demande désinfection pc de bureau

Section d'analyse de rapports et de désinfection : malwares en tous genre et autres indésirables. Demandes de nettoyage uniquement. Prise en charge restreinte : équipe spécialisée.

Modérateur: Modérateurs

Règles du forum :arrow: Les désinfections sont prises en charge par un groupe spécifique, tout le monde ne peut pas intervenir pour désinfecter les machines (règles).
:arrow: Les procédures sont sur-mesure, ne faites pas la même chose chez vous (explications).
:arrow: Un topic par machine, chacun crée le sien. ;)

demande désinfection pc de bureau

Messagepar xeolutyl » 21 Oct 2009 18:42

salut, voilà je possède un pc de bureau et mes parents sont dessus étant encore moins au courant que moi je post pour voir si tout va bien,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:42:01, on 21/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
D:\SetPoint\SetPoint.exe
C:\Program Files\UDisk utility 1.00.03\Udisk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Torrent-Search Toolbar - {e0c7b854-d5ce-4db6-9804-be1438603d89} - C:\Program Files\Torrent-Search\tbTor0.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Torrent-Search Toolbar - {e0c7b854-d5ce-4db6-9804-be1438603d89} - C:\Program Files\Torrent-Search\tbTor0.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSetup] E:\Setup\Setup.exe /start /restart /l:fra
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: UDisk Assistant.lnk = C:\Program Files\UDisk utility 1.00.03\Udisk.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... p=ZJman000
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fich ... _1_1_0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Service Google Update (gupdate1ca15ff3da0eea2) (gupdate1ca15ff3da0eea2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O24 - Desktop Component 0: (no name) - http://idata.over-blog.com/0/11/11/46/I ... T-2008.gif

--
End of file - 11466 bytes


merci
xeolutyl
Libellulien Junior
Libellulien Junior
 
Messages: 185
Inscription: 07 Nov 2008 14:44

Re: demande désinfection pc de bureau

Messagepar Ogu » 21 Oct 2009 18:53

Salut à toi!


Petite infection BT (toolbars +/- espionnes): sans gravité, on va t'en débarasser.

Image TOOLBAR SD: SCAN

    Télécharge ImageToolbar-S&D (Team IDN) sur ton Bureau en cliquant sur cette image:

    Image

  • Lance l'installation du programme en exécutant le fichier téléchargé.
  • Double-clique maintenant sur le raccourci de Toolbar-S&D.
  • Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
  • Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
  • Poste le rapport généré. (C:\TB.txt)


Image TOOLBAR SD: FIX

    Relance Toolbar-S&D en cliquant sur son raccourci

  • Tape sur "2" puis valide en appuyant sur "Entrée".
    ! Ne ferme pas la fenêtre lors de la suppression !
    Un rapport sera généré, poste son contenu ici.

    NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
    Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
    Tape explorer puis valide.



Image MALWAREBYTES ANTI-MALWARE

Télécharge Image Malwarebytes Antimalware en cliquant sur cette image:

Image

  • Installe-le: une mise à jour doit normalement s'exécuter toute seule
  • Une fois installé, lance-le en double-cliquant sur le raccourci
  • Image Connecte tes clés USB et ton disque dur externe Image
  • Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche"
  • Sélectionne "Exécuter un examen complet":
    Image
  • Clique sur "Rechercher"
  • Dans la fenêtre qui s'ouvre, coche toutes les cases pour analyser la totalité des disques:
    Image
  • Lance le scan en cliquant sur le bouton "Lancer l'examen"
  • A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur "OK" pour poursuivre.
  • Ferme tes navigateurs et clique en bas sur "Afficher les résultats"
  • Si des malwares ont été détectés, leur liste s'affiche.
    En cliquant sur "Supprimer la sélection" , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  • MBAM va ouvrir le bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le
  • Redémarre ton PC





Image RSIT

    Télécharge sur ton Bureau Imagerandom's system information tool (RSIT) par random/random en cliquant sur cette image:

    Image


  • Double-clique sur RSIT.exe afin de lancer RSIT
  • Clique Continue à l'écran Disclaimer.
  • Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  • Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
Image
Avatar de l’utilisateur
Ogu
Modérateur
Modérateur
 
Messages: 1372
Inscription: 27 Avr 2006 13:40
Localisation: 93

Re: demande désinfection pc de bureau

Messagepar xeolutyl » 21 Oct 2009 20:46

voilà le premier rapport



-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Mobile AMD Athlon(tm) XP-M Processor 2800+ )
BIOS : Default System BIOS
USER : User4 ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 9.0.0.459 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:38 Go (Free:0 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:18 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [1] ( mer. 21/10/2009|21:10 )

-----------\\ Recherche de Fichiers / Dossiers ...

C:\Program Files\AskBarDis
C:\Program Files\AskBarDis\bar
C:\Program Files\AskBarDis\unins000.dat
C:\Program Files\AskBarDis\unins000.exe
C:\Program Files\AskBarDis\bar\bin
C:\Program Files\AskBarDis\bar\Cache
C:\Program Files\AskBarDis\bar\History
C:\Program Files\AskBarDis\bar\Settings
C:\Program Files\AskBarDis\bar\bin\askBar.dll
C:\Program Files\AskBarDis\bar\bin\askPopStp.dll
C:\Program Files\AskBarDis\bar\bin\psvince.dll
C:\Program Files\AskBarDis\bar\Cache\01181366
C:\Program Files\AskBarDis\bar\Cache\01181B36
C:\Program Files\AskBarDis\bar\Cache\0118251A.bin
C:\Program Files\AskBarDis\bar\Cache\0118298E.bin
C:\Program Files\AskBarDis\bar\Cache\01182CAB.bin
C:\Program Files\AskBarDis\bar\Cache\01182FA9.bin
C:\Program Files\AskBarDis\bar\Cache\01183556.bin
C:\Program Files\AskBarDis\bar\Cache\011836FC.bin
C:\Program Files\AskBarDis\bar\Cache\01B15058
C:\Program Files\AskBarDis\bar\Cache\01B4A649
C:\Program Files\AskBarDis\bar\Cache\files.ini
C:\Program Files\AskBarDis\bar\History\search
C:\Program Files\AskBarDis\bar\Settings\config.dat
C:\Program Files\AskBarDis\bar\Settings\config.dat.bak
C:\Program Files\AskBarDis\bar\Settings\prevcfg.htm
C:\Program Files\BitLord
C:\Program Files\BitLord\BitLord.xml
C:\Program Files\BitLord\Downloads
C:\Program Files\BitLord\Downloads.xml
C:\Program Files\BitLord\lang
C:\Program Files\BitLord\rules
C:\Program Files\BitLord\Torrents
C:\Program Files\BitLord\Downloads\The.Simpsons.Movie.FRENCH.CAM.VCD-PiRAZ
C:\Program Files\BitLord\Downloads\The.Simpsons.Movie.FRENCH.CAM.VCD-PiRAZ\piraz-tsm.bin
C:\Program Files\BitLord\Downloads\The.Simpsons.Movie.FRENCH.CAM.VCD-PiRAZ\piraz-tsm.cue
C:\Program Files\BitLord\Downloads\The.Simpsons.Movie.FRENCH.CAM.VCD-PiRAZ\piraz-tsm.nfo
C:\Program Files\BitLord\lang\lang_ar_ae.xml
C:\Program Files\BitLord\lang\lang_bg_bg.xml
C:\Program Files\BitLord\lang\lang_ca_es.xml
C:\Program Files\BitLord\lang\lang_cz_cz.xml
C:\Program Files\BitLord\lang\lang_da_dk.xml
C:\Program Files\BitLord\lang\lang_de_de.xml
C:\Program Files\BitLord\lang\lang_el_gr.xml
C:\Program Files\BitLord\lang\lang_en_us.xml
C:\Program Files\BitLord\lang\lang_es_ar.xml
C:\Program Files\BitLord\lang\lang_es_es.xml
C:\Program Files\BitLord\lang\lang_et_ee.xml
C:\Program Files\BitLord\lang\lang_fi_fi.xml
C:\Program Files\BitLord\lang\lang_fr_fr.xml
C:\Program Files\BitLord\lang\lang_gl_es.xml
C:\Program Files\BitLord\lang\lang_he_il.xml
C:\Program Files\BitLord\lang\lang_hu_hu.xml
C:\Program Files\BitLord\lang\lang_it_it.xml
C:\Program Files\BitLord\lang\lang_jp_jp.xml
C:\Program Files\BitLord\lang\lang_ko_kr.xml
C:\Program Files\BitLord\lang\lang_nb_no.xml
C:\Program Files\BitLord\lang\lang_nl_nl.xml
C:\Program Files\BitLord\lang\lang_pl_pl.xml
C:\Program Files\BitLord\lang\lang_pt_br.xml
C:\Program Files\BitLord\lang\lang_pt_pt.xml
C:\Program Files\BitLord\lang\lang_ro_ro.xml
C:\Program Files\BitLord\lang\lang_ru_ru.xml
C:\Program Files\BitLord\lang\lang_sk_sk.xml
C:\Program Files\BitLord\lang\lang_sl_si.xml
C:\Program Files\BitLord\lang\lang_sr_sr.xml
C:\Program Files\BitLord\lang\lang_sv_se.xml
C:\Program Files\BitLord\lang\lang_th_th.xml
C:\Program Files\BitLord\lang\lang_tr_tr.xml
C:\Program Files\BitLord\lang\lang_va_es.xml
C:\Program Files\BitLord\lang\lang_zh_tw.xml
C:\Program Files\BitLord\rules\ipfilter.dat
C:\Program Files\BitLord\Torrents\The.Simpsons.Movie.FRENCH.CAM.VCD-PiRAZ[www.torrentqc.com-].torrent
C:\Program Files\BitLord\Torrents\The.Simpsons.Movie.FRENCH.CAM.VCD-PiRAZ[www.xmlqc.com-].xml
C:\DOCUME~1\User4\Cookies\user4@mywebsearch[2].txt
C:\Program Files\Torrent-Search
C:\Program Files\Torrent-Search\INSTALL.LOG
C:\Program Files\Torrent-Search\tbTor0.dll
C:\Program Files\Torrent-Search\tbTor1.dll
C:\Program Files\Torrent-Search\tbTorr.dll
C:\Program Files\Torrent-Search\toolbar.cfg
C:\Program Files\Torrent-Search\Torrent-SearchToolbarHelper.exe
C:\Program Files\Torrent-Search\UNWISE.EXE
C:\DOCUME~1\User4\LOCALS~1\Temp\ICD1.tmp

-----------\\ Extensions

(User2) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.google.com/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"


--------------------\\ Recherche d'autres infections

C:\DOCUME~1\User4\LOCALS~1\Temp\Pack.epk
==> EGDACCESS <==

--------------------\\ ROGUES ..

C:\DOCUME~1\User4\MENUDM~1\PROGRA~1\Spyware-Secure

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\User4\Recent\Crack.lnk



1 - "C:\ToolBar SD\TB_1.txt" - mer. 21/10/2009|21:16 - Option : [1]

-----------\\ Fin du rapport a 21:16:03,18
xeolutyl
Libellulien Junior
Libellulien Junior
 
Messages: 185
Inscription: 07 Nov 2008 14:44

Re: demande désinfection pc de bureau

Messagepar xeolutyl » 21 Oct 2009 20:52

le 2° rapport


-----------\\ ToolBar S&D 1.2.9 XP/Vista

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Mobile AMD Athlon(tm) XP-M Processor 2800+ )
BIOS : Default System BIOS
USER : User4 ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 9.0.0.459 (Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:38 Go (Free:0 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:18 Go)
E:\ (CD or DVD)

"C:\ToolBar SD" ( MAJ : 22-08-2009|18:42 )
Option : [2] ( mer. 21/10/2009|21:47 )

-----------\\ SUPPRESSION

Supprime! - C:\Program Files\AskBarDis\bar
Supprime! - C:\Program Files\AskBarDis\unins000.dat
Supprime! - C:\Program Files\AskBarDis\unins000.exe
Supprime! - C:\Program Files\BitLord\BitLord.xml
Supprime! - C:\Program Files\BitLord\Downloads
Supprime! - C:\Program Files\BitLord\Downloads.xml
Supprime! - C:\Program Files\BitLord\lang
Supprime! - C:\Program Files\BitLord\rules
Supprime! - C:\Program Files\BitLord\Torrents
Supprime! - C:\DOCUME~1\User4\Cookies\user4@mywebsearch[2].txt
Supprime! - C:\Program Files\Torrent-Search\INSTALL.LOG
Supprime! - C:\Program Files\Torrent-Search\tbTor0.dll
Supprime! - C:\Program Files\Torrent-Search\tbTor1.dll
Supprime! - C:\Program Files\Torrent-Search\tbTorr.dll
Supprime! - C:\Program Files\Torrent-Search\toolbar.cfg
Supprime! - C:\Program Files\Torrent-Search\Torrent-SearchToolbarHelper.exe
Supprime! - C:\Program Files\Torrent-Search\UNWISE.EXE
Supprime! - C:\DOCUME~1\User4\LOCALS~1\Temp\ICD1.tmp
Supprime! - C:\Program Files\AskBarDis
Supprime! - C:\Program Files\BitLord
Supprime! - C:\Program Files\Torrent-Search

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ Extensions

(User2) - {E9A1DEE0-C623-4439-8932-001E7D17607D} => ajtoolbar


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="http://www.google.com/"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Search Bar"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"SearchMigratedDefaultURL"="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.msn.com/"
"Search Bar"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"


--------------------\\ Recherche d'autres infections

C:\DOCUME~1\User4\LOCALS~1\Temp\Pack.epk
==> EGDACCESS <==

--------------------\\ ROGUES ..

C:\DOCUME~1\User4\MENUDM~1\PROGRA~1\Spyware-Secure

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\User4\Recent\Crack.lnk



1 - "C:\ToolBar SD\TB_1.txt" - mer. 21/10/2009|21:16 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - mer. 21/10/2009|21:49 - Option : [2]

-----------\\ Fin du rapport a 21:49:53,92

bonne soirée
xeolutyl
Libellulien Junior
Libellulien Junior
 
Messages: 185
Inscription: 07 Nov 2008 14:44

Re: demande désinfection pc de bureau

Messagepar Ogu » 21 Oct 2009 21:09

Tiens, l'outil a débusqué des virus supplémentaires!

Passe maintenant Malwarebytes puis RSIT
Image
Avatar de l’utilisateur
Ogu
Modérateur
Modérateur
 
Messages: 1372
Inscription: 27 Avr 2006 13:40
Localisation: 93

Re: demande désinfection pc de bureau

Messagepar xeolutyl » 22 Oct 2009 14:26

Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3009
Windows 5.1.2600 Service Pack 3

22/10/2009 15:25:19
mbam-log-2009-10-22 (15-25-19).txt

Type de recherche: Examen complet (A:\|C:\|D:\|E:\|)
Eléments examinés: 319701
Temps écoulé: 4 hour(s), 37 minute(s), 5 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 2
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 6

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\QUAD Registry Cleaner v2 (Adware.QUADRegClean) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Documents and Settings\User4\Menu Démarrer\Programmes\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\Navilog1\gnc.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Documents and Settings\User4\Menu Démarrer\Programmes\Spyware-Secure\Spyware-Secure trial.lnk (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Documents and Settings\User4\Menu Démarrer\Programmes\Spyware-Secure\Website.lnk (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Documents and Settings\User3\Local Settings\Temp\QRC.exe (Adware.QUADRegClean) -> Quarantined and deleted successfully.
xeolutyl
Libellulien Junior
Libellulien Junior
 
Messages: 185
Inscription: 07 Nov 2008 14:44

Re: demande désinfection pc de bureau

Messagepar Ogu » 22 Oct 2009 15:00

Ok!

Redémarre ton PC, puis désinstalle Navilog1 grâce à ton Panneau de Configuration (rubrique: "ajouter/désinstaller des programmes"). Puis:

Image NAVILOG1: SCAN

  • Désactive ton antivirus
  • Télécharge ImageNaviLog1 de IL-MAFIOSOsur ton Bureau
  • Installe-le puis lance-le
  • Une fenêtre bleue apparaît: tape F puis Entrée
  • Un avertissement s'affiche: clique sur n'importe quelle touche du clavier pour poursuivre. Fais de même lors de la fenêtre de remerciements.
  • Le fix vérifie son installation: tape à nouveau sur une touche quelconque pour passer à l'autre étape
  • Le menu du fix s'ouvre: choisis l'option 1 en tapant sur la touche 1 du clavier, puis appuis sur la touche Entrée
  • La vérification du système s'effectue alors: cela peut prendre plusieurs minutes (de 5 à 10min), sois patient et ne touche à rien.
  • Le rapport s'ouvre à la fin de la procédure: enregistre-le sur ton bureau
  • Copie le contenu du rapport et poste-le dans ta réponse


Enfin poste le rapport RSIT comme indiqué dans le message #2.
Image
Avatar de l’utilisateur
Ogu
Modérateur
Modérateur
 
Messages: 1372
Inscription: 27 Avr 2006 13:40
Localisation: 93

Re: demande désinfection pc de bureau

Messagepar xeolutyl » 22 Oct 2009 22:48

voilà le rapport je poste l'autre demain

Fix Navipromo version 4.0.3 commencé le jeu. 22/10/2009 21:42:16,81

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!

Outil exécuté depuis C:\Program Files\navilog1

Mise à jour le 21.10.2009 à 22h00 par IL-MAFIOSO

Microsoft Windows XP Édition familiale ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Mobile AMD Athlon(tm) XP-M Processor 2800+ )
BIOS : Default System BIOS
USER : User4 ( Administrator )
BOOT : Normal boot

Antivirus : Kaspersky Anti-Virus 9.0.0.459 (Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:38 Go (Free:0 Go)
D:\ (Local Disk) - NTFS - Total:37 Go (Free:18 Go)
E:\ (CD or DVD)


Recherche executée en mode normal

Nettoyage exécuté au redémarrage de l'ordinateur


C:\Documents and Settings\User4\locals~1\Temp\pack.epk supprimé !


Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\User4\locals~1\Temp effectué !


*** Sauvegarde du Registre vers dossier Safebackup ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

Certificat Egroup supprimé !
Certificat Electronic-Group supprimé !
Certificat OOO-Favorit supprimé !



*** Scan terminé jeu. 22/10/2009 21:49:10,48 ***
xeolutyl
Libellulien Junior
Libellulien Junior
 
Messages: 185
Inscription: 07 Nov 2008 14:44

Re: demande désinfection pc de bureau

Messagepar xeolutyl » 23 Oct 2009 13:56

Logfile of random's system information tool 1.06 (written by random/random)
Run by User4 at 2009-10-23 12:31:27
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 866 MB (2%) free of 40 GB
Total RAM: 991 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:32:00, on 23/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\SetPoint\SetPoint.exe
C:\Program Files\UDisk utility 1.00.03\Udisk.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Documents and Settings\User4\Local Settings\Temporary Internet Files\Content.IE5\U93F8VUD\RSIT[1].exe
C:\Program Files\Trend Micro\HijackThis\User4.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSetup] E:\Setup\Setup.exe /start /restart /l:fra
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: UDisk Assistant.lnk = C:\Program Files\UDisk utility 1.00.03\Udisk.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fich ... _1_1_0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Service Google Update (gupdate1ca15ff3da0eea2) (gupdate1ca15ff3da0eea2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O24 - Desktop Component 0: (no name) - http://idata.over-blog.com/0/11/11/46/I ... T-2008.gif

--
End of file - 10767 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-10-19 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-12-18 1878872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-05-25 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2009-10-11 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-10-04 762864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2009-10-11 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-08-28 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2007-10-19 817936]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe [2005-04-26 589824]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-07-13 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2004-06-21 143360]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe /icon []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]
"LogitechSetup"=E:\Setup\Setup.exe /start /restart /l:fra []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-01-17 39408]

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Logitech Desktop Messenger.lnk - D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - D:\SetPoint\SetPoint.exe
UDisk Assistant.lnk - C:\Program Files\UDisk utility 1.00.03\Udisk.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-05-25 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2006-03-02 240128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"ConsentPromptBehaviorAdmin"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe:*:Enabled:Dr SpeedTouch"
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"
"C:\Program Files\Cyanide\Cycling Manager 4\Cym2004.exe"="C:\Program Files\Cyanide\Cycling Manager 4\Cym2004.exe:*:Enabled:Cycling Manager 4"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\User1\Mes documents\Downloads\eMule0.47c-Hardstyle v7.0 beta 6\emule.exe"="C:\Documents and Settings\User1\Mes documents\Downloads\eMule0.47c-Hardstyle v7.0 beta 6\emule.exe:*:Enabled:eMule"
"C:\Documents and Settings\User1\Local Settings\Temporary Internet Files\Content.IE5\269CP7G3\WoW-frFR-Installer-downloader[1].exe"="C:\Documents and Settings\User1\Local Settings\Temporary Internet Files\Content.IE5\269CP7G3\WoW-frFR-Installer-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\User1\Local Settings\Temporary Internet Files\Content.IE5\RB5DHBE7\WoW-frFR-Installer-downloader[1].exe"="C:\Documents and Settings\User1\Local Settings\Temporary Internet Files\Content.IE5\RB5DHBE7\WoW-frFR-Installer-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\PHPDiet\ZazouMiniWebServer.exe"="C:\Program Files\PHPDiet\ZazouMiniWebServer.exe:*:Disabled:ZazouMiniWebServer"
"C:\Program Files\PHPDiet\mysql\bin\mysqld-max.exe"="C:\Program Files\PHPDiet\mysql\bin\mysqld-max.exe:*:Disabled:mysqld-max"
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Documents and Settings\User1\Bureau\eMule v0.47c Silver Surfer 2.2 bin\emule.exe"="C:\Documents and Settings\User1\Bureau\eMule v0.47c Silver Surfer 2.2 bin\emule.exe:*:Enabled:eMule"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\Program Files\Valve\Steam\SteamApps\phiiloche\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\phiiloche\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\phiiloche\condition zero\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\phiiloche\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\phiiloche\day of defeat\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\phiiloche\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\Program Files\Valve\Steam\Steam.exe"="C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Valve\Steam\SteamApps\phiiloche\condition zero deleted scenes\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\phiiloche\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\phiiloche\condition zero\hltv\hltv.exe"="C:\Program Files\Valve\Steam\SteamApps\phiiloche\condition zero\hltv\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\aMSN\bin\wish.exe"="C:\Program Files\aMSN\bin\wish.exe:*:Disabled:Wish Application"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Documents and Settings\User2\Bureau\MotoGP 08\Launcher.exe"="C:\Documents and Settings\User2\Bureau\MotoGP 08\Launcher.exe:*:Enabled:MotoGP 08"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2009-10-23 12:31:27 ----DC---- C:\rsit
2009-10-22 21:42:16 ----AC---- C:\cleannavi.txt
2009-10-22 09:36:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-21 21:09:54 ----AC---- C:\TB.txt
2009-10-21 21:09:15 ----DC---- C:\ToolBar SD
2009-10-15 23:27:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 23:24:16 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 23:23:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 23:23:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 23:22:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 23:21:03 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 23:16:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 23:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-15 23:14:46 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-15 22:21:22 ----HDC---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2009-10-15 22:13:31 ----HD---- C:\WINDOWS\system32\CanonMP Uninstaller Information
2009-10-15 22:13:03 ----HDC---- C:\CanonMP
2009-10-12 21:26:02 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

======List of files/folders modified in the last 1 months======

2009-10-23 12:31:22 ----D---- C:\WINDOWS\Prefetch
2009-10-23 12:31:03 ----D---- C:\WINDOWS\TEMP
2009-10-23 09:41:52 ----DC---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-10-23 09:39:00 ----SD---- C:\WINDOWS\Tasks
2009-10-22 23:50:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-22 23:50:33 ----SHD---- C:\WINDOWS\Installer
2009-10-22 23:50:33 ----HDC---- C:\Config.Msi
2009-10-22 23:44:53 ----D---- C:\WINDOWS\system32
2009-10-22 23:44:53 ----D---- C:\Program Files\Navilog1
2009-10-22 09:36:30 ----D---- C:\WINDOWS\system32\drivers
2009-10-22 09:36:22 ----D---- C:\Program Files
2009-10-21 22:32:16 ----D---- C:\WINDOWS
2009-10-21 08:28:56 ----HD---- C:\WINDOWS\inf
2009-10-21 08:28:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-20 20:02:58 ----D---- C:\Program Files\ma-config.com
2009-10-20 17:22:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-20 08:25:45 ----D---- C:\WINDOWS\Help
2009-10-18 11:23:43 ----D---- C:\Documents and Settings\User4\Application Data\Canon
2009-10-16 17:21:09 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-16 17:20:57 ----RSD---- C:\WINDOWS\assembly
2009-10-15 23:33:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-15 23:32:09 ----D---- C:\WINDOWS\WinSxS
2009-10-15 23:24:21 ----A---- C:\WINDOWS\imsins.BAK
2009-10-15 23:21:57 ----D---- C:\WINDOWS\system32\fr-fr
2009-10-15 23:21:57 ----D---- C:\Program Files\Internet Explorer
2009-10-15 23:21:32 ----D---- C:\WINDOWS\ie7updates
2009-10-15 23:16:17 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-15 22:18:26 ----AC---- C:\WINDOWS\MAXLINK.INI
2009-10-15 22:18:13 ----D---- C:\Program Files\Fichiers communs\ScanSoft Shared
2009-10-15 22:15:37 ----D---- C:\Program Files\Canon
2009-10-15 22:13:57 ----D---- C:\WINDOWS\StartHtmico
2009-10-15 22:13:30 ----D---- C:\WINDOWS\twain_32
2009-10-09 10:59:37 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-02 20:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-28 20:47:59 ----D---- C:\Documents and Settings\User4\Application Data\dvdcss
2009-09-25 18:13:27 ----D---- C:\Program Files\Google

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-08-28 296976]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-04-08 54272]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-02-07 278728]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-02-07 25416]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-03-18 42496]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-03-02 20480]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-08-09 160640]
S1 AmdPPM;Pilote de processeur AMD HwPState; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys []
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 catchme;catchme; \??\C:\DOCUME~1\User1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Documents and Settings\User2\Mes documents\setup\MediaCoder\SysInfo.sys []
S3 DarkSpy;DarkSpy; \??\C:\WINDOWS\system32\DarkSpyKernel.sys []
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-01-23 20496]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-01-23 62992]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-01-23 78864]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-01-23 28176]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-04-29 47360]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-12-10 7808]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 572776]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 572776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S2 gupdate1ca15ff3da0eea2;Service Google Update (gupdate1ca15ff3da0eea2); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-08-05 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-05 190448]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 FNHBKYM;FNHBKYM; C:\DOCUME~1\User1\LOCALS~1\Temp\FNHBKYM.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PTK Scanner-CAGCAT10-20669722;PTK Scanner-CAGCAT10-20669722; D:\ScannerService.exe []
S4 YHKPSLV;YHKPSLV; C:\DOCUME~1\User1\LOCALS~1\Temp\YHKPSLV.exe []

-----------------EOF-----------------
xeolutyl
Libellulien Junior
Libellulien Junior
 
Messages: 185
Inscription: 07 Nov 2008 14:44

Re: demande désinfection pc de bureau

Messagepar Ogu » 23 Oct 2009 17:26

Bon encore un peu de travail!


1- Image HIJACKTHIS

  • Dans ton menu Démarrer, clique sur "Exécuter"
  • Dans la fenêtre d'invite qui apparaît, copie-colle cette ligne:
    C:\Program Files\Trend Micro\HijackThis\User4.exe

  • Valide avec "OK"
  • HijackThis renommé se lance: clique sur "Do a system scan only"
  • Coche la case devant les lignes suivantes:

    Code: Tout sélectionner
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - D:\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

    O24 - Desktop Component 0: (no name) - http://idata.over-blog.com/0/11/11/46/ILT-2008/Mep/ILT-2008.gif


  • Puis clique en bas sur "Fix Checked"



2- Image OTM

Télécharge ImageOTM de OldTimer sur ton Bureau en cliquant sur cette image:

Image

  • Double-clique sur OTM.exe pour le lancer (l'extension .exe peut ne pas apparaître)
  • Copie l'entièreté du code ci-dessous (qui commence par SCRIPT):
    Code: Tout sélectionner
    SCRIPT

    :Processes
    explorer.exe

    :Files
    C:\Program Files\Google\Update
    C:\WINDOWS\system32\DarkSpyKernel.sys
    C:\Program Files\Yahoo!\
    C:\Program Files\Google\Common\Google Updater
    C:\Program Files\Google\Google Toolbar\
    C:\Program Files\Google\GoogleToolbarNotifier
    C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\
    Logitech Desktop Messenger.lnk
    D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    :Reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    "swg"=-
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"=-

    :Services
    DarkSpy
    gusvc
    gupdate1ca15ff3da0eea2

    :Commands
    [start explorer]

  • Colle ce code sous la partie jaune de OTM intitulée:
    "Paste Instructions for Items to be Moved" Image

  • Clique sur le bouton Moveit! pour lancer le nettoyage: Image

  • Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results Image
    --> Un rapport sera généré dans le dossier C:\ _OTM\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)
  • Ferme OTM en cliquant sur Exit: Image

    Note : Si un fichier ou un dossier ne peut être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter.


3- Image Disque PLEIN !!

Regarde ce qu'indique RSIT:

866 MB (2%) free of 40 GB

IL ne reste que 2% d'espace sur ton disque système: c'est bien trop peu, il faut au minimum 15% pour que XP tourne vite et bien: peux-tu s'il te plait faire de la place:
-en supprimant les logiciels que tu n'utilises pas
-en gravant sur DVD, ou en mettant sur un disque dur externe, les mp3, divX, photos etc...
-en supprimant les points de restauration inutiles en suivant ce tuto:
http://www.01net.com/editorial/349586/d ... tauration/


4- Image RSIT

Poste un nouveau rapports RSIT log.txt (<<qui sera affiché), s'il te plaît !


A suivre!
Image
Avatar de l’utilisateur
Ogu
Modérateur
Modérateur
 
Messages: 1372
Inscription: 27 Avr 2006 13:40
Localisation: 93

Re: demande désinfection pc de bureau

Messagepar xeolutyl » 24 Oct 2009 10:40

salut,

dites pour cette manip c'est renommé hijacthis ?? que je dois faire ?

1- Image HIJACKTHIS

* Dans ton menu Démarrer, clique sur "Exécuter"
* Dans la fenêtre d'invite qui apparaît, copie-colle cette ligne:
Citation:
C:\Program Files\Trend Micro\HijackThis\User4.exe
xeolutyl
Libellulien Junior
Libellulien Junior
 
Messages: 185
Inscription: 07 Nov 2008 14:44

Re: demande désinfection pc de bureau

Messagepar xeolutyl » 24 Oct 2009 12:17

j'ai essayé de me débrouiller seul je te post le rapport omt

Error: Unable to interpret <SCRIPT> in the current context!
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\Program Files\Google\Update\Download moved successfully.
C:\Program Files\Google\Update\1.2.183.7 moved successfully.
C:\Program Files\Google\Update moved successfully.
C:\WINDOWS\system32\DarkSpyKernel.sys moved successfully.
C:\Program Files\Yahoo!\Installs moved successfully.
C:\Program Files\Yahoo!\Companion\Modules moved successfully.
Folder move failed. C:\Program Files\Yahoo!\Companion\Installs\cpn0 scheduled to be moved on reboot.
C:\Program Files\Yahoo!\Companion\Installs\cpn moved successfully.
Folder move failed. C:\Program Files\Yahoo!\Companion\Installs scheduled to be moved on reboot.
C:\Program Files\Yahoo!\Companion\Data moved successfully.
Folder move failed. C:\Program Files\Yahoo!\Companion scheduled to be moved on reboot.
C:\Program Files\Yahoo!\Common moved successfully.
Folder move failed. C:\Program Files\Yahoo! scheduled to be moved on reboot.
C:\Program Files\Google\Common\Google Updater moved successfully.
C:\Program Files\Google\Google Toolbar\Component moved successfully.
C:\Program Files\Google\Google Toolbar moved successfully.
C:\Program Files\Google\GoogleToolbarNotifier\swg-5.3.4501.1418 moved successfully.
C:\Program Files\Google\GoogleToolbarNotifier\swg-5.1.1309.3572 moved successfully.
C:\Program Files\Google\GoogleToolbarNotifier\swg-5.1.1309.15642 moved successfully.
C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418 moved successfully.
C:\Program Files\Google\GoogleToolbarNotifier moved successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage moved successfully.
File/Folder Logitech Desktop Messenger.lnk not found.
D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe moved successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list\\D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\swg deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe deleted successfully.
========== SERVICES/DRIVERS ==========

Service\Driver DarkSpy deleted successfully.

Service\Driver gusvc deleted successfully.

Service\Driver gupdate1ca15ff3da0eea2 deleted successfully.
========== COMMANDS ==========

OTM by OldTimer - Version 3.0.0.6 log created on 10242009_125408

Files moved on Reboot...
C:\Program Files\Yahoo!\Companion\Installs\cpn0 moved successfully.
C:\Program Files\Yahoo!\Companion\Installs moved successfully.
C:\Program Files\Yahoo!\Companion moved successfully.
C:\Program Files\Yahoo! moved successfully.

Registry entries deleted on Reboot...
xeolutyl
Libellulien Junior
Libellulien Junior
 
Messages: 185
Inscription: 07 Nov 2008 14:44

Re: demande désinfection pc de bureau

Messagepar Ogu » 24 Oct 2009 12:37

Salut!

Je ne comprends pas ta question. Clique sur "exécuter", copie-colle la ligne de commande que je t'ai indiqué, puis valide: HijackThis se lancera tout seul.
Image
Avatar de l’utilisateur
Ogu
Modérateur
Modérateur
 
Messages: 1372
Inscription: 27 Avr 2006 13:40
Localisation: 93

Re: demande désinfection pc de bureau

Messagepar xeolutyl » 24 Oct 2009 15:00

voilà le rapport


Logfile of random's system information tool 1.06 (written by random/random)
Run by User4 at 2009-10-24 14:28:19
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 2 GB (4%) free of 40 GB
Total RAM: 991 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:29:15, on 24/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
D:\SetPoint\SetPoint.exe
C:\Program Files\UDisk utility 1.00.03\Udisk.exe
C:\Program Files\Fichiers communs\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Documents and Settings\User4\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\User4.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - (no file)
O2 - BHO: (no name) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Torrent-Search Toolbar - {e0c7b854-d5ce-4db6-9804-be1438603d89} - C:\Program Files\Torrent-Search\tbTor0.dll (file missing)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [LogitechSetup] E:\Setup\Setup.exe /start /restart /l:fra
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: UDisk Assistant.lnk = C:\Program Files\UDisk utility 1.00.03\Udisk.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Clavier &virtuel - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Analyse des &liens - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/fich ... _1_1_0.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZI ... b56649.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iolo FileInfoList Service (ioloFileInfoList) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: iolo System Service (ioloSystemService) - Unknown owner - C:\Program Files\iolo\common\lib\ioloServiceManager.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

--
End of file - 9072 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-12-18 1878872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-05-25 68112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e0c7b854-d5ce-4db6-9804-be1438603d89}]
Torrent-Search Toolbar - C:\Program Files\Torrent-Search\tbTor0.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-08-28 264720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{21FA44EF-376D-4D53-9B0F-8A89D3229068}
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-08-26 405504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RaidTool"=C:\Program Files\VIA\RAID\raid_tool.exe [2005-04-26 589824]
"VTTimer"=C:\WINDOWS\system32\VTTimer.exe [2004-07-13 53248]
"VTTrayp"=C:\WINDOWS\system32\VTtrayp.exe [2004-06-21 143360]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-06-20 77824]
"OpwareSE2"=C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe [2003-05-08 49152]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2007-01-23 101136]
"SpeedTouch USB Diagnostics"=C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe /icon []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2009-09-10 1312080]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2006-03-02 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe [2005-10-28 94208]
"LogitechSetup"=E:\Setup\Setup.exe /start /restart /l:fra []

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
Logitech Desktop Messenger.lnk - D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
Logitech SetPoint.lnk - D:\SetPoint\SetPoint.exe
UDisk Assistant.lnk - C:\Program Files\UDisk utility 1.00.03\Udisk.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-05-25 219664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2006-03-02 240128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"ConsentPromptBehaviorAdmin"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe"="C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe:*:Enabled:Dr SpeedTouch"
"C:\Program Files\Microsoft Games\Age of Empires III\age3.exe"="C:\Program Files\Microsoft Games\Age of Empires III\age3.exe:*:Enabled:Age of Empires 3"
"C:\Program Files\Cyanide\Cycling Manager 4\Cym2004.exe"="C:\Program Files\Cyanide\Cycling Manager 4\Cym2004.exe:*:Enabled:Cycling Manager 4"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\User1\Mes documents\Downloads\eMule0.47c-Hardstyle v7.0 beta 6\emule.exe"="C:\Documents and Settings\User1\Mes documents\Downloads\eMule0.47c-Hardstyle v7.0 beta 6\emule.exe:*:Enabled:eMule"
"C:\Documents and Settings\User1\Local Settings\Temporary Internet Files\Content.IE5\269CP7G3\WoW-frFR-Installer-downloader[1].exe"="C:\Documents and Settings\User1\Local Settings\Temporary Internet Files\Content.IE5\269CP7G3\WoW-frFR-Installer-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\Documents and Settings\User1\Local Settings\Temporary Internet Files\Content.IE5\RB5DHBE7\WoW-frFR-Installer-downloader[1].exe"="C:\Documents and Settings\User1\Local Settings\Temporary Internet Files\Content.IE5\RB5DHBE7\WoW-frFR-Installer-downloader[1].exe:*:Enabled:Blizzard Downloader"
"C:\Program Files\PHPDiet\ZazouMiniWebServer.exe"="C:\Program Files\PHPDiet\ZazouMiniWebServer.exe:*:Disabled:ZazouMiniWebServer"
"C:\Program Files\PHPDiet\mysql\bin\mysqld-max.exe"="C:\Program Files\PHPDiet\mysql\bin\mysqld-max.exe:*:Disabled:mysqld-max"
"C:\Program Files\Cyanide\GameCenter\GameCenter.exe"="C:\Program Files\Cyanide\GameCenter\GameCenter.exe:*:Enabled:GameCenter"
"C:\WINDOWS\system32\rtcshare.exe"="C:\WINDOWS\system32\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\Program Files\NetMeeting\conf.exe"="C:\Program Files\NetMeeting\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\Documents and Settings\User1\Bureau\eMule v0.47c Silver Surfer 2.2 bin\emule.exe"="C:\Documents and Settings\User1\Bureau\eMule v0.47c Silver Surfer 2.2 bin\emule.exe:*:Enabled:eMule"
"C:\Program Files\BitLord\BitLord.exe"="C:\Program Files\BitLord\BitLord.exe:*:Enabled:BitLord"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe"="C:\WINDOWS\pchealth\helpctr\binaries\HelpCtr.exe:*:Enabled:Assistance à distance - Windows Messenger et voix"
"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe:*:Enabled:Kaspersky Anti-Virus"
"C:\Program Files\Valve\Steam\SteamApps\phiiloche\counter-strike\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\phiiloche\counter-strike\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\phiiloche\condition zero\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\phiiloche\condition zero\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\phiiloche\day of defeat\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\phiiloche\day of defeat\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application"
"C:\Program Files\Valve\Steam\Steam.exe"="C:\Program Files\Valve\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Valve\Steam\SteamApps\phiiloche\condition zero deleted scenes\hl.exe"="C:\Program Files\Valve\Steam\SteamApps\phiiloche\condition zero deleted scenes\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Valve\Steam\SteamApps\phiiloche\condition zero\hltv\hltv.exe"="C:\Program Files\Valve\Steam\SteamApps\phiiloche\condition zero\hltv\hltv.exe:*:Enabled:HLTV Launcher"
"C:\Program Files\ma-config.com\maconfservice.exe"="C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice"
"C:\Program Files\aMSN\bin\wish.exe"="C:\Program Files\aMSN\bin\wish.exe:*:Disabled:Wish Application"
"C:\Documents and Settings\User2\Bureau\MotoGP 08\Launcher.exe"="C:\Documents and Settings\User2\Bureau\MotoGP 08\Launcher.exe:*:Enabled:MotoGP 08"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

======File associations======

.reg - open - regedit.exe "%1" %*
.scr - open - "%1" %*

======List of files/folders created in the last 1 months======

2009-10-24 12:54:08 ----DC---- C:\_OTM
2009-10-23 12:31:27 ----DC---- C:\rsit
2009-10-22 21:42:16 ----AC---- C:\cleannavi.txt
2009-10-22 09:36:22 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-21 21:09:54 ----AC---- C:\TB.txt
2009-10-21 21:09:15 ----DC---- C:\ToolBar SD
2009-10-15 23:27:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 23:24:16 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 23:23:24 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 23:23:15 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 23:22:50 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 23:21:03 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 23:16:28 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 23:16:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-15 23:14:46 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-15 22:21:22 ----HDC---- C:\Documents and Settings\All Users\Application Data\CanonBJ
2009-10-15 22:13:31 ----HD---- C:\WINDOWS\system32\CanonMP Uninstaller Information
2009-10-15 22:13:03 ----HDC---- C:\CanonMP
2009-10-12 21:26:02 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

======List of files/folders modified in the last 1 months======

2009-10-24 14:28:56 ----D---- C:\WINDOWS\TEMP
2009-10-24 14:28:21 ----D---- C:\WINDOWS\Prefetch
2009-10-24 13:15:28 ----DC---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2009-10-24 13:14:31 ----D---- C:\Program Files
2009-10-24 13:10:58 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-24 12:54:22 ----D---- C:\Program Files\Google
2009-10-24 12:54:10 ----D---- C:\WINDOWS\system32
2009-10-24 12:50:10 ----SD---- C:\WINDOWS\Tasks
2009-10-22 23:50:33 ----SHD---- C:\WINDOWS\Installer
2009-10-22 23:50:33 ----HDC---- C:\Config.Msi
2009-10-22 23:44:53 ----D---- C:\Program Files\Navilog1
2009-10-22 09:36:30 ----D---- C:\WINDOWS\system32\drivers
2009-10-21 22:32:16 ----D---- C:\WINDOWS
2009-10-21 08:28:56 ----HD---- C:\WINDOWS\inf
2009-10-21 08:28:53 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-20 20:02:58 ----D---- C:\Program Files\ma-config.com
2009-10-20 17:22:58 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-20 08:25:45 ----D---- C:\WINDOWS\Help
2009-10-18 11:23:43 ----D---- C:\Documents and Settings\User4\Application Data\Canon
2009-10-16 17:21:09 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-16 17:20:57 ----RSD---- C:\WINDOWS\assembly
2009-10-15 23:33:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-15 23:32:09 ----D---- C:\WINDOWS\WinSxS
2009-10-15 23:24:21 ----A---- C:\WINDOWS\imsins.BAK
2009-10-15 23:21:57 ----D---- C:\WINDOWS\system32\fr-fr
2009-10-15 23:21:57 ----D---- C:\Program Files\Internet Explorer
2009-10-15 23:21:32 ----D---- C:\WINDOWS\ie7updates
2009-10-15 23:16:17 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-15 22:18:26 ----AC---- C:\WINDOWS\MAXLINK.INI
2009-10-15 22:18:13 ----D---- C:\Program Files\Fichiers communs\ScanSoft Shared
2009-10-15 22:15:37 ----D---- C:\Program Files\Canon
2009-10-15 22:13:57 ----D---- C:\WINDOWS\StartHtmico
2009-10-15 22:13:30 ----D---- C:\WINDOWS\twain_32
2009-10-09 10:59:37 ----A---- C:\WINDOWS\NeroDigital.ini
2009-10-02 20:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-28 20:47:59 ----D---- C:\Documents and Settings\User4\Application Data\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;Pilote de processeur AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 43520]
R1 BANTExt;Belarc SMBios Access; C:\WINDOWS\System32\Drivers\BANTExt.sys [2005-04-07 3840]
R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-19 14848]
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2009-08-28 296976]
R1 prodrv06;StarForce Protection Environment Driver v6; C:\WINDOWS\System32\drivers\prodrv06.sys [2004-04-08 54272]
R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2008-02-07 278728]
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2008-02-07 25416]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-06-20 2324480]
R3 FETND5BV;VIA Rhine-Family Fast Ethernet Adapter Driver Service; C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2005-03-18 42496]
R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-05-13 31760]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]
R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12288]
R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2006-03-02 26624]
R3 usbhub;Concentrateur USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2006-03-02 57600]
R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2006-03-02 20480]
R3 viagfx;viagfx; C:\WINDOWS\system32\DRIVERS\vtmini.sys [2004-08-09 160640]
S1 AmdPPM;Pilote de processeur AMD HwPState; C:\WINDOWS\system32\DRIVERS\AmdPPM.sys []
S1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys []
S1 InCDRm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys []
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN); C:\WINDOWS\system32\DRIVERS\alcan5wn.sys [2003-12-08 53600]
S3 alcaudsl;SpeedTouch ADSL Modem ATM Transport; C:\WINDOWS\system32\DRIVERS\alcaudsl.sys [2003-12-08 70688]
S3 catchme;catchme; \??\C:\DOCUME~1\User1\LOCALS~1\Temp\catchme.sys []
S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Documents and Settings\User2\Mes documents\setup\MediaCoder\SysInfo.sys []
S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []
S3 FETNDIS;Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-12-06 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-12-06 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-12-06 21568]
S3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2007-01-23 20496]
S3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2007-01-23 62992]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2007-01-23 34576]
S3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2007-01-23 78864]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2007-01-23 28176]
S3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\LVUSBSta.sys []
S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2008-04-29 47360]
S3 PID_0928;Logitech QuickCam Express(PID_0928); C:\WINDOWS\system32\DRIVERS\LV561AV.SYS []
S3 PSI;PSI; C:\WINDOWS\system32\DRIVERS\psi_mf.sys [2008-12-10 7808]
S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 25856]
S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 InCDFs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys []
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-05-25 303376]
R2 ioloFileInfoList;iolo FileInfoList Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 572776]
R2 ioloSystemService;iolo System Service; C:\Program Files\iolo\common\lib\ioloServiceManager.exe [2007-11-22 572776]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2006-03-02 14336]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2006-03-02 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 fsssvc;Windows Live Contrôle parental; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-01-24 216232]
S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-03 918016]
S4 FNHBKYM;FNHBKYM; C:\DOCUME~1\User1\LOCALS~1\Temp\FNHBKYM.exe []
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 PTK Scanner-CAGCAT10-20669722;PTK Scanner-CAGCAT10-20669722; D:\ScannerService.exe []
S4 YHKPSLV;YHKPSLV; C:\DOCUME~1\User1\LOCALS~1\Temp\YHKPSLV.exe []

-----------------EOF-----------------
xeolutyl
Libellulien Junior
Libellulien Junior
 
Messages: 185
Inscription: 07 Nov 2008 14:44

Re: demande désinfection pc de bureau

Messagepar Ogu » 25 Oct 2009 15:09

Re!

On poursuit: sachant qu'il faut encore que tu fasses de la place sur ton disque C:\: il faudrait récupérer au minimum encore 11% d'espace libre, soit environ 4GO.


Il tourne sur ta machine deux pilotes inconnus de Google: utilises-tu pour tes nombreux jeux un émulateur de lecteur CD de type Daemon Tools, Alcohol, PowerIso, etc...??

Image NOVIRUSTHANKS

Va sur le site NoVirusThanks ! en cliquant sur cette image:
Image

  • Copie cette ligne:

    C:\DOCUME~1\User1\LOCALS~1\Temp\FNHBKYM.exe


  • Sur la page NoVirusThanks, clique sur le bouton "Parcourir" Image

  • Une boîte de dialogue s'ouvre: dans la zone "Nom du fichier", colle la ligne préalablement copiée, comme indiqué sur l'image:

    Image

  • Clique enfin sur le bouton "Ouvrir": la boîte de dialogue se ferme

  • Sur la page NoVirusThanks, clique maintenant sur le bouton "Submit File"
    Image
    et laisse travailler tant que "Status: scanning" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Status: finished"), descend en bas de la page et copie le contenu de l'intégralité de la boîte intitulée BB Code:

    Image

  • Enfin colle le résultat dans ta prochaine réponse.

    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.



Image HIJACKTHIS

  • Dans ton menu Démarrer, clique sur "Exécuter"
  • Dans la fenêtre d'invite qui apparaît, copie-colle cette ligne:
    C:\Program Files\Trend Micro\HijackThis\User4.exe

  • Valide avec "OK"
  • HijackThis renommé se lance: clique sur "Do a system scan only"
  • Coche la case devant la ligne suivante:

    Code: Tout sélectionner
    O4 - Global Startup: Logitech Desktop Messenger.lnk = D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe


  • Puis clique en bas sur "Fix Checked"
  • Fais redémarrer ta machine



Image OTM

  • Relance OTM en double-cliquant sur OTM.exe
  • Copie l'entièreté du code ci-dessous (qui commence par SCRIPT):
    Code: Tout sélectionner
    SCRIPT

    :Processes
    explorer.exe
    LogitechDesktopMessenger.exe

    :Files
    C:\WINDOWS\tasks\Google Software Updater.job
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
    C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
    C:\Program Files\Torrent-Search
    D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\BitLord\

    :Reg
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "D:\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e0c7b854-d5ce-4db6-9804-be1438603d89}]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{EF99BD32-C1FB-11D2-892F-0090271D4F88}"=-
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}"=-
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\BitLord\BitLord.exe"=-

    :Commands
    [emptytemp]

  • Colle ce code dans la partie jaune de OTM intitulée:
    "Paste Instructions for Items to be Moved" Image

  • Clique sur le bouton Moveit! pour lancer le nettoyage: Image

  • Copie-colle dans ta prochaine réponse tout ce qui se trouve dans la fenêtre Results Image
    --> Un rapport sera généré dans le dossier C:\ _OTM\MovedFiles avec la date et l'heure du passage de l'outil (mmddyyyy_hhmmss.log)
  • Ferme OTMen cliquant sur Exit: Image

Note : Si un fichier ou un dossier ne peut être supprimé directement, l'outil peut demander un redémarrage pour terminer le processus. Clique alors sur "Yes" pour accepter.



Image IE 8

Il faut mettre Internet Explorer à jour, tu tournes encore avec la version 7, et ce, même si tu utilises Firefox, car certains logiciels utilisent encore IE (par exemple Windows Media Player), et les mises à jour XP se font via IE.

Pourquoi mettre à jour Internet Explorer (par Malekal)

Télécharge IE8 en cliquant sur l'image, puis installe-le:

Image


Bon week-end!
Image
Avatar de l’utilisateur
Ogu
Modérateur
Modérateur
 
Messages: 1372
Inscription: 27 Avr 2006 13:40
Localisation: 93

Re: demande désinfection pc de bureau

Messagepar xeolutyl » 25 Oct 2009 20:09

oui daemontool
xeolutyl
Libellulien Junior
Libellulien Junior
 
Messages: 185
Inscription: 07 Nov 2008 14:44

Re: demande désinfection pc de bureau

Messagepar Ogu » 25 Oct 2009 20:19

Ok: le driver random est peut-être lié à ce logiciel. On verra après le scan NoVirusThanks.

Bye!
Image
Avatar de l’utilisateur
Ogu
Modérateur
Modérateur
 
Messages: 1372
Inscription: 27 Avr 2006 13:40
Localisation: 93

Re: demande désinfection pc de bureau

Messagepar xeolutyl » 25 Oct 2009 22:15

si je suis sur la session 4 ça ne marche pas faut que je me mette sur la session 1 qui est l'admin et oui je sais nul de mettre 4 sessions mais bon je m'occupe plus trop de ce pc il est juste chez moi ...
xeolutyl
Libellulien Junior
Libellulien Junior
 
Messages: 185
Inscription: 07 Nov 2008 14:44

Re: demande désinfection pc de bureau

Messagepar Ogu » 29 Oct 2009 20:08

Alors ?
Image
Avatar de l’utilisateur
Ogu
Modérateur
Modérateur
 
Messages: 1372
Inscription: 27 Avr 2006 13:40
Localisation: 93

Re: demande désinfection pc de bureau

Messagepar xeolutyl » 31 Oct 2009 19:36

quand je colle le lien pour no virus thanks ça me met que le fichier n'existe pas
xeolutyl
Libellulien Junior
Libellulien Junior
 
Messages: 185
Inscription: 07 Nov 2008 14:44

Suivante

Retourner vers Désinfections et demandes d'analyse

Qui est en ligne

Utilisateurs parcourant ce forum: Aucun utilisateur enregistré et 0 invités