Spywares tenaces!!

samirou2103 -
chimay8 Messages postés 7947 Statut Contributeur sécurité - 1 mai 2009 à 13:32

Bonjour,

mon ordi est victime d'un spyware et malgré l'utilisation de spybot celui-ci est encore présent.
la seule residuelle est un fond d'écran NOIR avec une inscription WARNING.
j'aurais donc besoin de votre aidre pour résoudre définitivement le probleme.
j'ai fais un rapport avec hiJackThis, le voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:05:39, on 27/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.tiscali.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
F2 - REG:system.ini: Shell=explorer.exe C:\WINDOWS\Media\csrss.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\sam\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Windows Resurections] C:\WINDOWS\TEMP\nd3a1c.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: bw+0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: c:\windows\system32\yonugese.dll,C:\WINDOWS\system32\gunowini.dll
O20 - Winlogon Notify: ssqNGXQJ - C:\WINDOWS\
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yonugese.dll (file missing)
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\yonugese.dll (file missing)
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\WINDOWS\system32\yhs783ijfo3fe.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Update Service (gupdate1c9a431286796c0) (gupdate1c9a431286796c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug and Play (RPC) (PlugPlayRPC) - Unknown owner - C:\WINDOWS\portsv.exe (file missing)

Afficher la suite

47 réponses

Réponse 41 / 47

samirou2103

voici :

mais le scan n'a pas pu etee effectué jusqu'au bout pour des raisons qu j'ignore .

Avira AntiVir Personal
Report file date: mercredi 29 avril 2009 20:16

Scanning for 1368795 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: sam
Computer name: SAMIA

Version information:
BUILD.DAT : 8.2.0.347 16934 Bytes 16/03/2009 14:45:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 19:25:32
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 19:10:26
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 11:25:22
ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 16/04/2009 17:44:38
ANTIVIR3.VDF : 7.1.3.121 198144 Bytes 28/04/2009 10:30:24
Engineversion : 8.2.0.156
AEVDF.DLL : 8.1.1.0 106868 Bytes 31/01/2009 11:23:30
AESCRIPT.DLL : 8.1.1.77 381306 Bytes 25/04/2009 06:53:46
AESCN.DLL : 8.1.1.10 127348 Bytes 04/04/2009 17:43:36
AERDL.DLL : 8.1.1.3 438645 Bytes 21/11/2008 19:10:38
AEPACK.DLL : 8.1.3.14 397685 Bytes 17/04/2009 17:46:34
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 11:25:30
AEHEUR.DLL : 8.1.0.122 1737080 Bytes 25/04/2009 06:53:46
AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 11:25:28
AEGEN.DLL : 8.1.1.39 348532 Bytes 25/04/2009 06:53:44
AEEMU.DLL : 8.1.0.9 393588 Bytes 21/11/2008 19:10:32
AECORE.DLL : 8.1.6.9 176500 Bytes 14/04/2009 17:43:30
AEBB.DLL : 8.1.0.3 53618 Bytes 21/11/2008 19:10:30
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02
AVREP.DLL : 8.0.0.3 155688 Bytes 20/04/2009 17:43:34
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 29 avril 2009 20:16

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\Documents and Settings\sam\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll
[DETECTION] Is the TR/Crypt.IL Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll
[DETECTION] Is the TR/Crypt.IL Trojan
[NOTE] The file was deleted!

The registry was scanned ( '56' files ).

Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\ARKA.tmp
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
C:\ARKB.tmp
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
C:\ARKC.tmp
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
C:\ARKD.tmp
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
C:\ARKE.tmp
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\sebajuyo.exe
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\U129Y5UV\lsp[1].exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was deleted!

End of the scan: mercredi 29 avril 2009 21:24
Used time: 1:08:05 Hour(s)

The scan has been canceled!

6720 Scanning directories
285694 Files were scanned
9 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
9 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
285684 Files not concerned
7324 Archives were scanned
1 Warnings
9 Notes

en redémarrant j'ai eu ce message d'erreur "run dLL".

Réponse 42 / 47

chimay8 Messages postés 7947 Statut Contributeur sécurité 60

le message d'erreur c'est en générale,une ligne de la base de registre(associé au virus) qui se lance et qui trouve pas le fichier.exe

bien,je sais que je vais t'embèter,mais l'infection que tu as parviens à se relancer!
tu es la troisième personnes qui à ce problème cette semaine,et les helpers cherchent un moyen de la dégommer plus rapidement...vous avez tous les mêmes "symptomes"...

donc,

Télécharge OTCleanIT de Old Timer.(il va nettoyer les outils utilisé)
http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
Double-clique sur OTCleanIt.exe.
Cliquez sur le bouton "CleanUp!" .
Sélectionnez Oui lorsque la demande " processus de nettoyage?" s'affiche.
Si tu es invité à redémarrer le PC au cours de l'assainissement, sélectionne Oui.
L'outil va se supprimer lui-même une fois la fin de l'opération.
Sinon supprime le manuellement.

ensuite

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

**Désactive les logiciels de protection** (Antivirus, Antispywares) puis :
deconnecte toi d'internet,ferme tout les programmes

Double-clique sur combofix,si il te demande d'installer la console,fais le(voir plus bas)
ensuite,
il va te poser une question, réponds par la touche 1 et entrée pour valider.
ne touche plus à rien, même pas ta souris!!

Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

ensuite

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.
http://images.malwareremoval.com/random/RSIT.exe

Double-clique sur RSIT.exe afin de lancer RSIT.
Clique "Continue" à l'écran Disclaimer.

Si l'outil HIjackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

NB : Les rapports sont sauvegardés dans le dossier C:\rsit

Réponse 43 / 47

samirou2103

pas de chance et encore merci pour ton aide .

voici le rapport combofix:

ComboFix 09-04-30.02 - sam 30/04/2009 23:37.11 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1534.1128 [GMT 2:00]
Lancé depuis: c:\documents and settings\sam\Bureau\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

((((((((((((((((((((((((((((( Fichiers créés du 2009-03-28 au 2009-04-30 ))))))))))))))))))))))))))))))))))))
.

2009-04-29 17:47 . 2009-04-29 17:47 -------- d-----w c:\documents and settings\sam\Application Data\Malwarebytes
2009-04-29 17:47 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-29 17:47 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 17:47 . 2009-04-29 17:47 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-29 17:47 . 2009-04-29 17:47 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-29 17:30 . 2009-04-29 17:30 -------- d-----w c:\documents and settings\sam\Application Data\Twain
2009-04-28 19:25 . 2009-04-28 19:25 -------- d-----w C:\UsbFix
2009-04-27 17:16 . 2009-04-27 17:16 -------- d-----w C:\ToolBar SD
2009-04-15 16:59 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 16:59 . 2009-03-06 14:46 286208 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 16:59 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 16:59 . 2009-02-09 10:08 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 16:59 . 2009-02-09 10:20 685056 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 16:59 . 2009-02-09 10:20 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 16:59 . 2009-02-09 10:20 739840 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 16:58 . 2008-12-16 12:49 351232 ------w c:\windows\system32\dllcache\winhttp.dll
2009-04-15 16:58 . 2008-04-21 21:27 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 04:23 . 2009-04-13 04:23 -------- d-sh--w C:\FOUND.073
2009-04-13 03:53 . 2009-04-13 03:53 -------- d-sh--w C:\FOUND.072
2009-04-07 08:00 . 2009-04-07 08:00 -------- d-sh--w C:\FOUND.071

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 10:27 . 2005-01-23 10:37 78148 ----a-w c:\windows\system32\perfc00C.dat
2009-04-22 10:27 . 2005-01-23 10:37 476284 ----a-w c:\windows\system32\perfh00C.dat
2009-03-24 19:20 . 2006-06-25 15:49 51800 ----a-w c:\documents and settings\sam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-24 19:12 . 2009-03-24 19:12 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-24 19:11 . 2009-03-24 19:11 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-24 19:09 . 2009-03-24 19:09 -------- d-----w c:\program files\Microsoft
2009-03-24 19:09 . 2009-03-24 19:09 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-24 19:02 . 2009-03-24 19:02 -------- d-----w c:\program files\Fichiers communs\Windows Live
2009-03-20 08:39 . 2009-03-20 08:39 -------- d-----w c:\program files\Mumble
2009-03-06 14:46 . 2004-08-05 03:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 12:12 . 2008-09-10 21:00 3476 ----a-w c:\program files\mpc7.reg
2009-03-03 12:12 . 2008-09-10 21:00 680 ----a-w c:\program files\mpc2.reg
2009-03-03 12:12 . 2008-09-10 21:00 558 ----a-w c:\program files\mpc1.reg
2009-03-03 12:12 . 2008-09-10 21:00 3554 ----a-w c:\program files\ffdssetts.reg
2009-03-03 12:12 . 2008-09-10 21:00 31570 ----a-w c:\program files\ffdsvsetts.reg
2009-03-03 12:12 . 2008-09-10 21:00 3026 ----a-w c:\program files\mpc3.reg
2009-03-03 12:12 . 2008-09-10 21:00 18156 ----a-w c:\program files\mpc6.reg
2009-03-03 12:12 . 2008-09-10 21:00 16240 ----a-w c:\program files\mpc5.reg
2009-03-03 12:12 . 2008-09-10 21:00 1292 ----a-w c:\program files\ffdsasetts.reg
2009-03-03 00:13 . 2005-07-03 01:16 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:10 . 2004-08-05 03:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 13:17 . 2005-03-02 17:07 1846400 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:50 . 2005-03-02 17:07 2059776 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:50 . 2005-03-02 17:08 2182528 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:20 . 2005-04-28 18:32 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2004-10-28 00:24 730112 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-08-05 03:00 685056 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2004-08-05 03:00 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:08 . 2004-08-05 03:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-06 17:39 . 2009-02-06 17:39 308600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 16:54 . 2004-08-05 03:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-03 20:10 . 2004-08-05 03:00 55808 ----a-w c:\windows\system32\secur32.dll
2009-02-01 14:18 . 2009-02-01 14:15 249856 ------w c:\windows\Setup1.exe
2009-02-01 14:18 . 2009-02-01 14:15 73216 ----a-w c:\windows\ST6UNST.EXE
2008-09-10 21:00 . 2008-09-10 20:59 4688 ----a-w c:\program files\satsukidecodersettings.ini
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]aswBoot.exe /M:83c595e7a /A:* /L:English /KBD:2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^Deewoo.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
backup=c:\windows\pss\Deewoo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=c:\windows\pss\DW_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^reminder-Enregistrement du produit ScanSoft.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\reminder-Enregistrement du produit ScanSoft.lnk
backup=c:\windows\pss\reminder-Enregistrement du produit ScanSoft.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Steam\\SteamApps\\tirailleur93\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tirailleur93\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1234:TCP"= 1234:TCP:mon port 1234

R2 gupdate1c9a431286796c0;Google Update Service (gupdate1c9a431286796c0);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-08-05 3584]
R3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 466048]
R3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 13440]
S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2006-05-24 3712]

.
Contenu du dossier 'Tâches planifiées'

2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2009-04-30 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 22:12]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{37c7d563-b933-4d0c-8ebc-6f1031880322} - (no file)
HKCU-Run-pidle - c:\documents and settings\sam\Application Data\pidle\pidle.exe
HKLM-Run-CPM313e2b3d - c:\windows\system32\rurirovi.dll
HKLM-Run-320d18a1 - c:\windows\system32\gigopero.dll
HKLM-Run-rirawapola - c:\windows\system32\wavenimu.dll
Notify-ssqNGXQJ - (no file)
Notify-WgaLogon - (no file)

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.tiscali.fr/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
TCP: {16293524-21E5-474A-966B-AF4CBF48EC4B} = 213.36.80.1 213.36.80.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\sam\Application Data\Mozilla\Firefox\Profiles\sgzs1f5v.default\
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-30 23:39
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,d8,46,1e,e0,fe,
b0,a7,4a,e2,63,26,f1,3f,c8,ff,68,41,cd,5c,92,98,dc,5f,34,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,af,a7,71,d2,c2,
65,d1,95,6a,9c,d6,61,af,45,84,18,97,5c,c7,a9,ac,d8,2e,34,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,19,73,60,19,f5,
be,a0,6e,ff,7c,85,e0,43,d4,0e,fe,77,f2,ed,6c,36,a0,d7,69,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,6a,8a,70,49,3b,
46,d6,e7,86,8c,21,01,be,91,eb,e7,1c,8f,97,a4,81,9a,42,43,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,31,2d,dd,e8,50,
cc,aa,a3,f5,1d,4d,73,a8,13,5c,05,d6,c0,b4,93,a5,7a,98,64,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,80,1a,80,bb,c0,
8c,e0,06,df,20,58,62,78,6b,cf,c8,0a,c5,1f,7a,f2,a5,fa,62,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,71,db,d4,77,b1,
e8,27,e4,fb,a7,78,e6,12,2f,9a,ea,95,82,1c,42,1c,d0,5c,e3,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,7b,87,3d,72,2e,
2c,b8,5d,01,3a,48,fc,e8,04,4a,f1,17,e5,47,b6,86,fa,24,39,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,a7,ba,7a,c1,2e,
ff,cb,0d,f6,0f,4e,58,98,5b,89,c9,f8,a5,8f,df,9d,34,aa,2b,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,89,db,89,84,63,
2a,55,4a,3d,ce,ea,26,2d,45,aa,78,a6,b2,96,6c,c7,eb,e6,2e,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,a4,40,40,39,85,
ba,96,2a,2a,b7,cc,b5,b9,7f,41,e7,4e,99,bf,55,de,9b,55,0d,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,4a,b6,4c,c1,98,
cb,fc,ec,6c,43,2d,1e,aa,22,2f,9c,c1,e7,c1,be,8a,82,ee,b2,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2100)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-04-30 23:40
ComboFix-quarantined-files.txt 2009-04-30 21:40

Avant-CF: 15 477 702 656 octets libres
Après-CF: 15 743 483 904 octets libres

259 --- E O F --- 2009-04-30 08:25

merci.

Réponse 44 / 47

samirou2103

Logfile of random's system information tool 1.06 (written by random/random)
Run by sam at 2009-04-30 23:43:20
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 15 GB (20%) free of 74 GB
Total RAM: 1534 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:43:21, on 30/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\sam\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\sam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.fr/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {37c7d563-b933-4d0c-8ebc-6f1031880322} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CPM313e2b3d] Rundll32.exe "c:\windows\system32\rurirovi.dll",a
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\gigopero.dll",b
O4 - HKLM\..\Run: [rirawapola] Rundll32.exe "C:\WINDOWS\system32\wavenimu.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [pidle] "C:\Documents and Settings\sam\Application Data\pidle\pidle.exe" 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Recherche sur eBay - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://www.touslesdrivers.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} (SimCityX Control) - http://simcity.ea.com/play/classic/SimCityX.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697514} (NsvPlayX Control) - http://www.nullsoft.com/nsv/embed/nsvplayx_vp3_mp3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{16293524-21E5-474A-966B-AF4CBF48EC4B}: NameServer = 213.36.80.1 213.36.80.1
O18 - Protocol: bw+0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {A9A8F02D-41FE-43F6-9323-FF80E5C651F2} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: ssqNGXQJ - C:\WINDOWS\
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - (no file)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Google Update Service (gupdate1c9a431286796c0) (gupdate1c9a431286796c0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVSrvLauncher - Labtec Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 45 / 47

chimay8 Messages postés 7947 Statut Contributeur sécurité 60

Copie le texte ci-dessous :
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssqNGXQJ]
Folder::
C:\Documents and Settings\sam\Application Data\Twain

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

Réponse 46 / 47

samirou2103

bonjour,

ComboFix 09-04-30.02 - sam 01/05/2009 11:41.12 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.1534.992 [GMT 2:00]
Lancé depuis: c:\documents and settings\sam\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\sam\Bureau\CFScript.txt
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated)
* Un nouveau point de restauration a été créé
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\sam\Application Data\Twain

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-04-01 au 2009-05-01 ))))))))))))))))))))))))))))))))))))
.

2009-04-30 21:43 . 2009-04-30 21:43 -------- d-----w C:\rsit
2009-04-29 17:47 . 2009-04-29 17:47 -------- d-----w c:\documents and settings\sam\Application Data\Malwarebytes
2009-04-29 17:47 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-29 17:47 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-29 17:47 . 2009-04-29 17:47 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-29 17:47 . 2009-04-29 17:47 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-28 19:25 . 2009-04-28 19:25 -------- d-----w C:\UsbFix
2009-04-27 17:16 . 2009-04-27 17:16 -------- d-----w C:\ToolBar SD
2009-04-15 16:59 . 2009-02-06 16:39 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 16:59 . 2009-03-06 14:46 286208 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 16:59 . 2009-02-09 10:20 473088 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 16:59 . 2009-02-09 10:08 111104 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 16:59 . 2009-02-09 10:20 685056 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 16:59 . 2009-02-09 10:20 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 16:59 . 2009-02-09 10:20 739840 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 16:58 . 2008-12-16 12:49 351232 ------w c:\windows\system32\dllcache\winhttp.dll
2009-04-15 16:58 . 2008-04-21 21:27 219136 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 04:23 . 2009-04-13 04:23 -------- d-sh--w C:\FOUND.073
2009-04-13 03:53 . 2009-04-13 03:53 -------- d-sh--w C:\FOUND.072
2009-04-07 08:00 . 2009-04-07 08:00 -------- d-sh--w C:\FOUND.071

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-22 10:27 . 2005-01-23 10:37 78148 ----a-w c:\windows\system32\perfc00C.dat
2009-04-22 10:27 . 2005-01-23 10:37 476284 ----a-w c:\windows\system32\perfh00C.dat
2009-03-24 19:20 . 2006-06-25 15:49 51800 ----a-w c:\documents and settings\sam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-24 19:12 . 2009-03-24 19:12 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-24 19:11 . 2009-03-24 19:11 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-03-24 19:09 . 2009-03-24 19:09 -------- d-----w c:\program files\Microsoft
2009-03-24 19:09 . 2009-03-24 19:09 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-24 19:02 . 2009-03-24 19:02 -------- d-----w c:\program files\Fichiers communs\Windows Live
2009-03-20 08:39 . 2009-03-20 08:39 -------- d-----w c:\program files\Mumble
2009-03-06 14:46 . 2004-08-05 03:00 286208 ----a-w c:\windows\system32\pdh.dll
2009-03-03 12:12 . 2008-09-10 21:00 3476 ----a-w c:\program files\mpc7.reg
2009-03-03 12:12 . 2008-09-10 21:00 680 ----a-w c:\program files\mpc2.reg
2009-03-03 12:12 . 2008-09-10 21:00 558 ----a-w c:\program files\mpc1.reg
2009-03-03 12:12 . 2008-09-10 21:00 3554 ----a-w c:\program files\ffdssetts.reg
2009-03-03 12:12 . 2008-09-10 21:00 31570 ----a-w c:\program files\ffdsvsetts.reg
2009-03-03 12:12 . 2008-09-10 21:00 3026 ----a-w c:\program files\mpc3.reg
2009-03-03 12:12 . 2008-09-10 21:00 18156 ----a-w c:\program files\mpc6.reg
2009-03-03 12:12 . 2008-09-10 21:00 16240 ----a-w c:\program files\mpc5.reg
2009-03-03 12:12 . 2008-09-10 21:00 1292 ----a-w c:\program files\ffdsasetts.reg
2009-03-03 00:13 . 2005-07-03 01:16 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:10 . 2004-08-05 03:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 13:17 . 2005-03-02 17:07 1846400 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:50 . 2005-03-02 17:07 2059776 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-09 11:50 . 2005-03-02 17:08 2182528 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-09 10:20 . 2005-04-28 18:32 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2004-10-28 00:24 730112 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-08-05 03:00 685056 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:20 . 2004-08-05 03:00 739840 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:08 . 2004-08-05 03:00 111104 ----a-w c:\windows\system32\services.exe
2009-02-06 17:39 . 2009-02-06 17:39 308600 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 16:54 . 2004-08-05 03:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-03 20:10 . 2004-08-05 03:00 55808 ----a-w c:\windows\system32\secur32.dll
2009-02-01 14:18 . 2009-02-01 14:15 249856 ------w c:\windows\Setup1.exe
2009-02-01 14:18 . 2009-02-01 14:15 73216 ----a-w c:\windows\ST6UNST.EXE
2008-09-10 21:00 . 2008-09-10 20:59 4688 ----a-w c:\program files\satsukidecodersettings.ini
.

((((((((((((((((((((((((((((( SnapShot@2009-04-30_21.39.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-01 09:01 . 2009-05-01 09:01 16384 c:\windows\temp\Perflib_Perfdata_8c.dat
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"pidle"="c:\documents and settings\sam\Application Data\pidle\pidle.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"CPM313e2b3d"="c:\windows\system32\rurirovi.dll" [BU]
"320d18a1"="c:\windows\system32\gigopero.dll" [BU]
"rirawapola"="c:\windows\system32\wavenimu.dll" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\[u]0[/u]aswBoot.exe /M:83c595e7a /A:* /L:English /KBD:2

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^DSLMON.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
backup=c:\windows\pss\DSLMON.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^Adobe Gamma.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^Deewoo.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\Deewoo.lnk
backup=c:\windows\pss\Deewoo.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^DW_Start.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\DW_Start.lnk
backup=c:\windows\pss\DW_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^sam^Menu Démarrer^Programmes^Démarrage^reminder-Enregistrement du produit ScanSoft.lnk]
path=c:\documents and settings\sam\Menu Démarrer\Programmes\Démarrage\reminder-Enregistrement du produit ScanSoft.lnk
backup=c:\windows\pss\reminder-Enregistrement du produit ScanSoft.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Steam\\SteamApps\\tirailleur93\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tirailleur93\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\System32\\dpvsetup.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\MSNMSGR.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1234:TCP"= 1234:TCP:mon port 1234

R2 gupdate1c9a431286796c0;Google Update Service (gupdate1c9a431286796c0);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 133104]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2004-08-05 3584]
R3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\DRIVERS\Ltn_stk7070P.sys [2007-06-14 466048]
R3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\DRIVERS\Ltn_stkrc.sys [2007-06-13 13440]
S2 LBeepKE;LBeepKE;c:\windows\system32\Drivers\LBeepKE.sys [2006-05-24 3712]

.
Contenu du dossier 'Tâches planifiées'

2009-04-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 15:57]

2009-05-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-13 22:12]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{37c7d563-b933-4d0c-8ebc-6f1031880322} - (no file)

.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://home.sweetim.com
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://www.tiscali.fr/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Recherche sur eBay - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
TCP: {16293524-21E5-474A-966B-AF4CBF48EC4B} = 213.36.80.1 213.36.80.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\sam\Application Data\Mozilla\Firefox\Profiles\sgzs1f5v.default\
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- PARAMETRES FIREFOX ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-01 11:42
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,d8,46,1e,e0,fe,
b0,a7,4a,e2,63,26,f1,3f,c8,ff,68,41,cd,5c,92,98,dc,5f,34,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,af,a7,71,d2,c2,
65,d1,95,6a,9c,d6,61,af,45,84,18,97,5c,c7,a9,ac,d8,2e,34,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,19,73,60,19,f5,
be,a0,6e,ff,7c,85,e0,43,d4,0e,fe,77,f2,ed,6c,36,a0,d7,69,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,6a,8a,70,49,3b,
46,d6,e7,86,8c,21,01,be,91,eb,e7,1c,8f,97,a4,81,9a,42,43,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,31,2d,dd,e8,50,
cc,aa,a3,f5,1d,4d,73,a8,13,5c,05,d6,c0,b4,93,a5,7a,98,64,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,80,1a,80,bb,c0,
8c,e0,06,df,20,58,62,78,6b,cf,c8,0a,c5,1f,7a,f2,a5,fa,62,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,71,db,d4,77,b1,
e8,27,e4,fb,a7,78,e6,12,2f,9a,ea,95,82,1c,42,1c,d0,5c,e3,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:aa,52,c6,00,84,3c,26,64,7b,87,3d,72,2e,
2c,b8,5d,01,3a,48,fc,e8,04,4a,f1,17,e5,47,b6,86,fa,24,39,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,a7,ba,7a,c1,2e,
ff,cb,0d,f6,0f,4e,58,98,5b,89,c9,f8,a5,8f,df,9d,34,aa,2b,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,89,db,89,84,63,
2a,55,4a,3d,ce,ea,26,2d,45,aa,78,a6,b2,96,6c,c7,eb,e6,2e,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,a4,40,40,39,85,
ba,96,2a,2a,b7,cc,b5,b9,7f,41,e7,4e,99,bf,55,de,9b,55,0d,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,4a,b6,4c,c1,98,
cb,fc,ec,6c,43,2d,1e,aa,22,2f,9c,c1,e7,c1,be,8a,82,ee,b2,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(1296)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Heure de fin: 2009-05-01 11:43
ComboFix-quarantined-files.txt 2009-05-01 09:43
ComboFix2.txt 2009-04-30 21:40

Avant-CF: 15 536 947 200 octets libres
Après-CF: 15 650 390 016 octets libres

269 --- E O F --- 2009-04-30 08:25

Réponse 47 / 47

chimay8 Messages postés 7947 Statut Contributeur sécurité 60

ok,

Télécharges : - CCleaner (n'installe pas la barre d'outil Yahoo)
https://www.pcastuces.com/logitheque/ccleaner.htm
Ce logiciel va permettre de supprimer tous les fichiers temporaires et de corrigé ton registre .Lors de l'installation, avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires" sauf les 2 première.
Une fois le prg instalé et lancé, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures"( Par la suite, laisse-le avec ses réglages par défaut. C'est tout ).

Un tuto ( aide ):
http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

---> Utilisation:
! déconnectes toi et fermes toutes les applications en cours !
* vas dans "nettoyeur" : fait analyse puis nettoyage
* vas dans "registre" : fait chercher les erreurs et réparer ( plusieurs fois jusqu'à ce qu'il n'y ai plus d'erreur ) .

( CCleaner : soft à garder sur son PC , super utile pour de bons nettoyages ... )

Discussions similaires

des spywares et Trojans envahissent mon pc

Spywares tenaces!!

47 réponses

Votre réponse

Discussions similaires

Newsletters