll
    2009-02-10 21:05 . 2007-05-31 19:30 266,088 --a------ c:\windows\system32\xactengine2_8.dll
    2009-02-10 21:05 . 2007-05-31 19:29 18,280 --a------ c:\windows\system32\x3daudio1_2.dll
    2009-02-10 21:01 . 2009-02-10 21:06 103,736 --a------ c:\windows\system32\PnkBstrB.exe
    2009-02-10 21:01 . 2009-02-10 21:06 66,872 --a------ c:\windows\system32\PnkBstrA.exe
    2009-02-10 21:01 . 2009-02-10 21:06 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
    2009-02-10 21:01 . 2009-02-10 21:01 22,328 --a------ c:\documents and settings\Navid\Application Data\PnkBstrK.sys
    2009-02-10 21:01 . 2009-02-10 21:01 319 --a------ c:\windows\game.ini
    2009-02-10 20:33 . 2009-02-10 20:33 <REP> d-------- c:\program files\Activision
    2009-02-10 13:19 . 2009-02-10 13:19 <REP> d-------- c:\documents and settings\Navid\Application Data\Nvu
    2009-02-10 13:16 . 2009-02-10 13:16 <REP> d-------- c:\program files\Nvu
    2009-02-09 22:32 . 2009-02-09 22:32 <REP> d-------- c:\program files\Microsoft Works
    2009-02-09 22:32 . 2000-10-26 22:48 392,192 -ra------ c:\windows\system32\ltkrn11n.dll
    2009-02-09 22:32 . 2000-10-26 22:48 285,184 -ra------ c:\windows\system32\lfcmp11n.dll
    2009-02-09 22:32 . 2000-10-26 22:48 262,656 -ra------ c:\windows\system32\ltdis11n.dll
    2009-02-09 22:32 . 2000-10-26 22:48 172,032 -ra------ c:\windows\system32\lfpng11n.dll
    2009-02-09 22:32 . 2000-10-26 22:48 127,488 -ra------ c:\windows\system32\ltimg11n.dll
    2009-02-09 22:32 . 2000-10-26 22:48 118,784 -ra------ c:\windows\system32\ltfil11n.dll
    2009-02-09 22:32 . 2000-10-26 22:48 59,392 -ra------ c:\windows\system32\lfwmf11n.dll
    2009-02-09 22:32 . 2000-10-26 22:48 36,864 -ra------ c:\windows\system32\lfbmp11n.dll
    2009-02-09 22:26 . 2009-02-09 22:26 <REP> dr-h----- C:\MSOCache
    2009-02-09 21:23 . 2009-02-09 21:23 <REP> d-------- c:\program files\WinHTTrack
    2009-02-09 21:09 . 2009-02-09 21:09 <REP> d-------- C:\profiles
    2009-02-09 20:06 . 2009-02-09 20:06 <REP> d-------- c:\temp\ext48948
    2009-02-09 20:06 . 2009-02-09 20:06 <REP> d-------- C:\temp
    2009-02-09 20:06 . 2009-02-10 00:25 <REP> d-------- c:\program files\Microsoft FrontPage Express
    2009-02-09 20:06 . 2009-02-10 00:25 91 --a------ c:\windows\fpxpress.ini
    2009-02-09 08:15 . 2009-02-09 08:15 <REP> d-------- c:\program files\VirginMega
    2009-02-09 08:14 . 2009-02-09 08:14 <REP> d-------- c:\documents and settings\All Users\Application Data\Downloaded Installations
    2009-02-06 23:43 . 2009-02-06 23:43 <REP> d-------- c:\documents and settings\Navid\Application Data\Media Player Classic
    2009-02-06 23:29 . 2009-02-06 23:29 <REP> d-------- c:\program files\AviSynth 2.5
    2009-02-06 23:28 . 2009-02-06 23:28 <REP> d-------- c:\program files\K-Lite Codec Pack
    2009-02-06 23:28 . 2008-09-24 19:41 839,680 --a------ c:\windows\system32\lameACM.acm
    2009-02-06 23:28 . 2008-12-08 12:53 57,344 --a------ c:\windows\system32\ff_vfw.dll
    2009-02-06 23:28 . 2007-07-10 17:10 547 --a------ c:\windows\system32\ff_vfw.dll.manifest
    2009-02-06 23:28 . 2008-10-03 13:30 414 --a------ c:\windows\system32\lame_acm.xml
    2009-02-06 23:25 . 2009-02-06 23:25 <REP> d-------- c:\program files\eRightSoft
    2009-02-04 20:53 . 2009-02-04 20:53 <REP> d-------- C:\HLServer
    2009-02-03 23:41 . 2009-02-03 23:41 <REP> d-------- c:\program files\MSECache
    2009-02-03 19:42 . 2009-02-03 19:43 <REP> d-------- c:\program files\mp3DirectCut
    2009-02-03 18:28 . 2009-02-03 18:28 <REP> d-------- c:\program files\Fichiers communs\Windows Live
    2009-02-03 16:13 . 2009-02-12 12:59 <REP> d-------- c:\program files\MovieMaking by LANguille
    2009-02-03 09:32 . 2009-02-03 09:32 <REP> d-------- c:\windows\system32\Futuremark
    2009-02-03 09:23 . 2009-02-03 09:23 <REP> d-------- C:\865c6e4bf89fb0dd2888b01107c053
    2009-02-03 09:22 . 2009-02-03 09:22 <REP> dr-h----- C:\AHCache
    2009-02-02 23:33 . 2009-02-02 23:33 262,144 --a------ c:\windows\system32\wrap_oal.dll
    2009-02-02 23:33 . 2009-02-02 23:33 86,016 --a------ c:\windows\system32\OpenAL32.dll
    2009-02-02 23:22 . 2007-09-07 14:55 27,672 --a------ c:\windows\system32\drivers\Entech.sys
    2009-02-02 23:22 . 2007-09-07 14:55 12,744 --a------ c:\windows\system32\drivers\Entech64.sys
    2009-02-02 23:22 . 2007-09-07 14:55 6,173 --a------ c:\windows\system32\drivers\Entech.vxd
    2009-02-02 23:22 . 2001-11-19 20:05 3,972 --a------ c:\windows\system32\drivers\PciBus.sys
    2009-02-02 23:20 . 2009-02-02 23:20 <REP> d-------- c:\program files\Futuremark
    2009-02-02 20:03 . 2009-02-03 12:58 <REP> d-------- c:\program files\ATITool
    2009-02-02 01:19 . 2009-02-02 01:20 <REP> d-------- c:\documents and settings\Navid\Application Data\Microgaming
    2009-02-02 01:18 . 2009-02-02 01:18 <REP> d-------- C:\Microgaming
    2009-02-01 20:56 . 2009-02-03 13:43 <REP> d-------- c:\program files\compLexity Demo Player
    2009-02-01 20:37 . 2009-01-18 22:30 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
    2009-02-01 20:33 . 2009-02-03 09:22 <REP> d-------- c:\program files\Lavasoft
    2009-02-01 20:33 . 2009-02-03 09:22 <REP> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
    2009-01-31 23:06 . 2009-02-03 09:21 <REP> d-------- c:\program files\Pvm
    2009-01-31 20:59 . 2009-02-03 12:57 <REP> d-------- C:\Casino
    2009-01-31 12:24 . 2009-02-03 09:09 <REP> d-------- c:\program files\Freeplayer
    2009-01-31 12:06 . 2009-02-03 09:20 <REP> d-------- c:\program files\FpTest
    2009-01-30 21:37 . 2009-01-30 21:37 <REP> d-------- c:\program files\Maïdo Production
    2009-01-29 18:20 . 2009-02-03 09:20 <REP> d-------- c:\program files\WinHex
    2009-01-29 14:03 . 2009-02-03 12:59 <REP> d-------- c:\program files\ma-config.com
    2009-01-29 14:03 . 2009-02-03 12:59 <REP> d-------- c:\documents and settings\All Users\Application Data\ma-config.com
    2009-01-28 22:50 . 2009-01-28 22:50 <REP> d-------- c:\documents and settings\Navid\Application Data\Screaming Bee
    2009-01-28 22:49 . 2009-02-03 09:19 <REP> d-------- c:\documents and settings\All Users\Application Data\Screaming Bee
    2009-01-26 20:17 . 2009-02-03 09:19 <REP> d-------- c:\program files\PhotoFiltre
    2009-01-26 13:15 . 2009-02-03 09:13 <REP> d-------- c:\program files\Wakfu
    2009-01-24 13:19 . 2009-02-03 09:14 <REP> d-------- c:\program files\No-IP
    2009-01-24 13:02 . 2009-02-04 21:54 <REP> d-------- C:\HLDS
    2009-01-24 13:00 . 2009-01-24 13:00 0 --a------ c:\documents and settings\Navid\hldsupdatetool.exe
    2009-01-24 12:50 . 2009-02-03 09:18 <REP> d-------- C:\srcds
    2009-01-23 23:55 . 2009-02-03 09:18 <REP> d-------- c:\documents and settings\Navid\Application Data\Logitech
    2009-01-23 23:55 . 2008-09-26 09:52 10,384 --a------ c:\windows\system32\drivers\LBeepKE.sys
    2009-01-23 23:54 . 2009-01-23 23:54 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
    2009-01-23 23:54 . 2009-01-23 23:54 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
    2009-01-23 23:50 . 2008-11-07 16:37 301,656 --a------ c:\windows\system32\BtCoreIf.dll
    2009-01-23 23:50 . 2008-11-07 16:38 170,512 --a------ c:\windows\system32\kemutb.dll
    2009-01-23 23:50 . 2008-11-07 16:38 145,936 --a------ c:\windows\system32\KemUtil.dll
    2009-01-23 23:50 . 2008-11-07 16:38 117,264 --a------ c:\windows\system32\KemWnd.dll
    2009-01-23 23:50 . 2008-11-07 16:38 84,496 --a------ c:\windows\system32\KemXML.dll
    2009-01-23 23:49 . 2009-02-03 09:17 <REP> d-------- c:\documents and settings\All Users\Application Data\Logitech
    2009-01-22 21:26 . 2009-02-03 13:03 <REP> d-------- c:\program files\PowerStrip
    2009-01-20 19:40 . 2009-01-20 19:40 1,946 --a------ C:\users.ini
    2009-01-19 18:26 . 2009-01-19 18:27 <REP> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
    2009-01-18 22:10 . 2009-02-09 21:12 <REP> d-------- C:\Downloads
    2009-01-16 20:39 . 2009-01-16 20:39 127,034 -r------- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
    2009-01-16 20:37 . 2009-01-16 20:37 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
    2009-01-16 20:37 . 2009-01-16 20:37 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
    2009-01-16 20:35 . 2009-02-03 09:17 <REP> d-------- c:\program files\Fichiers communs\Logishrd
    2009-01-16 20:34 . 2009-01-16 20:38 <REP> d-------- c:\program files\Logitech
    2009-01-16 20:34 . 2009-01-16 20:34 <REP> d-------- c:\documents and settings\All Users\Application Data\LogiShrd
    2009-01-15 21:20 . 2006-06-27 14:24 31,744 --a------ c:\windows\system32\drivers\AmdTools.sys
    2009-01-15 19:40 . 2009-01-15 19:40 <REP> d-------- c:\program files\Custom-Strike
    2009-01-15 18:01 . 2009-02-12 22:47 <REP> d-------- c:\program files\Steam
    2009-01-15 17:49 . 2009-01-15 17:49 <REP> d-------- c:\documents and settings\Navid\Application Data\Blender Foundation
    2009-01-15 13:53 . 2009-02-03 09:18 <REP> d-------- c:\program files\FlashGet
    2009-01-13 18:30 . 2009-01-13 18:30 37,440 --a------ c:\windows\system32\drivers\pssdklbf.drv
    2009-01-13 18:30 . 2009-01-13 18:30 30,272 --a------ c:\windows\system32\drivers\pssdk31.drv
    2009-01-13 17:00 . 2009-01-13 17:00 <REP> d-------- c:\documents and settings\Navid\Application Data\WNR

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-02-12 20:17 --------- d-----w c:\program files\eChanblard
    2009-02-12 19:12 --------- d-----w c:\documents and settings\Navid\Application Data\HPAppData
    2009-02-12 16:27 --------- d-----w c:\documents and settings\Navid\Application Data\mIRC
    2009-02-12 16:26 --------- d-----w c:\program files\mIRC
    2009-02-12 11:56 --------- d-----w c:\program files\Notepad++
    2009-02-12 11:56 --------- d-----w c:\documents and settings\Navid\Application Data\Notepad++
    2009-02-12 06:53 --------- d-----w c:\program files\CCleaner
    2009-02-11 22:02 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
    2009-02-11 18:15 --------- d-----w c:\program files\Visio11
    2009-02-11 18:11 --------- d-----w c:\program files\OFFICE11
    2009-02-11 16:29 --------- d-----w c:\program files\World of Warcraft
    2009-02-11 09:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
    2009-02-11 09:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
    2009-02-10 20:00 --------- d--h--w c:\program files\InstallShield Installation Information
    2009-02-10 18:57 --------- d-----w c:\documents and settings\Navid\Application Data\FileZilla
    2009-02-10 16:42 --------- d-----w c:\documents and settings\Navid\Application Data\HLSW
    2009-02-10 15:29 --------- d-----w c:\documents and settings\Navid\Application Data\teamspeak2
    2009-02-10 00:08 --------- d-----w c:\program files\BitComet
    2009-02-09 07:11 --------- d-----w c:\program files\Windows Media Connect 2
    2009-02-06 22:26 --------- d-----w c:\program files\DivX
    2009-02-06 22:25 --------- d-----w c:\program files\MediaCoder
    2009-02-05 19:25 --------- d-----w c:\program files\Dofus
    2009-02-05 17:44 --------- d-----w c:\program files\Teamspeak2_RC2
    2009-02-05 13:38 --------- d-----w c:\documents and settings\Navid\Application Data\dvdcss
    2009-02-05 12:53 --------- d-----w c:\documents and settings\Navid\Application Data\Skype
    2009-02-05 12:06 --------- d-----w c:\documents and settings\Navid\Application Data\skypePM
    2009-02-03 15:59 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
    2009-02-03 12:02 --------- d-----w c:\program files\QuickMediaConverter
    2009-02-03 11:58 --------- d-----w c:\program files\Stardock
    2009-02-03 08:21 --------- d-----w c:\program files\Spybot - Search & Destroy
    2009-02-03 08:21 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-02-03 08:20 --------- d-----w c:\program files\HardwareDetection
    2009-02-03 08:18 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
    2009-02-03 08:17 --------- d-----w c:\program files\Fichiers communs\Symantec Shared
    2009-02-03 08:07 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
    2009-01-31 11:25 --------- d-----w c:\documents and settings\Navid\Application Data\vlc
    2009-01-27 23:48 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys
    2009-01-27 23:48 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys
    2009-01-27 23:48 10,520 ----a-w c:\windows\system32\avgrsstx.dll
    2009-01-18 12:54 --------- d-s---w c:\program files\HLSW
    2009-01-16 20:15 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
    2009-01-11 21:40 --------- d-----w c:\documents and settings\Navid\Application Data\AVGTOOLBAR
    2009-01-10 21:59 --------- d-----w c:\program files\Hewlett-Packard
    2009-01-10 12:01 --------- d-----w c:\program files\FileZilla FTP Client
    2009-01-09 11:46 --------- d-----w c:\program files\SlySoft
    2009-01-07 17:38 --------- d-----w c:\program files\Half-Life Model Viewer
    2009-01-06 19:43 --------- d-----w c:\program files\Sony
    2009-01-06 19:42 --------- d-----w c:\documents and settings\Navid\Application Data\Hide IP NG
    2009-01-06 19:41 --------- d-----w c:\program files\TheMOBIWeb
    2009-01-06 19:41 --------- d-----w c:\program files\ElcomSoft
    2009-01-06 19:41 --------- d-----w c:\program files\A4Proxy
    2009-01-06 18:28 --------- d-----w c:\documents and settings\Navid\Application Data\Mumble
    2009-01-06 18:27 --------- d-----w c:\documents and settings\Navid\Application Data\Ventrilo
    2009-01-06 18:26 --------- d-----w c:\program files\Mumble
    2009-01-06 18:25 --------- d-----w c:\program files\Ventrilo
    2009-01-04 18:17 --------- d-----w c:\program files\THQ
    2009-01-04 18:17 --------- d-----w c:\program files\Speed Gear 5
    2009-01-04 18:17 --------- d-----w c:\program files\Space Taxi 2
    2009-01-03 08:07 81,920 ----a-w c:\windows\system32\frapsvid.dll
    2009-01-02 14:21 --------- d-----w c:\program files\AVG
    2009-01-01 13:43 --------- d-----w c:\program files\Google
    2008-12-31 11:43 --------- d-----w c:\documents and settings\All Users\Application Data\rkfree
    2008-12-31 11:43 --------- d-----w c:\documents and settings\All Users\Application Data\EmailNotifier
    2008-12-30 10:29 1,037,824 ----a-w c:\windows\system32\dllcache\explorer.exe
    2008-12-30 10:29 1,037,824 ----a-w c:\windows\explorer.exe
    2008-12-29 23:31 --------- d-----w c:\program files\MessenPass
    2008-12-28 16:43 --------- d-----w c:\documents and settings\Navid\Application Data\DeepBurner
    2008-12-28 16:38 --------- d-----w c:\program files\Astonsoft
    2008-12-28 11:31 --------- d-----w c:\program files\Alwil Software
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\wininet.dll
    2008-12-20 22:47 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
    2008-12-20 22:47 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
    2008-12-20 22:47 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
    2008-12-20 22:47 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
    2008-12-20 22:47 233,472 ----a-w c:\windows\system32\dllcache\webcheck.dll
    2008-12-20 22:47 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
    2008-12-20 22:47 105,984 ----a-w c:\windows\system32\dllcache\url.dll
    2008-12-20 22:47 102,912 ----a-w c:\windows\system32\dllcache\occache.dll
    2008-12-20 22:47 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
    2008-12-19 09:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
    2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
    2008-12-19 05:25 634,024 ----a-w c:\windows\system32\dllcache\iexplore.exe
    2008-12-19 05:23 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
    2008-12-17 18:41 --------- d-----w c:\program files\Microsoft Silverlight
    2008-12-17 18:36 --------- d-----w c:\documents and settings\Navid\Application Data\DivX
    2008-12-16 18:42 --------- d-----w c:\program files\DLFreeTools
    2008-12-14 20:19 --------- d-----w c:\program files\TSO
    2008-12-14 20:19 --------- d-----w c:\program files\Trend Micro
    2008-12-14 20:19 --------- d-----w c:\program files\Total Video Converter
    2008-12-14 20:19 --------- d-----w c:\program files\TMPGEnc-2.524.63.181-Free
    2008-12-14 20:19 --------- d-----w c:\program files\Sony Setup
    2008-12-14 20:19 --------- d-----w c:\program files\Services en ligne
    2008-12-14 20:19 --------- d-----w c:\program files\Red Kawa
    2008-12-14 20:19 --------- d-----w c:\program files\RADVideo
    2008-12-14 20:19 --------- d-----w c:\program files\Micro Application
    2008-12-14 20:19 --------- d-----w c:\program files\deo
    2008-12-14 20:19 --------- d-----w c:\program files\Combined Community Codec Pack
    2008-12-14 20:17 --------- d-----w c:\program files\QuickTime
    2008-12-14 20:17 --------- d-----w c:\program files\PowerQuest
    2008-12-14 20:17 --------- d-----w c:\program files\Nuked-Klan
    2007-08-24 19:52 300,400 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
    2007-01-02 16:08 1,132,843 --sh--w c:\windows\Config\gimcac.bak1
    2007-02-02 11:11 447,240 --sh--w c:\windows\Config\gimcac.bak2
    2007-02-02 22:39 469,564 --sh--w c:\windows\Config\gimcac.ini2
    2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
    2008-03-16 12:30 216,064 --sh--r c:\windows\system32\nbDX.dll
    2008-09-03 14:01 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Historique\History.IE5\MSHist012008090320080904\index.dat
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIsoB.dll" [2008-07-27 1606680]

    [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]
    2008-07-27 20:11 1606680 --a------ c:\program files\IsoBuster\tbIsoB.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}"= "c:\program files\IsoBuster\tbIsoB.dll" [2008-07-27 1606680]

    [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{266FCDCA-7BB3-4DA7-B3BF-F845DEA2EBD6}"= "c:\program files\IsoBuster\tbIsoB.dll" [2008-07-27 1606680]

    [HKEY_CLASSES_ROOT\clsid\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6}]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
    "CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
    "Google Update"="c:\documents and settings\Navid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-25 133104]
    "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-12-01 1406192]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-28 1601304]
    "amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
    "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-08 509784]
    "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-10-10 c:\windows\KHALMNPR.Exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\Navid\Menu D‚marrer\Programmes\D‚marrage\
    Outil de d‚tection de support Picture Motion Browser.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2008-11-17 385024]
    Outil de notification Live Search.lnk - c:\documents and settings\Navid\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe [2009-02-03 143360]

    c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]
    Lancement rapide de Microsoft Office OneNote 2003.lnk - c:\program files\OFFICE11\ONENOTEM.EXE [2007-04-19 64864]
    Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-01-18 67128]
    Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-23 809488]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
    2008-11-07 16:41 72208 c:\program files\Fichiers communs\Logishrd\Bluetooth\LBTWLgn.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-01-28 00:48 10520 c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "vidc.I420"= i420vfw.dll
    "msacm.l3codec"= l3codecp.acm

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
    @=""

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Acrobat Assistant.lnk
    backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InstantTimeZone.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\InstantTimeZone.lnk
    backup=c:\windows\pss\InstantTimeZone.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^PalStart.lnk]
    path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\PalStart.lnk
    backup=c:\windows\pss\PalStart.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    --a------ 2007-03-16 10:45 63712 c:\program files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
    --a------ 2008-12-01 16:33 1406192 c:\program files\CCleaner\CCleaner.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
    --a------ 2006-09-28 20:21 57344 c:\program files\SlySoft\CloneCD\CloneCDTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
    --a------ 2008-10-02 23:51 3309224 c:\fraps\fraps.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    --a----t- 2008-11-25 12:56 133104 c:\documents and settings\Navid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
    --a------ 2007-11-21 03:12 3297280 c:\program files\Google\Google Talk\googletalk.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ntiMUI]
    --a------ 2005-05-11 18:15 45056 c:\program files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    --a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    --a------ 2009-02-08 20:26 1410296 c:\program files\Steam\steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-06-27 13:12 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]
    --a------ 2007-03-23 16:13 1006080 c:\program files\Visagesoft\eXPert PDF 5\vspdfprsrv.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
    --a------ 2006-11-30 21:49 4662776 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WLSetupSvc"=3 (0x3)
    "iPod Service"=3 (0x3)
    "gusvc"=3 (0x3)
    "Apple Mobile Device"=3 (0x3)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\eChanblard\\emule.exe"=
    "c:\\Program Files\\PPLive\\PPLive.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
    "c:\\Program Files\\SopCast\\SopCast.exe"=
    "c:\\WINDOWS\\system32\\java.exe"=
    "c:\\Program Files\\Steam\\SteamApps\\erfan_91\\counter-strike\\hl.exe"=
    "c:\\Program Files\\TVAnts\\Tvants.exe"=
    "c:\\Program Files\\mIRC\\mirc.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\HLSW\\hlsw.exe"=
    "c:\\WINDOWS\\system32\\dpvsetup.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "d:\\Warcraft III\\Warcraft III.exe"=
    "c:\\Program Files\\Teamspeak2_RC2\\server_windows.exe"=
    "c:\\Program Files\\Gimp-2.0\\lib\\gimp\\2.0\\plug-ins\\script-fu.exe"=
    "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Mumble\\murmur.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\Steam\\steamapps\\erfan_91\\dedicated server\\hltv.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\HLDS\\hlds.exe"=
    "c:\\Program Files\\Steam\\steamapps\\erfan_91\\dedicated server\\hlds.exe"=
    "c:\\Program Files\\Steam\\steamapps\\erfan_91\\counter-strike\\cstrike_french\\hltv.exe"=
    "c:\\Program Files\\Maïdo Production\\IziSpot 4\\IziSpot.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "11875:TCP"= 11875:TCP:BitComet 11875 TCP
    "11875:UDP"= 11875:UDP:BitComet 11875 UDP
    "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
    "8080:TCP"= 8080:TCP:freebox
    "3724:TCP"= 3724:TCP:Blizzard downloader
    "6112:TCP"= 6112:TCP:Blizzard Downloader
    "6881:TCP"= 6881:TCP:Blizzard Downloader
    "6999:TCP"= 6999:TCP:Blizzard Downloader
    "1234:UDP"= 1234:UDP:freeplayer1
    "8080:UDP"= 8080:UDP:freeplayer2

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-01 64160]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-02 325128]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-02 107272]
    R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-02 903960]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-02 298264]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
    R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-01-23 10384]
    R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [2009-01-15 31744]
    R3 LVHybrid;LVHybrid service;c:\windows\system32\drivers\LVHybrid.sys [2006-06-28 892032]
    S3 Ndisprot;ArcNet NDIS Protocol Driver;c:\windows\system32\drivers\ndisprot.sys [2008-11-17 27904]
    S3 NwSapAgent;Agent SAP;c:\windows\system32\svchost.exe -k netsvcs [2004-08-10 14336]
    S3 PortlUSB;PortlUSB;c:\windows\system32\drivers\YH-925.sys [2007-03-22 7552]
    S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [2009-01-13 30272]
    S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.drv [2009-01-13 37440]
    S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2008-11-22 23064]
    S3 SMCWGU(SMC);SMCWUSB-G 802.11g Wireless USB 2.0 Adapter(SMC);c:\windows\system32\drivers\SMCWGU.sys [2006-10-07 408064]
    S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\system32\ZDBRGSYS.sys [2004-06-30 19200]
    S4 Planificateur PC-BaX;Planificateur PC-BaX;c:\program files\Cristie\PC-BaX 4.30.1\_BSSVC.EXE --> c:\program files\Cristie\PC-BaX 4.30.1\_BSSVC.EXE [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    HPService REG_MULTI_SZ HPSLPSVC

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{56c68c10-7ef6-11db-9653-00155839c65c}]
    \Shell\AutoRun\command - xfoolavp.com
    \Shell\explore\Command - xfoolavp.com
    \Shell\open\Command - xfoolavp.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{63ccfb54-b640-11dc-98ed-00155839c65c}]
    \Shell\AutoRun\command - start.exe
    \Shell\iledefrance\command - start.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7256fa15-d3da-11dc-9920-00155839c65c}]
    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
    rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
    .
    Contenu du dossier 'Tâches planifiées'

    2009-02-09 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-08 20:37]

    2009-02-06 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe []

    2009-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1798726482-2359549395-1807667182-1005.job
    - c:\documents and settings\Navid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-25 12:56]

    2009-02-09 c:\windows\Tasks\Norton Internet Security - Effectuer une analyse complète du système - Navid.job
    - c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []

    2009-02-12 c:\windows\Tasks\RegPowerClean.job
    - c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe []

    2008-12-17 c:\windows\Tasks\RPCReminder.job
    - c:\program files\Winferno\RegistryPowerCleaner\RPCReminder.exe []

    2009-02-12 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
    - c:\program files\Windows Live Toolbar\MSNTBUP.EXE []
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    MSConfigStartUp-FlashGet - c:\program files\FlashGet Network\FlashGet universal\flashget.exe

    .
    ------- Examen supplémentaire -------
    .
    mWindow Title =
    uInternet Connection Wizard,ShellNext = iexplore
    uInternet Settings,ProxyOverride = local
    IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
    IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
    IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
    IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
    IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    IE: E&xporter vers Microsoft Excel - c:\progra~1\OFFICE11\EXCEL.EXE/3000
    IE: Snip to my eSnips account - c:\program files\eSnips\res\SnipIt.htm
    IE: {{C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - c:\microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    Trusted Zone: localhost
    TCP: {326DCACC-44CD-4EC8-B37C-9E1690ED69BB} = 212.27.40.240,212.27.40.241
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://gamenextfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
    FF - ProfilePath - c:\documents and settings\Navid\Application Data\Mozilla\Firefox\Profiles\vzc00xjs.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Live Search
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - plugin: c:\documents and settings\Navid\Application Data\Mozilla\Firefox\Profiles\vzc00xjs.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
    FF - plugin: c:\documents and settings\Navid\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
    FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-02-12 23:04:22
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet009\Services\PsSdk31]
    "ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"

    [HKEY_LOCAL_MACHINE\System\ControlSet009\Services\PsSdkLBF]
    "ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"
    .
    --------------------- CLES DE REGISTRE BLOQUEES ---------------------

    [HKEY_USERS\S-1-5-21-1798726482-2359549395-1807667182-1005\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_USERS\S-1-5-21-1798726482-2359549395-1807667182-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C0BA4FA4-ECE9-C0BB-C143-8F093903C067}*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    "nahmacmfpjjdnkofbpbejigleccp"=hex:6a,61,69,62,6b,70,70,65,66,67,70,67,68,68,
    61,61,64,69,6f,68,00,00
    "mafmnkhfhhkbpnepjhdkcpgopj"=hex:6a,61,69,62,6b,70,70,65,66,67,70,67,68,68,61,
    61,64,69,6f,68,00,f9

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ñw*]
    "5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
    "C040710900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
    .
    --------------------- DLLs chargées dans les processus actifs ---------------------

    - - - - - - - > 'winlogon.exe'(844)
    c:\windows\system32\Ati2evxx.dll
    c:\program files\fichiers communs\logishrd\bluetooth\LBTWlgn.dll
    c:\program files\fichiers communs\logishrd\bluetooth\LBTServ.dll
    .
    Heure de fin: 2009-02-12 23:06:53
    ComboFix-quarantined-files.txt 2009-02-12 22:06:50

    Avant-CF: 26,253,332,480 octets libres
    Après-CF: 26,224,275,456 octets libres

    Current=9 Default=9 Failed=8 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
    522 --- E O F --- 2009-02-12 18:01:10

    ======================================================================================================
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:13:11, on 13/02/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Stardock\CursorFX\CursorFX.exe
    C:\Documents and Settings\Navid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Documents and Settings\Navid\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Navid\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    D:\Mumble\dbus-daemon.exe
    C:\Program Files\Steam\steam.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\Navid\Bureau\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    R3 - URLSearchHook: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
    O3 - Toolbar: IsoBuster Toolbar - {266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} - C:\Program Files\IsoBuster\tbIsoB.dll
    O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [amd_dc_opt] "C:\Program Files\AMD\amd_dc_opt\amd_dc_opt.exe"
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Navid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Outil de détection de support Picture Motion Browser.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    O4 - Startup: Outil de notification Live Search.lnk = C:\Documents and Settings\Navid\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Unibet Poker - {C53BFCFC-7A54-4627-AEBA-2CD4871FCA97} - C:\Microgaming\Poker\UnibetpokerMPP\MPPoker.exe
    O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
    O9 - Extra button: Sélection intelligente HP - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://studioladefense.spaces.live.com/PhotoUpload/MsnPUpld.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://gamenextfr.oberon-media.com/online/online2/diner_dash/DinerDash.1.0.0.80.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{326DCACC-44CD-4EC8-B37C-9E1690ED69BB}: NameServer = 212.27.40.240,212.27.40.241
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    0
  11. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    bonjour, tu fais ce qui suis car je voudrais savoir si c'est toujours sur le pc donc tu passes otmoveit et tu poste le rappoert et puis et fais un rapport de findykill , Merci

    1) Télécharge OTMoveIt3 de OldTimer sur ton Bureau en cliquant sur ce lien :

    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    Double-clique sur OTMoveIt3.exe pour le lancer.

    Vérifie que la case devant "Unregister Dll's and Ocx's est bien cochée.

    Copie la liste qui se trouve en gras ci-dessous,

    et colle-la dans le cadre de gauche de OTMoveIt : "Paste instructions for item to be moved".

    :processes
    explorer.exe

    :files
    c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe
    c:\windows\system32\AutoRun.inf

    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [reboot]


    Clique sur "MoveIt!" pour lancer la suppression.

    Le résultat apparaitra dans le cadre "Results".

    Clique sur "Exit" pour fermer.

    Poste le rapport situé dans C:\_OTMoveIt\MovedFiles sous le nom xxxxxx_xxxxxxxxxx.log .

    Il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

    2) Télécharge FindyKill (de Chiquitine29) merci à lui de nous l'avoir remis en ligne !!!

    .Fais un double-clique sur le lien

    .enregistres le sur bureau

    .Lances l'installation avec les paramètres par défaut

    .Double-clique sur le raccourci FindyKill sur ton bureau

    .Au menu principal, choisis l'option 1 (Recherche)

    .Postes le rapport C:/FindyKill.txt (il est sauvegardé à la racine du disque dur)

    tutoriel si besoin: https://www.malekal.com/tutorial-findykill/

    0
  12. Navid_92 Messages postés 778 Statut Membre 87
     
    ========== PROCESSES ==========
    Process explorer.exe killed successfully.
    ========== FILES ==========
    File/Folder c:\program files\Winferno\RegistryPowerCleaner\RegPowerClean.exe not found.
    File/Folder c:\windows\system32\AutoRun.inf not found.
    ========== COMMANDS ==========
    File delete failed. C:\DOCUME~1\Navid\LOCALS~1\Temp\etilqs_iXsPUQyvvYZYJAllehTu scheduled to be deleted on reboot.
    File delete failed. C:\DOCUME~1\Navid\LOCALS~1\Temp\~DFA5D.tmp scheduled to be deleted on reboot.
    User's Temp folder emptied.
    User's Temporary Internet Files folder emptied.
    User's Internet Explorer cache folder emptied.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
    Local Service Temp folder emptied.
    Local Service Temporary Internet Files folder emptied.
    Windows Temp folder emptied.
    Java cache emptied.
    File delete failed. C:\Documents and Settings\Navid\Local Settings\Application Data\Mozilla\Firefox\Profiles\vzc00xjs.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Navid\Local Settings\Application Data\Mozilla\Firefox\Profiles\vzc00xjs.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Navid\Local Settings\Application Data\Mozilla\Firefox\Profiles\vzc00xjs.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Navid\Local Settings\Application Data\Mozilla\Firefox\Profiles\vzc00xjs.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Navid\Local Settings\Application Data\Mozilla\Firefox\Profiles\vzc00xjs.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
    File delete failed. C:\Documents and Settings\Navid\Local Settings\Application Data\Mozilla\Firefox\Profiles\vzc00xjs.default\XUL.mfl scheduled to be deleted on reboot.
    FireFox cache emptied.
    Temp folders emptied.
    Explorer started successfully

    OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02132009_231905

    Files moved on Reboot...
    File C:\DOCUME~1\Navid\LOCALS~1\Temp\etilqs_iXsPUQyvvYZYJAllehTu not found!
    C:\DOCUME~1\Navid\LOCALS~1\Temp\~DFA5D.tmp moved successfully.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be moved on reboot.
    File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
    C:\Documents and Settings\Navid\Local Settings\Application Data\Mozilla\Firefox\Profiles\vzc00xjs.default\Cache\_CACHE_001_ moved successfully.
    C:\Documents and Settings\Navid\Local Settings\Application Data\Mozilla\Firefox\Profiles\vzc00xjs.default\Cache\_CACHE_002_ moved successfully.
    C:\Documents and Settings\Navid\Local Settings\Application Data\Mozilla\Firefox\Profiles\vzc00xjs.default\Cache\_CACHE_003_ moved successfully.
    C:\Documents and Settings\Navid\Local Settings\Application Data\Mozilla\Firefox\Profiles\vzc00xjs.default\Cache\_CACHE_MAP_ moved successfully.
    C:\Documents and Settings\Navid\Local Settings\Application Data\Mozilla\Firefox\Profiles\vzc00xjs.default\urlclassifier3.sqlite moved successfully.
    C:\Documents and Settings\Navid\Local Settings\Application Data\Mozilla\Firefox\Profiles\vzc00xjs.default\XUL.mfl moved successfully.
    0
  13. Navid_92 Messages postés 778 Statut Membre 87
     
    ############################## [ FindyKill V4.716 ]

    # User : Navid (Utilisateurs du Bureau à distance) # NAV
    # Update on 10/02/09 by Chiquitine29
    # Start at: 23:27:50 | 13/02/2009

    # AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
    # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
    # Internet Explorer 7.0.5730.11
    # Windows Firewall Status : Enabled
    # AV : AVG Anti-Virus Free 8.0 [ Enabled | Updated ]

    # C:\ # Disque fixe local (saeed) # NTFS
    # D:\ # Disque fixe local (ACERDATA) # FAT32
    # E:\ # Disque CD-ROM
    # G:\ # Disque amovible
    # H:\ # Disque amovible
    # I:\ # Disque amovible
    # K:\ # Disque amovible

    ############################## [ Processus actifs ]

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\PROGRA~1\AVG\AVG8\avgemc.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Stardock\CursorFX\CursorFX.exe
    C:\Documents and Settings\Navid\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
    C:\Documents and Settings\Navid\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
    C:\Documents and Settings\Navid\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    ################## [ Fichiers / Dossiers infectieux C:\ ]

    ################## [ C:\WINDOWS ]

    ################## [ C:\WINDOWS\Prefetch ]

    ################## [ C:\WINDOWS\system32 ]

    ################## [ C:\WINDOWS\system32\drivers ]

    ################## [ C:\Documents and Settings\Navid\Application Data ]

    ################## [ C:\DOCUME~1\Navid\LOCALS~1\Temp ]

    ################## [ Registre / Clés infectieuses ]

    ################## [ Etat / Services ]

    # Services : [ Auto=2 / Demande=3 / Désactivé=4 ]

    Ndisuio # Type de démarrage = 3

    EapHost # Type de démarrage = 3

    Ip6Fw # Type de démarrage = 3

    SharedAccess # Type de démarrage = 2

    wuauserv # Type de démarrage = 2

    wscsvc # Type de démarrage = 2

    ################## [ Recherche dans supports amovibles]

    # presence des fichiers :

    ################## [ Registre / Mountpoint2 ]

    # -> Not found !

    ################## [ ! Fin du rapport # FindyKill V4.716 ! ]

    0
  14. jacques.gache Messages postés 34829 Statut Contributeur sécurité 1 645
     
    bonjour, pour moi c'est bon normalement plus rien sur le pc
    0
  15. Navid_92 Messages postés 778 Statut Membre 87
     
    Je te remercii pour ton aide
    0