Salut !

J'ai des problemes de pubs qui viennent et de ralentissements donc je vous poste un log hijackthis est ce que tout est normal SVP ?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55:48, on 23/07/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16681)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Windows\vsnpstd.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Moi\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Moi\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\system32\NOTEPAD.EXE
c:\users\Moi\Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [snpstd] C:\Windows\vsnpstd.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\Moi\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O13 - Gopher Prefix:
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fich [...] _0_4_9.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/bina [...] b56649.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://65.7.199.200:7000/activex/AMC.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - http://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 10652 bytes


Merci

Bonjour,

Télécharge Navilog (de Il-Mafioso)

• Enregistre-le sur ton Bureau.
• Installe-le en double cliquant sur navilog.exe.
• Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.

(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau) [Clic droit -> "Exécuter en tant qu'administrateur". ( Pour Vista)]

• Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.

! N'utilise pas l'option 2, 3 et 4 sans notre accord !

• Patiente jusqu'à l'apparition de ce message :

*** Analyse Termine le ..... ***

• Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste le rapport ici.
• Poste le rapport généré.

Le rapport se trouve ici : C:\fixnavi.txt

Si tu as Vista, fais ceci avant :
Désactive l'UAC (Menu Démarrer \ Panneau de Configuration \ Comptes d'utilisateurs et protection des utilisateurs \ Comptes d'utilisateurs \ Activer ou désactiver le contrôle des comptes d'utilisateurs \ décoche la case Utiliser le contrôle ... et valide par OK , il te sera demandé de redémarrer, fais le)

Bonjour !

Voici le rapport
Search Navipromo version 3.6.1 commencé le 24/07/2008 à 15:46:28,51

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Moi"

Mise à jour le 19.07.2008 à 20h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16681
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "C:\Windows" ***


*** Recherche dossiers dans "C:\Program Files" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***


*** Recherche dossiers dans "C:\ProgramData" ***


*** Recherche dossiers dans "c:\users\moi\appdata\roaming\micros~1\windows\startm~1\programs" ***


*** Recherche dossiers dans "C:\Users\Moi\AppData\Local\virtualstore\Program Files" ***


*** Recherche dossiers dans "C:\Users\Moi\AppData\Roaming" ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun Fichier Navipromo trouvé


*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "C:\Windows\system32" *

* Recherche dans "C:\Users\Moi\AppData\Local\Microsoft" *

* Recherche dans "C:\Users\Moi\AppData\Local\virtualstore\windows\system32" *

* Recherche dans "C:\Users\Moi\AppData\Local" *



*** Recherche fichiers ***



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "C:\Windows\system32" :


* Dans "C:\Users\Moi\AppData\Local\Microsoft" :


* Dans "C:\Users\Moi\AppData\Local\virtualstore\windows\system32" :


* Dans "C:\Users\Moi\AppData\Local" :


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :



*** Analyse terminée le 24/07/2008 à 15:58:52,91 ***

J'ai un autre probleme ,

lorsque je vais dans ordinateur / HDD , j'ai une boite de dialogue qui s'ouvre qui me dit :

CRITICAL ERROR

Attention ; Moi! Some dangerous viruses detected in your system .
Windows vista premium files corrupted
This may lead to the destruction of important files in : CWindows
Download protection software now !
Click ok to download the antispyware ( recommended )

et sa m'envoie sur une page qui quelque secondes aprés me met un fichier a telecharger

EDIT : finalement sa le fais pas que sur HDD mais partout

Merci de ton aide

sa me la refait

Pas Navipromo..

Télécharge ComboFix (de sUBs) sur ton Bureau.

• Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
• Double clique sur ComboFix.exe.
• Accepte la licence en cliquant sur Oui.
• Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.

Re ,

Voila le rapport

ComboFix 08-07-23.5 - Moi 2008-07-24 20:09:59.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.859 [GMT 2:00]
Endroit: C:\Users\Moi\Downloads\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\setup.exe
C:\Windows\config.ini
C:\Windows\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-24 to 2008-07-24 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 18:00 --------- d-----w C:\Program Files\Steam
2008-07-24 14:00 --------- d-----w C:\Program Files\Navilog1
2008-07-24 13:43 --------- d-----w C:\Program Files\GameSpy Arcade
2008-07-24 13:36 17,920 ----a-w C:\Windows\System32\bhoextn.dll
2008-07-24 13:31 351,782 ---ha-w C:\Windows\system32\drivers\vsconfig.xml
2008-07-24 03:53 --------- d-----w C:\Program Files\IDoser v4
2008-07-23 17:42 --------- d-----w C:\Program Files\Java
2008-07-23 16:47 --------- d-----w C:\ProgramData\CheckPoint
2008-07-23 16:47 --------- d-----w C:\Program Files\Zone Labs
2008-07-21 15:23 --------- d-----w C:\ProgramData\NVIDIA
2008-07-19 20:48 --------- d-----w C:\Users\Moi\AppData\Roaming\SystemRequirementsLab
2008-07-19 20:48 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-07-19 01:29 --------- d-----w C:\Users\Moi\AppData\Roaming\Apple Computer
2008-07-19 01:27 --------- d-----w C:\ProgramData\Apple
2008-07-19 01:27 --------- d-----w C:\Program Files\Apple Software Update
2008-07-18 00:02 --------- d-----w C:\Program Files\Common Files\Steam
2008-07-15 16:04 --------- d-----w C:\Users\Moi\AppData\Roaming\Move Networks
2008-07-10 01:08 174 --sha-w C:\Program Files\desktop.ini
2008-07-10 01:00 --------- d-----w C:\Program Files\Windows Mail
2008-07-08 12:54 --------- d-----w C:\Users\Moi\AppData\Roaming\OpenOffice.org2
2008-07-08 12:48 --------- d-----w C:\Program Files\StuffPlug3
2008-07-07 15:18 --------- d-----w C:\Program Files\Picasa2
2008-07-06 19:38 --------- d-----w C:\Program Files\SixaxisDriver
2008-07-06 19:32 --------- d-----w C:\Program Files\LibUSB-Win32-0.1.10.1
2008-07-06 02:06 --------- d-----w C:\Users\Moi\AppData\Roaming\K-Meleon
2008-07-06 02:05 --------- d-----w C:\Program Files\K-Meleon
2008-07-06 01:59 --------- d-----w C:\Users\Moi\AppData\Roaming\Netscape
2008-07-06 01:59 --------- d-----w C:\Program Files\Netscape
2008-07-03 20:28 --------- d-----w C:\Users\Moi\AppData\Roaming\uTorrent
2008-07-03 19:16 --------- d-----w C:\Program Files\Ip
2008-07-03 19:15 290,816 ------w C:\Windows\Setup1.exe
2008-06-29 20:26 --------- d-----w C:\Program Files\TechSmith
2008-06-29 20:26 --------- d-----w C:\Program Files\Common Files\TechSmith Shared
2008-06-29 20:08 --------- d---a-w C:\ProgramData\TEMP
2008-06-29 19:51 --------- d-----w C:\Program Files\CamStudio
2008-06-29 11:08 --------- d-----w C:\Program Files\Hide IP Platinum
2008-06-28 15:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 13:19 --------- d-----w C:\Program Files\SWAT 4
2008-06-28 12:53 --------- d-----w C:\Program Files\Free Download Manager
2008-06-26 00:34 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-06-26 00:33 9,892,864 ----a-w C:\Windows\System32\NlsLexicons000a.dll
2008-06-06 21:17 --------- d-----w C:\Program Files\WhereOutlook
2008-06-05 00:29 --------- d-----w C:\Program Files\Axis Communications
2008-06-04 15:53 --------- d-----w C:\ProgramData\AutoClic
2008-06-04 15:53 --------- d-----w C:\Program Files\AutoClic
2008-06-02 03:27 74,752 ----a-w C:\Users\Moi\deezer_downloader_by_megaman5.exe
2008-06-02 03:10 --------- d-----w C:\Users\Moi\AppData\Roaming\LimeWire
2008-06-02 02:52 --------- d-----w C:\Program Files\LimeWire
2008-06-02 02:42 --------- d-----w C:\Program Files\eMule
2008-05-10 03:30 14,848 ----a-w C:\Windows\System32\wshrm.dll
2008-04-27 02:42 2,771,456 ----a-w C:\Program Files\Softcam152.exe
2008-04-27 02:37 770 ----a-w C:\Program Files\RegCleaner.lnk
2008-04-26 08:02 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:23 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-04-25 04:23 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-04-25 04:23 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-04-25 04:22 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-04-19 10:33 897 ----a-w C:\Program Files\samp.lnk
2008-04-16 17:56 909 ----a-w C:\Program Files\San Andreas.lnk
2008-03-09 00:33 621 ----a-w C:\Program Files\HLSS 3.00 - Raccourci.lnk
2008-02-22 01:02 1,888 ----a-w C:\Program Files\Jouer en ligne à Battlefield 2 !.lnk
2008-02-22 01:02 1,866 ----a-w C:\Program Files\Battlefield 2.lnk
2008-02-08 04:57 819 ----a-w C:\Program Files\Notepad++.lnk
2008-02-06 11:47 1,956 ----a-w C:\Program Files\Subtitle Workshop.lnk
2008-01-13 04:45 22,328 ----a-w C:\Users\Moi\AppData\Roaming\PnkBstrK.sys
2007-11-19 16:42 1,852 ----a-w C:\Program Files\avast! Antivirus.lnk
2007-11-04 06:10 1,012 ----a-w C:\Program Files\dBpoweramp Music Converter.lnk
2005-06-25 07:49 323,584 ----a-w C:\Users\Moi\SAAC.exe
2008-02-02 00:58 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-02 00:58 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-02 00:58 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-09-28 20:25 56 --sh--r C:\Windows\System32\2BC630817E.sys
2007-09-28 20:25 11,270 --sha-w C:\Windows\System32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:01 1232896]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2006-10-23 16:49 1092152]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 04:40 218032]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 11:40 232184]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-24 04:50 1838592]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]
"snpstd"="C:\Windows\vsnpstd.exe" [2005-10-11 21:54 339968]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-12 05:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-12 05:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-12 05:28 81920]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-03 15:05 959976]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 11:57 3784704 C:\Windows\RtHDVCpl.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 03:23 443968]

C:\Users\Moi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
Outil de notification Live Search.lnk - C:\Users\Moi\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe [2008-05-30 19:24:51 152616]
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-12 00:34:48 3746856]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.CSCD"= camcodec.dll
"MSVideo"= CSvidcap.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
--a------ 2007-07-02 12:27 219520 C:\Program Files\Alcohol Soft\Alcohol 120\AxCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WhereOutlook]
--a------ 2006-04-02 17:59 85504 C:\Program Files\WhereOutlook\WhereOutlook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{386FD009-7852-4E93-B0E8-E8C9A30AB29B}"= UDP:C:\Program Files\Steam\Steam.exe:Steam Client
"{F635333D-D88D-401E-BB1C-1300DF93D09C}"= TCP:C:\Program Files\Steam\Steam.exe:Steam Client
"{76756F52-82FF-4BD7-82F0-8F5BCA4D706A}"= UDP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{1569CF1B-713F-4313-8A76-BCCAFC33B4CF}"= TCP:C:\Program Files\uTorrent\utorrent.exe:µTorrent
"{71B2FC04-BA38-4C46-8466-87DDFA102507}"= UDP:C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt
"{9113ED14-48F2-42D4-9A7C-DD362E3DE933}"= TCP:C:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe:VoipStunt
"TCP Query User{30B2AE98-213D-4933-BF9E-35D43CDD7410}C:\\program files\\steam\\steamapps\\vitafoxe\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\vitafoxe\counter-strike source\hl2.exe:hl2
"UDP Query User{1CF6186C-2964-4526-89EF-A47F6AF78481}C:\\program files\\steam\\steamapps\\vitafoxe\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\vitafoxe\counter-strike source\hl2.exe:hl2
"{3C0EB5F0-73DC-40DC-9AD5-303FC72D2E09}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{422C4DC0-E187-45A3-8479-04BC058601A4}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{E2756441-2B44-4AFF-9AAB-F11317DA4B95}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{F1EE465F-7618-4750-AA7C-B9D13AE7F412}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{7A1DA3FF-F469-4FDF-9C3A-64550F7110E0}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{545D7193-9D4E-44FD-A152-D7D119245189}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA
"{C24609DD-286F-4749-B062-7BBBEE277816}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB
"{4CE2B765-2F1C-4E40-8119-7ADBB1EF72C7}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB
"TCP Query User{EB741131-8732-4D1A-B787-478E52A15F6F}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{25A6B63A-5510-4A3C-97DE-FEB6C8B9CA84}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{EBFBBBFD-0C4B-4A34-A0F8-28A86245AA21}C:\\program files\\steam\\steamapps\\****\\half-life 2 deathmatch\\hl2.exe"= UDP:C:\program files\steam\steamapps\****\half-life 2 deathmatch\hl2.exe:hl2
"UDP Query User{A6AE9A8A-24F9-4EFE-AB80-F37C40A56361}C:\\program files\\steam\\steamapps\\****\\half-life 2 deathmatch\\hl2.exe"= TCP:C:\program files\steam\steamapps\****\half-life 2 deathmatch\hl2.exe:hl2
"TCP Query User{5432A120-729B-4923-9373-FFD302341A65}C:\\program files\\steam\\steamapps\\****\\counter-strike\\hl.exe"= UDP:C:\program files\steam\steamapps\****\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{22A718E3-D259-472F-B69A-B755B110036D}C:\\program files\\steam\\steamapps\\****\\counter-strike\\hl.exe"= TCP:C:\program files\steam\steamapps\****\counter-strike\hl.exe:Half-Life Launcher
"TCP Query User{5A40D8CE-DACC-4C2C-9965-27C17783B090}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= UDP:C:\program files\konami\pro evolution soccer 6\pes6.exees6.exe
"UDP Query User{6DDB2F0E-A650-4BC9-AC89-055A3FF3B2E0}C:\\program files\\konami\\pro evolution soccer 6\\pes6.exe"= TCP:C:\program files\konami\pro evolution soccer 6\pes6.exees6.exe
"{5F07D80D-A02A-427E-9DD6-4DAF05B92E4C}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{61E098FB-455E-4C03-87DB-2EFC5C90B373}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{AE01E0ED-C26D-4E25-85F3-6138D2C22E13}C:\\program files\\steam\\steamapps\\****\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\****\day of defeat source\hl2.exe:hl2
"UDP Query User{9B46B0D8-D654-4C45-8AF5-4ABDEF1755F9}C:\\program files\\steam\\steamapps\\****\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\****\day of defeat source\hl2.exe:hl2
"{EB69FEAE-CBE1-45AF-A112-77B24C7504A9}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B77CAB6D-E68D-44A3-9167-2738B6355F33}C:\\program files\\steam\\steamapps\\****\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\****\counter-strike source\hl2.exe:hl2
"UDP Query User{00868518-CDE9-41E9-85FB-90FF53B6FBA6}C:\\program files\\steam\\steamapps\\****\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\****\counter-strike source\hl2.exe:hl2
"TCP Query User{1BC9F91F-92AD-40E3-BB30-304CFB171A62}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{1C22A79B-7A47-4BAC-99DE-3E264859BCEF}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{41C060B3-990C-464F-A74D-F8A775537B85}C:\\users\\moi\\desktop\\deezer_downloader_by_megaman5.exe"= UDP:C:\users\moi\desktop\deezer_downloader_by_megaman5.exeeezer_downloader_by_megaman5.exe
"UDP Query User{33D21F01-CCF8-4AEF-A270-B94E6DD7CCFE}C:\\users\\moi\\desktop\\deezer_downloader_by_megaman5.exe"= TCP:C:\users\moi\desktop\deezer_downloader_by_megaman5.exeeezer_downloader_by_megaman5.exe
"TCP Query User{88B130C8-8B6E-45A8-BFDB-74F42428D772}C:\\users\\moi\\desktop\\deezer.exe"= UDP:C:\users\moi\desktop\deezer.exeeezer.exe
"UDP Query User{72ECEA94-D075-4F19-87DF-69C48E5D9867}C:\\users\\moi\\desktop\\deezer.exe"= TCP:C:\users\moi\desktop\deezer.exeeezer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-05-16 01:18]
R3 athrusb;Atheros Wireless LAN USB device driver;C:\Windows\system32\DRIVERS\athrusb.sys [2006-12-22 20:05]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\Windows\system32\drivers\libusb0.sys [2005-03-09 20:50]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-03 10:11]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-07-17 04:39]
S3 XPADFL02;XPAD Filter Service 02;C:\Windows\system32\DRIVERS\xpadfl02.sys [2006-12-24 05:15]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba674a3f-519a-11dc-b846-001bb95cce8d}]
\shell\AutoRun\command - I:\MGS2SSetup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd9e7735-63bf-11dc-9566-001bb95cce8d}]
\shell\AutoRun\command - K:\autorun.exe

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-24 18:00:04 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-07-18 18:00:00 C:\Windows\Tasks\Norton Internet Security - Analyse système complète - Moi.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2008-07-24 18:00:04 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-07-23 03:10:02 C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
"2008-07-24 18:15:20 C:\Windows\Tasks\User_Feed_Synchronization-{619A58EF-9E45-41F6-9717-7F3C8A2977E0}.job"
- C:\Windows\system32\msfeedssync.exe
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-[webwiz] - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/

O16 -: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - hxxp://www.touslesdrivers.com/fichiers/hardwaredetection/hardwaredetection_2_0_4_9.cab
C:\Windows\Downloaded Program Files\hardwaredetection.inf

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://65.7.199.200:7000/activex/AMC.cab
C:\Windows\Downloaded Program Files\setup.inf


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-24 20:15:27
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-24 20:17:11
ComboFix-quarantined-files.txt 2008-07-24 18:17:02

Pre-Run: Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
Post-Run: 109,151,830,016 octets libres

241 --- E O F --- 2008-07-21 15:05:02

Re

Mieux ?

- Poste de travail/outils/option des dossiers/affichage/cocher afficher les fichiers et dossiers cachés/Appliquer - - > OK
- Poste de travail/outils/option des dossiers/affichage/décocher masquer les fichiers protégés du système d’exploitation/Appliquer - - > OK
- Poste de travail/outils/option des dossiers/affichage/décocher masquer les extensions dont le type est connu/Appliquer - - > OK

N'oublie pas de recacher à nouveau les fichiers cachés et protégés du système d'exploitation en fin de désinfection, c'est important

Fais analyser ce(s) fichier(s) sur ce site >> Virustotal <<

• Clique sur Parcourir en haut, choisis Poste de travail et cherche ce fichier : C:\Windows\System32\ bhoextn.dll
• Clique maintenant sur Envoyer le fichier.