trojan Résolu/Fermé

Question

Bonjour,
je suis infecté par des trojan, je n'arrive pas a les suprimer
quelqu'un peu m'aider svp?

Utilisateur anonyme · Answer

bonsoir,
poste le rapport de ton antivirus ou l'outil qui a détecté le virus ici s'il te plait

bleurk · Answer

voici le rapport de spybot --- Search result list --- Win32.TDSS.reg: [SBI $2867D4A5] Réglages (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules\msqpdxserv Win32.TDSS.reg: [SBI $EDA68CC2] Réglages (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules\msqpdxserv Win32.TDSS.reg: [SBI $667311C3] Réglages (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules\msqpdxl Win32.TDSS.reg: [SBI $99E026E5] Réglages (Modification du registre, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules\msqpdxl DoubleClick: Cookie traceur (Firefox: johnny (default)) (Cookie, nothing done) Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, nothing done) Statcounter: Cookie traceur (Firefox: johnny (default)) (Cookie, nothing done) Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, nothing done) Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, nothing done) Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, nothing done) BlueStreak: Cookie traceur (Firefox: johnny (default)) (Cookie, nothing done) Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, nothing done) --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2009-01-26 blindman.exe (1.0.0.8) 2008-01-28 SDDelFile.exe (1.0.2.4) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDShred.exe (1.0.2.5) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SDWinSec.exe (1.0.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-03-05 TeaTimer.exe (1.6.6.32) 2009-03-30 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-01-26 advcheck.dll (1.6.2.15) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2008-10-22 Tools.dll (2.1.6.8) 2009-01-16 UninsSrv.dll (1.0.0.0) 2009-05-19 Includes\Adware.sbi (*) 2009-06-02 Includes\AdwareC.sbi (*) 2009-01-22 Includes\Cookies.sbi (*) 2009-05-19 Includes\Dialer.sbi (*) 2009-06-02 Includes\DialerC.sbi (*) 2009-01-22 Includes\HeavyDuty.sbi (*) 2009-05-26 Includes\Hijackers.sbi (*) 2009-06-23 Includes\HijackersC.sbi (*) 2009-06-23 Includes\Keyloggers.sbi (*) 2009-06-30 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2009-06-30 Includes\Malware.sbi (*) 2009-06-30 Includes\MalwareC.sbi (*) 2009-03-25 Includes\PUPS.sbi (*) 2009-06-30 Includes\PUPSC.sbi (*) 2009-01-22 Includes\Revision.sbi (*) 2009-01-13 Includes\Security.sbi (*) 2009-06-02 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2009-04-07 Includes\Spyware.sbi (*) 2009-06-02 Includes\SpywareC.sbi (*) 2009-06-08 Includes\Tracks.uti 2009-06-17 Includes\Trojans.sbi (*) 2009-06-30 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2008-12-24 Plugins\TCPIPAddress.dll --- System information --- Windows Vista (Build: 6001) Service Pack 1 (6.0.6001) --- Startup entries list --- Located: HK_LM:Run, Adobe Reader Speed Launcher command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe size: 39792 MD5: 392845E8D49B5F0E81AAC4D795000A8C Located: HK_LM:Run, avgnt command: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min file: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe size: 209153 MD5: 29680A793F690EEF4AAA68479D2A6DF8 Located: HK_LM:Run, F-Secure ExploitShield command: "C:\Program Files\F-Secure\ExploitShield\fsesgui.exe" file: C:\Program Files\F-Secure\ExploitShield\fsesgui.exe size: 629376 MD5: C3195D1010CE4EE40219566DC2135268 Located: HK_LM:Run, GrooveMonitor command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe size: 31072 MD5: 644795F6985C740F5E36E9336B837D0B Located: HK_LM:Run, iTunesHelper command: "C:\Program Files\iTunes\iTunesHelper.exe" file: C:\Program Files\iTunes\iTunesHelper.exe size: 292136 MD5: 9D4F3923F8D3A13F2FEADB66C62FE5D0 Located: HK_LM:Run, QuickTime Task command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime file: C:\Program Files\QuickTime\QTTask.exe size: 413696 MD5: FABAD2BFD44661D8CC627E5485BFAFAF Located: HK_LM:RunOnce, Launcher command: %WINDIR%\SMINST\launcher.exe file: C:\Windows\SMINST\launcher.exe size: 44168 MD5: 31539595F006DAE39F719735F30C3570 Located: HK_CU:Run, ehTray.exe where: S-1-5-21-3603102019-2234686749-2930555637-1000... command: C:\Windows\ehome\ehTray.exe file: C:\Windows\ehome\ehTray.exe size: 125952 MD5: BF08674925F151BD4537B89A493E3E0C Located: HK_CU:Run, ISUSPM Startup where: S-1-5-21-3603102019-2234686749-2930555637-1000... command: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup file: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe size: 249856 MD5: 1C46FC1AB600766B8554580204806E84 Located: HK_CU:Run, LDM where: S-1-5-21-3603102019-2234686749-2930555637-1000... command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe size: 36864 MD5: 75A8679F5D996D286FC8649E74394B79 Located: HK_CU:Run, msnlivesearch where: S-1-5-21-3603102019-2234686749-2930555637-1000... command: C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run file: C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe size: 49152 MD5: BEB9FB770075D484ACFB2645EB788527 Located: HK_CU:Run, Sidebar where: S-1-5-21-3603102019-2234686749-2930555637-1000... command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun file: C:\Program Files\Windows Sidebar\sidebar.exe size: 1233920 MD5: FD278E51A7D6F52D22FCE6C67E037AD6 Located: HK_CU:Run, SpybotSD TeaTimer where: S-1-5-21-3603102019-2234686749-2930555637-1000... command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe size: 2260480 MD5: 390679F7A217A5E73D756276C40AE887 Located: HK_CU:Run, swg where: S-1-5-21-3603102019-2234686749-2930555637-1000... command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe size: 39408 MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD Located: Démarrage (tous utilisateurs), Logitech Desktop Messenger.lnk where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup... command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe size: 196608 MD5: 6F2E5108667BF1149D884E3CBEB9CDD1 Located: Démarrage (tous utilisateurs), PDFCreator.lnk where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup... command: C:\Program Files\PDFCreator\PDFCreator.exe file: C:\Program Files\PDFCreator\PDFCreator.exe size: 2641920 MD5: 4DB47E14FF62720ADA91BE1E40226ACF Located: Démarrage (utilisateur), Adobe Gamma.lnk where: C:\Users\johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup... command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe size: 113664 MD5: C2FF17734176CD15221C10044EF0BA1A --- Browser helper object list --- {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} (Download Manager Browser Helper Object) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Download Manager Browser Helper Object Path: C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\ Long name: XEBDLHelper.dll Short name: XEBDLH~1.DLL Date (created): 21/05/2007 11:34:48 Date (last access): 15/10/2007 13:54:34 Date (last write): 21/05/2007 11:34:48 Filesize: 525792 Attributes: archive MD5: FD850334FE0EAC8B286235996E533B10 CRC32: E6717AAB Version: 1.0.0.14 {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: SWEETIE CLSID name: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: WormRadar.com IESiteBlocker.NavFilter CLSID name: {5C255C8A-E604-49b4-9D64-90988571CECB} () location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoRezoBHO) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: EoRezoBHO CLSID name: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Groove GFS Browser Helper Path: C:\Program Files\Microsoft Office\Office12\ Long name: GrooveShellExtensions.dll Short name: GRA8E1~1.DLL Date (created): 12/02/2009 15:19:32 Date (last access): 01/05/2009 10:21:28 Date (last write): 12/02/2009 15:19:32 Filesize: 2217848 Attributes: archive MD5: A6B5A41C0ED007AB6C43CAD899E533D8 CRC32: BA078F79 Version: 12.0.6421.1000 {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Programme d'aide de l'Assistant de connexion Windows Live Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\ Long name: WindowsLiveLogin.dll Short name: WINDOW~1.DLL Date (created): 22/01/2009 16:41:30 Date (last access): 18/02/2009 16:20:22 Date (last write): 22/01/2009 16:41:30 Filesize: 408448 Attributes: archive MD5: B7899C3E21B299D7A3C0DA96CAE340BD CRC32: 288935F8 Version: 5.0.818.5 {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Google Toolbar Helper description: Google toolbar classification: Open for discussion known filename: googletoolbar.dll
googletoolbar*.dll
(* = number)
googletoolbar_en_*.**-big.dll
Googletoolbar_en_*.*.**-deleon.dll info link: http://www.google.com/intl/fr/toolbar/ie/index.html info source: TonyKlein Path: C:\Program Files\Google\Google Toolbar\ Long name: GoogleToolbar.dll Short name: GOOGLE~1.DLL Date (created): 14/01/2009 14:31:22 Date (last access): 14/01/2009 14:31:22 Date (last write): 14/01/2009 14:30:30 Filesize: 251504 Attributes: archive MD5: 105EBC389FEB20A5A6DE47316001B7F1 CRC32: 3760EC78 {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Google Toolbar Notifier BHO Path: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\ Long name: swg.dll Short name: Date (created): 07/04/2009 19:22:08 Date (last access): 07/04/2009 19:22:08 Date (last write): 07/04/2009 19:22:08 Filesize: 668656 Attributes: archive MD5: D1585B06DED161E13B905DC4FFBF7F12 CRC32: 88D5BAA5 Version: 5.1.1309.3572 {C7B76B90-3455-4AE6-A752-EAC4D19689E5} (EoBHO) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: EoBHO CLSID name: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (Google Dictionary Compression sdch) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: Google Dictionary Compression sdch CLSID name: Google Dictionary Compression sdch Path: C:\Program Files\Google\Google Toolbar\Component\ Long name: fastsearch_219B3E1547538286.dll Short name: FASTSE~1.DLL Date (created): 14/01/2009 14:30:26 Date (last access): 14/01/2009 14:30:26 Date (last write): 14/01/2009 14:30:26 Filesize: 522224 Attributes: archive MD5: E27153F524C86807079F62550094B073 CRC32: E181FF40 Version: 1.0.610.10250 {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Java(tm) Plug-In 2 SSV Helper Path: C:\Program Files\Java\jre6\bin\ Long name: jp2ssv.dll Short name: Date (created): 26/11/2008 14:02:44 Date (last access): 10/11/2008 04:39:26 Date (last write): 10/11/2008 06:43:16 Filesize: 34816 Attributes: archive MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162 CRC32: D7C13FB2 Version: 6.0.110.3 {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} () location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: --- ActiveX list --- {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) DPF name: CLSID name: MSN Photo Upload Tool Installer: C:\Windows\Downloaded Program Files\MSNPUpld.inf Codebase: http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab description: classification: Legitimate known filename: MsnPUpld.dll info link: info source: Safer Networking Ltd. Path: C:\Windows\Downloaded Program Files\ Long name: MsnPUpld.dll Short name: Date (created): 20/11/2006 11:04:16 Date (last access): 20/11/2006 11:04:16 Date (last write): 20/11/2006 11:04:16 Filesize: 543544 Attributes: archive MD5: A0F541D9D2CACEEC7A4A378CD0C31626 CRC32: 035C591F Version: 10.0.914.0 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () DPF name: CLSID name: Installer: C:\Windows\Downloaded Program Files\erma.inf Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab description: classification: Open for discussion known filename: info link: info source: Safer Networking Ltd. {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_11 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab description: classification: Legitimate known filename: npjpi150_06.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files\Java\jre6\bin\ Long name: npjpi160_11.dll Short name: NPJPI1~1.DLL Date (created): 10/11/2008 04:39:26 Date (last access): 10/11/2072 04:39:26 Date (last write): 10/11/2008 06:43:32 Filesize: 132504 Attributes: archive MD5: D400116F6776ACB6EDB6B1F5EEB9F92D CRC32: CECB5751 Version: 6.0.110.3 --- Process list --- PID: 1840 (1156) C:\Windows\system32\Dwm.exe size: 81920 MD5: 59903071D7ACE6A02093C47E9E38AF97 PID: 1868 (1820) C:\Windows\Explorer.EXE size: 2927104 MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D PID: 1932 (1216) C:\Windows\system32 askeng.exe size: 169472 MD5: 5F109032CE46B7184ED9E50F9FE8489E PID: 2144 (2064) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe size: 186904 MD5: 38440FE1A65B1FE3D246C5C4CAD22F53 PID: 3480 (1868) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe size: 209153 MD5: 29680A793F690EEF4AAA68479D2A6DF8 PID: 3508 (1868) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe size: 31072 MD5: 644795F6985C740F5E36E9336B837D0B PID: 3564 (1868) C:\Program Files\iTunes\iTunesHelper.exe size: 292136 MD5: 9D4F3923F8D3A13F2FEADB66C62FE5D0 PID: 3596 (1868) C:\Program Files\F-Secure\ExploitShield\fsesgui.exe size: 629376 MD5: C3195D1010CE4EE40219566DC2135268 PID: 3624 (1868) C:\Program Files\Windows Sidebar\sidebar.exe size: 1233920 MD5: FD278E51A7D6F52D22FCE6C67E037AD6 PID: 3652 (1868) C:\Windows\ehome\ehtray.exe size: 125952 MD5: BF08674925F151BD4537B89A493E3E0C PID: 3708 (1868) C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe size: 49152 MD5: BEB9FB770075D484ACFB2645EB788527 PID: 3780 (1868) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe size: 39408 MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD PID: 3860 (1868) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe size: 2260480 MD5: 390679F7A217A5E73D756276C40AE887 PID: 3944 (1868) C:\Program Files\PDFCreator\PDFCreator.exe size: 2641920 MD5: 4DB47E14FF62720ADA91BE1E40226ACF PID: 4068 ( 856) C:\Windows\ehome\ehmsas.exe size: 37376 MD5: 0F4195B9B348DE5CF9B822F81704B20E PID: 3940 (3624) C:\Program Files\Windows Sidebar\sidebar.exe size: 1233920 MD5: FD278E51A7D6F52D22FCE6C67E037AD6 PID: 4120 ( 856) C:\Windows\system32\wbem\unsecapp.exe size: 37888 MD5: 25873356E52849C3F5B3F1B02317E8C8 PID: 5192 (2516) C:\Program Files\uTorrent\utorrent.exe size: 288048 MD5: 273E8C52E12B0E67913BBBF5CEF5B07E PID: 4296 (1868) C:\Program Files\Windows Live\Messenger\msnmsgr.exe size: 3885408 MD5: 35B9FA77B73358D9063CD61AA3D83EE8 PID: 1800 ( 856) C:\Program Files\Windows Live\Contacts\wlcomm.exe size: 27512 MD5: 654480EA67078C7B4C6C8BA871B07D5D PID: 1708 (1868) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 5365592 MD5: 0477C2F9171599CA5BC3307FDFBA8D89 PID: 3524 ( 856) C:\Windows\System32\mobsync.exe size: 95744 MD5: 9B89B3BB79EA1ACF041F40A7B6FC5827 PID: 0 ( 0) [System Process] PID: 4 ( 0) System PID: 468 ( 4) smss.exe size: 64000 PID: 588 ( 576) csrss.exe size: 6144 PID: 648 ( 576) wininit.exe size: 96768 PID: 660 ( 640) csrss.exe size: 6144 PID: 696 ( 648) services.exe size: 279040 PID: 712 ( 648) lsass.exe size: 9728 PID: 720 ( 648) lsm.exe size: 229888 PID: 856 ( 696) svchost.exe size: 21504 PID: 920 ( 640) winlogon.exe size: 314880 PID: 980 ( 696) svchost.exe size: 21504 PID: 1020 ( 696) svchost.exe size: 21504 PID: 1120 ( 696) svchost.exe size: 21504 PID: 1156 ( 696) svchost.exe size: 21504 PID: 1216 ( 696) svchost.exe size: 21504 PID: 1292 (1120) audiodg.exe size: 88064 PID: 1316 ( 696) svchost.exe size: 21504 PID: 1340 ( 696) SLsvc.exe size: 2623488 PID: 1392 ( 696) svchost.exe size: 21504 PID: 1596 ( 696) svchost.exe size: 21504 PID: 1984 ( 696) spoolsv.exe size: 125952 PID: 2008 ( 696) sched.exe PID: 2040 ( 696) svchost.exe size: 21504 PID: 640 (1216) taskeng.exe size: 169472 PID: 2028 ( 696) avguard.exe PID: 1908 ( 696) AppleMobileDeviceService.exe PID: 1592 ( 696) mDNSResponder.exe PID: 1624 ( 696) fsessrv.exe PID: 764 ( 696) LSSrvc.exe PID: 1312 ( 696) PIFSvc.exe PID: 2064 ( 696) LVComSer.exe PID: 2104 ( 696) LVPrcSrv.exe PID: 2156 ( 696) NBService.exe PID: 2216 ( 696) AluSchedulerSvc.exe PID: 2244 ( 696) PnkBstrA.exe size: 66872 PID: 2268 ( 696) PnkBstrB.exe size: 107832 PID: 2324 ( 696) svchost.exe size: 21504 PID: 2340 ( 696) svchost.exe size: 21504 PID: 2372 ( 696) svchost.exe size: 21504 PID: 2420 ( 696) SearchIndexer.exe size: 439808 PID: 2528 ( 696) SDWinSec.exe MD5: 794D4B48DFB6E999537C7C3947863463 PID: 2640 (1156) WUDFHost.exe size: 142336 PID: 3736 ( 696) iPodService.exe PID: 2356 ( 696) svchost.exe size: 21504 PID: 4168 ( 856) WmiPrvSE.exe PID: 3280 (4228) conime.exe size: 69120 PID: 2596 ( 696) a2service.exe PID: 4400 (2420) SearchProtocolHost.exe size: 184832 PID: 5704 (2420) SearchFilterHost.exe size: 87552 --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 08/07/2009 19:29:09 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\Windows\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page https://www.google.fr/?gws_rd=ssl HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL https://www.msn.com/fr-fr/?ocid=iehp HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page C:\Windows\System32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page https://www.msn.com/fr-fr/ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL https://www.msn.com/fr-fr/?ocid=iehp HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF --- Winsock Layered Service Provider list --- Namespace Provider 1: Fournisseur Shim d'affectation de noms de messagerie GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE} Filename: Namespace Provider 2: Fournisseur d'espace de noms du nuage PNRP GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D} Filename: Namespace Provider 3: Fournisseur d'espace de noms du nom PNRP GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D} Filename: --- Uninstall list --- --- System Services --- Service (registry key): .NET CLR Data Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): .NET CLR Networking Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): .NET Data Provider for Oracle Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): .NET Data Provider for SqlServer Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): .NETFramework Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): 61883 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote d'unité 61883 Image path: system32\DRIVERS\61883.sys Image size: 45696 Image MD5: 585E64BB6DFBC0A2F1F0B554DED012DF Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): a2free Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: a-squared Free Service Description: Scans the PC for unwanted software and provides protection from malicious code Object name: LocalSystem Image path: "C:\Program Files\a-squared Free\a2service.exe" Image size: 718880 Image MD5: A86B9739EFB314FC13D81A21CC4E5102 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Service (registry key): ACPI Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote ACPI Microsoft Image path: system32\drivers\acpi.sys Image size: 266808 Image MD5: FCB8C7210F0135E24C6580F7F649C73C Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): Adobe LM Service Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Adobe LM Service Description: AdobeLM Service Object name: LocalSystem Image path: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" Image size: 72704 Image MD5: 8B46D5A1D3EF08232C04D0EAFB871FB2 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Service (registry key): adp94xx Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\adp94xx.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): adpahci Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\adpahci.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): adpu160m Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\adpu160m.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): adpu320 Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\adpu320.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): adsi Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): AeLookupSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\aelupsvc.dll,-1 Description: @%SystemRoot%\system32\aelupsvc.dll,-2 Object name: localSystem Image path: %systemroot%\system32\svchost.exe -k netsvcs Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): AFD Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Ancilliary Function Driver for Winsock Description: Ancilliary Function Driver for Winsock Image path: \SystemRoot\system32\drivers\afd.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): agp440 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Intel AGP Bus Filter Image path: \SystemRoot\system32\drivers\agp440.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): aic78xx Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\djsvs.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): ALG Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\Alg.exe,-112 Description: @%SystemRoot%\system32\Alg.exe,-113 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\alg.exe Image size: 59392 Image MD5: A1545B731579895D8CC44FC0481C1192 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Service (registry key): aliide Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\aliide.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 3 Service (registry key): amdagp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: AMD AGP Bus Filter Driver Image path: \SystemRoot\system32\drivers\amdagp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): amdide Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\amdide.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 3 Service (registry key): AmdK7 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: AMD K7 Processor Driver Image path: \SystemRoot\system32\drivers\amdk7.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): AmdK8 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote de processeur AMD K8 Image path: system32\DRIVERS\amdk8.sys Image size: 44032 Image MD5: 93AE7F7DD54AB986A6F1A1B37BE7442D Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): AntiVirSchedulerService Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Avira AntiVir Planificateur Description: Service de commande des tâches de contrôle et mises à jour Avira AntiVir Personal - Free Antivirus. Object name: LocalSystem Image path: "C:\Program Files\Avira\AntiVir Desktop\sched.exe" Image size: 108289 Image MD5: 7C98F7A5BDE8A775B7DB9A1E808266D9 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Service (registry key): AntiVirService Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Avira AntiVir Guard Description: Offre une protection permanente contre les virus et les logiciels malveillants grâce au moteur de recherche AntiVir. Object name: LocalSystem Image path: "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" Image size: 185089 Image MD5: 81E58F368D62EC818F49D1C5CF3854C3 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Service (registry key): Appinfo Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\appinfo.dll,-100 Description: @%systemroot%\system32\appinfo.dll,-101 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,ProfSvc Service (registry key): Apple Mobile Device Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Apple Mobile Device Description: Fournit l’interface pour les appareils mobiles Apple. Object name: LocalSystem Image path: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" Image size: 144712 Image MD5: 7E94E567C1AA5ABE6174032B3DAB6C23 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Depends On services: Tcpip Service (registry key): arc Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\arc.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): arcsas Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\arcsas.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): ASP.NET_1.1.4322 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): AsyncMac Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote de média asynchrone RAS Description: Pilote de média asynchrone RAS Image path: system32\DRIVERS\asyncmac.sys Image size: 17408 Image MD5: 53B202ABEE6455406254444303E87BE1 Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): atapi Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Canal IDE Image path: system32\drivers\atapi.sys Image size: 21560 Image MD5: 2D9C903DC76A66813D350A562DE40ED9 Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): athr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Atheros Extensible Wireless LAN device driver Image path: system32\DRIVERS\athr.sys Image size: 952832 Image MD5: ACDB46B1A467752A2F280C68C8461556 Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): AudioEndpointBuilder Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\audiosrv.dll,-204 Description: @%SystemRoot%\System32\audiosrv.dll,-205 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: PlugPlay Service (registry key): Audiosrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\audiosrv.dll,-200 Description: @%SystemRoot%\System32\audiosrv.dll,-201 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: AudioEndpointBuilder,RpcSs,MMCSS Service (registry key): Avc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Périphérique AVC Image path: system32\DRIVERS\avc.sys Image size: 40448 Image MD5: F4B56425A00BEB32F5FA6603FF7B0EA2 Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): avgio Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: avgio Image path: \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Depends On services: FltMgr Service (registry key): avgntflt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: avgntflt Description: Avira files mini-filter driver Image path: system32\DRIVERS\avgntflt.sys Image size: 55640 Image MD5: 76C10D80E46CB79570479CB7CF205D39 Control Set: CurrentControlSet Start: 2 Type: 2 Error Control: 1 Depends On services: FltMgr Service (registry key): avipbb Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: avipbb Description: Avira's Driver for RootKit Detection Image path: system32\DRIVERS\avipbb.sys Image size: 96104 Image MD5: AD9BD66A862116E79CB45BB6BE46055F Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): BattC Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): BDFsDrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: BDFsDrv Image path: \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Beep Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Beep Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): BFE Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\bfe.dll,-1001 Description: @%SystemRoot%\system32\bfe.dll,-1002 Object name: NT AUTHORITY\LocalService Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): BITS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\qmgr.dll,-1000 Description: @%SystemRoot%\system32\qmgr.dll,-1001 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs,EventSystem Service (registry key): blbdrive Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\blbdrive.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): Bonjour Service Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Service Bonjour Description: Bonjour permet à des applications comme iTunes et Safari d’annoncer et de découvrir des services sur le réseau local. En gardant Bonjour en exécution, vous pouvez vous connecter à des périphériques comme l’Apple TV et à des services logiciels comme le partage iTunes et AirTunes. Si vous désactivez Bonjour, tous les services réseau qui en dépendent de manière explicite ne démarreront pas. Object name: LocalSystem Image path: "C:\Program Files\Bonjour\mDNSResponder.exe" Image size: 238888 Image MD5: 3F56903E124E820AEECE6D471583C6C1 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Depends On services: Tcpip Service (registry key): Boonty Games Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Boonty Games Description: Boonty Games Object name: LocalSystem Image path: "C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 16 Error Control: 1 Service (registry key): bowser Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Bowser Description: Implements the datagram receiver for the computer browser browser service. Image path: system32\DRIVERS\bowser.sys Image size: 69632 Image MD5: 74B442B2BE1260B7588C136177CEAC66 Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 1 Service (registry key): BrFiltLo Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Brother USB Mass-Storage Lower Filter Driver Image path: \SystemRoot\system32\drivers\brfiltlo.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): BrFiltUp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Brother USB Mass-Storage Upper Filter Driver Image path: \SystemRoot\system32\drivers\brfiltup.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Browser Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\browser.dll,-100 Description: @%systemroot%\system32\browser.dll,-101 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation,LanmanServer Service (registry key): Brserid Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Brother MFC Serial Port Interface Driver (WDM) Image path: \SystemRoot\system32\drivers\brserid.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): BrSerWdm Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Brother WDM Serial driver Image path: \SystemRoot\system32\drivers\brserwdm.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): BrUsbMdm Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Brother MFC USB Fax Only Modem Image path: \SystemRoot\system32\drivers\brusbmdm.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): BrUsbSer Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Brother MFC USB Serial WDM Driver Image path: \SystemRoot\system32\drivers\brusbser.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): BTHMODEM Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Bluetooth Serial Communications Driver Image path: \SystemRoot\system32\drivers\bthmodem.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): cdfs Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: CD/DVD File System Reader Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces) Image path: system32\DRIVERS\cdfs.sys Image size: 70144 Image MD5: 7ADD03E75BEB9E6DD102C3081D29840A Control Set: CurrentControlSet Start: 4 Type: 2 Error Control: 1 Depends On group: "SCSI CDROM Class" Service (registry key): cdrom Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote de CD-ROM Image path: system32\DRIVERS\cdrom.sys Image size: 67072 Image MD5: 1EC25CEA0DE6AC4718BF89F9E1778B57 Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): CertPropSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\certprop.dll,-11 Description: @%SystemRoot%\System32\certprop.dll,-12 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): circlass Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Consumer IR Devices Image path: \SystemRoot\system32\drivers\circlass.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): CLFS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Common Log (CLFS) Description: Common Log (CLFS) Image path: System32\CLFS.sys Image size: 247352 Image MD5: 465745561C832B29F7C48B488AAB3842 Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): clr_optimization_v2.0.50727_32 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft .NET Framework NGEN v2.0.50727_X86 Description: Microsoft .NET Framework NGEN Object name: LocalSystem Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe Image size: 69632 Image MD5: D87ACAED61E417BBA546CED5E7E36D9C Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 0 Service (registry key): cmdide Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\cmdide.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 3 Service (registry key): Compbatt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Composite Battery Driver Image path: \SystemRoot\system32\drivers\compbatt.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 3 Service (registry key): COMSysApp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @comres.dll,-947 Description: @comres.dll,-948 Object name: LocalSystem Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Image size: 7168 Image MD5: BE01E566D1F569AAB32D0335613E1EEA Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: RpcSs,EventSystem,SENS Service (registry key): crcdisk Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Crcdisk Filter Driver Image path: system32\drivers\crcdisk.sys Image size: 22632 Image MD5: 2A213AE086BBEC5E937553C7D9A2B22C Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): Crusoe Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Transmeta Crusoe Processor Driver Image path: \SystemRoot\system32\drivers\crusoe.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): crypt32 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): CryptSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001 Description: @%SystemRoot%\system32\cryptsvc.dll,-1002 Object name: NT Authority\NetworkService Image path: %SystemRoot%\system32\svchost.exe -k NetworkService Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): DCLocator Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): DcomLaunch Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @oleres.dll,-5012 Description: @oleres.dll,-5013 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): DfsC Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\drivers\dfsc.sys,-101 Description: @%systemroot%\system32\drivers\dfsc.sys,-102 Image path: System32\Drivers\dfsc.sys Image size: 75264 Image MD5: 9E635AE5E8AD93E2B5989E2E23679F97 Control Set: CurrentControlSet Start: 1 Type: 2 Error Control: 1 Depends On services: Mup Service (registry key): DFSR Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @dfsrres.dll,-101 Description: @dfsrres.dll,-102 Object name: LocalSystem Image path: %SystemRoot%\system32\DFSR.exe Image size: 2091520 Image MD5: FA3463F25F9CC9C3BCF1E7912FEFF099 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: RpcSs,EventSystem Service (registry key): Dhcp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\dhcpcsvc.dll,-100 Description: @%SystemRoot%\system32\dhcpcsvc.dll,-101 Object name: NT Authority\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: NSI,Tdx,Afd Service (registry key): disk Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote de disque Image path: system32\drivers\disk.sys Image size: 55352 Image MD5: 64109E623ABD6955C8FB110B592E68B7 Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): Dnscache Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\dnsapi.dll,-101 Description: @%SystemRoot%\System32\dnsapi.dll,-102 Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\system32\svchost.exe -k NetworkService Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: Tdx Service (registry key): dot3svc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\dot3svc.dll,-1102 Description: @%systemroot%\system32\dot3svc.dll,-1103 Object name: localSystem Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,Ndisuio,Eaphost Service (registry key): DPS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\dps.dll,-500 Description: @%systemroot%\system32\dps.dll,-501 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): drmkaud Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Filtre de décodeur DRM (Noyau Microsoft) Image path: system32\drivers\drmkaud.sys Image size: 5632 Image MD5: 97FEF831AB90BEE128C9AF390E243F80 Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): DXGKrnl Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: LDDM Graphics Subsystem Description: Controls the underlying video driver stacks to provide fully-featured display capabilities. Image path: \SystemRoot\System32\drivers\dxgkrnl.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): E1G60 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Intel(R) PRO/1000 NDIS 6 Adapter Driver Image path: system32\DRIVERS\E1G60I32.sys Image size: 117760 Image MD5: F88FB26547FD2CE6D0A5AF2985892C48 Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): EapHost Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\eapsvc.dll,-1 Description: @%systemroot%\system32\eapsvc.dll,-2 Object name: localSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS,KeyIso Service (registry key): Ecache Registry

Utilisateur anonyme · Answer

j'ai l'impression que antivir n'est pas à jour
fais une mise à jour et fait lui faire un scan complet mais avant tou configure le de manière suivante :

Configuration de Antivir : 

clic droit sur son icône dans la barre des taches et sélectionner Configurer Antivir. 

cocher la case : Mode Expert. 

=> Cliquer sur Scanner dans le volet de gauche : 

> Dans "Fichiers" sélectionner Tous les fichiers. 

> Dans procédure de recherche, cocher Autoriser l'arrêt, et dans "priorité scanner" sélectionner Elevé. 

> Dans "Autres réglages" cocher toutes les cases. 

NE SURTOUT PAS OUBLIER LA RECHERCHE DES ROOTKIT QUI EST TRES IMPORTANTE ! 

=> Cliquer sur "Recherche" dans le volet de gauche et appliquer les mêmes paramètres que précédemment. 

=> Dérouler "Recherche" en cliquant sur le +. Cliquer sur "Heuristique" : 

> Cocher "Heuristique de MacroVirus" et "Heuristique fichier Win32" avec degré d'indentification ELEVE ! 

=> Dans le volet de gauche, dérouler "Guard" puis dérouler "Recherche" : 

> Cocher "Heuristique de MacroVirus" et "Heuristique fichier Win32" avec degré d'identification ELEVE !

n'oublie pas de poster son rapport

bleurk · Answer

ok merci je lance le scan

bleurk · Answer

Avira AntiVir Personal Date de création du fichier de rapport : mercredi 8 juillet 2009 20:16 La recherche porte sur 1475195 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows Vista Version de Windows : (Service Pack 1) [6.0.6001] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : PC-DE-JOHNNY Informations de version : BUILD.DAT : 9.0.0.65 17959 Bytes 22/04/2009 12:06:00 AVSCAN.EXE : 9.0.3.6 466689 Bytes 21/04/2009 12:20:54 AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 09:04:39 ANTIVIR2.VDF : 7.1.4.173 306688 Bytes 02/07/2009 18:28:44 ANTIVIR3.VDF : 7.1.4.197 430592 Bytes 07/07/2009 18:28:32 Version du moteur : 8.2.0.204 AEVDF.DLL : 8.1.1.1 106868 Bytes 01/05/2009 06:40:48 AESCRIPT.DLL : 8.1.2.13 426362 Bytes 02/07/2009 18:29:24 AESCN.DLL : 8.1.2.3 127347 Bytes 15/05/2009 17:50:23 AERDL.DLL : 8.1.2.2 438642 Bytes 02/07/2009 18:29:17 AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 18:38:12 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 17/06/2009 18:35:46 AEHEUR.DLL : 8.1.0.137 1823095 Bytes 27/06/2009 09:01:50 AEHELP.DLL : 8.1.3.6 205174 Bytes 11/06/2009 17:34:17 AEGEN.DLL : 8.1.1.48 348532 Bytes 02/07/2009 18:29:06 AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40 AECORE.DLL : 8.1.6.12 180599 Bytes 27/05/2009 18:38:11 AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30 AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:39:26 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59 RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 17/02/2009 12:49:32 RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05 Configuration pour la recherche actuelle : Nom de la tâche...............................: Contrôle intégral du système Fichier de configuration......................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, D:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: marche Contrôle d'intégrité de fichiers système......: marche Recherche optimisée...........................: marche Fichier mode de recherche.....................: Tous les fichiers Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+SPR, Début de la recherche : mercredi 8 juillet 2009 20:16 Début du contrôle des fichiers système : Signé -> 'C:\Windows\system32\svchost.exe' Signé -> 'C:\Windows\system32\winlogon.exe' Signé -> 'C:\Windows\explorer.exe' Signé -> 'C:\Windows\system32\smss.exe' Signé -> 'C:\Windows\system32\wininet.DLL' Signé -> 'C:\Windows\system32\wsock32.DLL' Signé -> 'C:\Windows\system32\ws2_32.DLL' Signé -> 'C:\Windows\system32\services.exe' Signé -> 'C:\Windows\system32\lsass.exe' Signé -> 'C:\Windows\system32\csrss.exe' Signé -> 'C:\Windows\system32\drivers\kbdclass.sys' Signé -> 'C:\Windows\system32\spoolsv.exe' Signé -> 'C:\Windows\system32\alg.exe' Signé -> 'C:\Windows\system32\wuauclt.exe' Signé -> 'C:\Windows\system32\advapi32.DLL' Signé -> 'C:\Windows\system32\user32.DLL' Signé -> 'C:\Windows\system32\gdi32.DLL' Signé -> 'C:\Windows\system32\kernel32.DLL' Signé -> 'C:\Windows\system32 tdll.DLL' Signé -> 'C:\Windows\system32 toskrnl.exe' Signé -> 'C:\Windows\system32\ctfmon.exe' Les fichiers système ont été contrôlés ('21' fichiers) La recherche d'objets cachés commence. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\msqpdxserv.sys\modules [INFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\msqpdxserv.sys\start [INFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\msqpdxserv.sys ype [INFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\msqpdxserv.sys\imagepath [INFO] L'entrée d'enregistrement n'est pas visible. HKEY_LOCAL_MACHINE\System\ControlSet003\Services\msqpdxserv.sys\group [INFO] L'entrée d'enregistrement n'est pas visible. '101092' objets ont été contrôlés, '5' objets cachés ont été trouvés. La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés Processus de recherche 'notepad.exe' - '1' module(s) sont contrôlés Processus de recherche 'mobsync.exe' - '1' module(s) sont contrôlés Processus de recherche 'wlcomm.exe' - '1' module(s) sont contrôlés Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés Processus de recherche 'a2service.exe' - '1' module(s) sont contrôlés Processus de recherche 'conime.exe' - '1' module(s) sont contrôlés Processus de recherche 'uTorrent.exe' - '1' module(s) sont contrôlés Processus de recherche 'WmiPrvSE.exe' - '1' module(s) sont contrôlés Processus de recherche 'unsecapp.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'sidebar.exe' - '1' module(s) sont contrôlés Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés Processus de recherche 'ehmsas.exe' - '1' module(s) sont contrôlés Processus de recherche 'PDFCreator.exe' - '1' module(s) sont contrôlés Processus de recherche 'TeaTimer.exe' - '1' module(s) sont contrôlés Processus de recherche 'GoogleToolbarNotifier.exe' - '1' module(s) sont contrôlés Processus de recherche 'msgrsrch.exe' - '1' module(s) sont contrôlés Processus de recherche 'ehtray.exe' - '1' module(s) sont contrôlés Processus de recherche 'sidebar.exe' - '1' module(s) sont contrôlés Processus de recherche 'fsesgui.exe' - '1' module(s) sont contrôlés Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés Processus de recherche 'GrooveMonitor.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'WUDFHost.exe' - '1' module(s) sont contrôlés Processus de recherche 'SDWinSec.exe' - '1' module(s) sont contrôlés Processus de recherche 'SearchIndexer.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'PnkBstrB.exe' - '1' module(s) sont contrôlés Processus de recherche 'PnkBstrA.exe' - '1' module(s) sont contrôlés Processus de recherche 'AluSchedulerSvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'NBService.exe' - '1' module(s) sont contrôlés Processus de recherche 'LVComSer.exe' - '1' module(s) sont contrôlés Processus de recherche 'LVPrcSrv.exe' - '1' module(s) sont contrôlés Processus de recherche 'LVComSer.exe' - '1' module(s) sont contrôlés Processus de recherche 'PIFSvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'LSSrvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'fsessrv.exe' - '1' module(s) sont contrôlés Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'dwm.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'SLsvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'audiodg.exe' - '0' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsm.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'wininit.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '71' processus ont été contrôlés avec '71' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [INFO] Aucun virus trouvé ! Secteur d'amorçage maître HD1 [INFO] Aucun virus trouvé ! [INFO] Veuillez relancer la recherche avec les droits d'administrateur La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [INFO] Aucun virus trouvé ! Secteur d'amorçage 'D:\' [INFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '43' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' C:\hiberfil.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\Windows\System32\drivers\sptd.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Recherche débutant dans 'D:\' Fin de la recherche : mercredi 8 juillet 2009 21:25 Temps nécessaire: 1:08:48 Heure(s) La recherche a été effectuée intégralement 25168 Les répertoires ont été contrôlés 498441 Des fichiers ont été contrôlés 0 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 3 Impossible de contrôler des fichiers 498438 Fichiers non infectés 4595 Les archives ont été contrôlées 3 Avertissements 2 Consignes 101092 Des objets ont été contrôlés lors du Rootkitscan 5 Des objets cachés ont été trouvés

Utilisateur anonyme · Answer

Télécharge Ccleaner sur ton Bureau, il y a 5 objets cachés dans ton registre : 

https://forums.cnetfrance.fr/tutoriels-logiciels-et-applis/7669-ccleaner-telecharger-et-utiliser

* Clique sur "download the latest version" 
* Installe-le en laissant seulement les options suivantes cochées : 

- Ajouter un raccourci sur le Bureau 
- Contrôler automatiquement les mises à jour de CCleaner 

* Lance le Nettoyage 
* Clique sur Chercher des erreurs et sauvegarde si tu le souhaites. 

tuto Comment utiliser CCleaner. 

http://www.infos-du-net.com/forum/272336-7-aide-ccleaner

bleurk · Answer

bonjour, après lancement de Ccleaner, j'ai relancer Spybots, toujours le même problème! voici le rapport --- Search result list --- Win32.TDSS.reg: [SBI $2867D4A5] Réglages (Modification du registre, fixing failed) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules\msqpdxserv Win32.TDSS.reg: [SBI $EDA68CC2] Réglages (Modification du registre, fixing failed) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules\msqpdxserv Win32.TDSS.reg: [SBI $667311C3] Réglages (Modification du registre, fixing failed) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules\msqpdxl Win32.TDSS.reg: [SBI $99E026E5] Réglages (Modification du registre, fixing failed) HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules\msqpdxl --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2009-01-26 blindman.exe (1.0.0.8) 2008-01-28 SDDelFile.exe (1.0.2.4) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDShred.exe (1.0.2.5) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SDWinSec.exe (1.0.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-03-05 TeaTimer.exe (1.6.6.32) 2009-03-30 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-01-26 advcheck.dll (1.6.2.15) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2008-10-22 Tools.dll (2.1.6.8) 2009-01-16 UninsSrv.dll (1.0.0.0) 2009-05-19 Includes\Adware.sbi (*) 2009-06-02 Includes\AdwareC.sbi (*) 2009-01-22 Includes\Cookies.sbi (*) 2009-05-19 Includes\Dialer.sbi (*) 2009-06-02 Includes\DialerC.sbi (*) 2009-01-22 Includes\HeavyDuty.sbi (*) 2009-05-26 Includes\Hijackers.sbi (*) 2009-06-23 Includes\HijackersC.sbi (*) 2009-06-23 Includes\Keyloggers.sbi (*) 2009-06-30 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2009-06-30 Includes\Malware.sbi (*) 2009-06-30 Includes\MalwareC.sbi (*) 2009-03-25 Includes\PUPS.sbi (*) 2009-06-30 Includes\PUPSC.sbi (*) 2009-01-22 Includes\Revision.sbi (*) 2009-01-13 Includes\Security.sbi (*) 2009-06-02 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2009-04-07 Includes\Spyware.sbi (*) 2009-06-02 Includes\SpywareC.sbi (*) 2009-06-08 Includes\Tracks.uti 2009-06-17 Includes\Trojans.sbi (*) 2009-06-30 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2008-12-24 Plugins\TCPIPAddress.dll --- System information --- Windows Vista (Build: 6001) Service Pack 1 (6.0.6001) --- Startup entries list --- Located: HK_LM:Run, Adobe Reader Speed Launcher command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe size: 39792 MD5: 392845E8D49B5F0E81AAC4D795000A8C Located: HK_LM:Run, avgnt command: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min file: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe size: 209153 MD5: 29680A793F690EEF4AAA68479D2A6DF8 Located: HK_LM:Run, F-Secure ExploitShield command: "C:\Program Files\F-Secure\ExploitShield\fsesgui.exe" file: C:\Program Files\F-Secure\ExploitShield\fsesgui.exe size: 629376 MD5: C3195D1010CE4EE40219566DC2135268 Located: HK_LM:Run, GrooveMonitor command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe size: 31072 MD5: 644795F6985C740F5E36E9336B837D0B Located: HK_LM:Run, iTunesHelper command: "C:\Program Files\iTunes\iTunesHelper.exe" file: C:\Program Files\iTunes\iTunesHelper.exe size: 292136 MD5: 9D4F3923F8D3A13F2FEADB66C62FE5D0 Located: HK_LM:Run, QuickTime Task command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime file: C:\Program Files\QuickTime\QTTask.exe size: 413696 MD5: FABAD2BFD44661D8CC627E5485BFAFAF Located: HK_LM:RunOnce, Launcher command: %WINDIR%\SMINST\launcher.exe file: C:\Windows\SMINST\launcher.exe size: 44168 MD5: 31539595F006DAE39F719735F30C3570 Located: HK_CU:Run, ehTray.exe where: S-1-5-21-3603102019-2234686749-2930555637-1000... command: C:\Windows\ehome\ehTray.exe file: C:\Windows\ehome\ehTray.exe size: 125952 MD5: BF08674925F151BD4537B89A493E3E0C Located: HK_CU:Run, ISUSPM Startup where: S-1-5-21-3603102019-2234686749-2930555637-1000... command: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup file: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe size: 249856 MD5: 1C46FC1AB600766B8554580204806E84 Located: HK_CU:Run, LDM where: S-1-5-21-3603102019-2234686749-2930555637-1000... command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe size: 36864 MD5: 75A8679F5D996D286FC8649E74394B79 Located: HK_CU:Run, msnlivesearch where: S-1-5-21-3603102019-2234686749-2930555637-1000... command: C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run file: C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe size: 49152 MD5: BEB9FB770075D484ACFB2645EB788527 Located: HK_CU:Run, Sidebar where: S-1-5-21-3603102019-2234686749-2930555637-1000... command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun file: C:\Program Files\Windows Sidebar\sidebar.exe size: 1233920 MD5: FD278E51A7D6F52D22FCE6C67E037AD6 Located: HK_CU:Run, SpybotSD TeaTimer where: S-1-5-21-3603102019-2234686749-2930555637-1000... command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe size: 2260480 MD5: 390679F7A217A5E73D756276C40AE887 Located: HK_CU:Run, swg where: S-1-5-21-3603102019-2234686749-2930555637-1000... command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe size: 39408 MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD Located: Démarrage (tous utilisateurs), Logitech Desktop Messenger.lnk where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup... command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe size: 196608 MD5: 6F2E5108667BF1149D884E3CBEB9CDD1 Located: Démarrage (tous utilisateurs), PDFCreator.lnk where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup... command: C:\Program Files\PDFCreator\PDFCreator.exe file: C:\Program Files\PDFCreator\PDFCreator.exe size: 2641920 MD5: 4DB47E14FF62720ADA91BE1E40226ACF Located: Démarrage (utilisateur), Adobe Gamma.lnk where: C:\Users\johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup... command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe size: 113664 MD5: C2FF17734176CD15221C10044EF0BA1A --- Browser helper object list --- {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} (Download Manager Browser Helper Object) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Download Manager Browser Helper Object Path: C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\ Long name: XEBDLHelper.dll Short name: XEBDLH~1.DLL Date (created): 21/05/2007 11:34:48 Date (last access): 15/10/2007 13:54:34 Date (last write): 21/05/2007 11:34:48 Filesize: 525792 Attributes: archive MD5: FD850334FE0EAC8B286235996E533B10 CRC32: E6717AAB Version: 1.0.0.14 {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: SWEETIE CLSID name: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: WormRadar.com IESiteBlocker.NavFilter CLSID name: {5C255C8A-E604-49b4-9D64-90988571CECB} () location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: {64F56FC1-1272-44CD-BA6E-39723696E350} (EoRezoBHO) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: EoRezoBHO CLSID name: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Groove GFS Browser Helper Path: C:\Program Files\Microsoft Office\Office12\ Long name: GrooveShellExtensions.dll Short name: GRA8E1~1.DLL Date (created): 12/02/2009 15:19:32 Date (last access): 01/05/2009 10:21:28 Date (last write): 12/02/2009 15:19:32 Filesize: 2217848 Attributes: archive MD5: A6B5A41C0ED007AB6C43CAD899E533D8 CRC32: BA078F79 Version: 12.0.6421.1000 {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Programme d'aide de l'Assistant de connexion Windows Live Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\ Long name: WindowsLiveLogin.dll Short name: WINDOW~1.DLL Date (created): 22/01/2009 16:41:30 Date (last access): 18/02/2009 16:20:22 Date (last write): 22/01/2009 16:41:30 Filesize: 408448 Attributes: archive MD5: B7899C3E21B299D7A3C0DA96CAE340BD CRC32: 288935F8 Version: 5.0.818.5 {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Google Toolbar Helper description: Google toolbar classification: Open for discussion known filename: googletoolbar.dll
googletoolbar*.dll
(* = number)
googletoolbar_en_*.**-big.dll
Googletoolbar_en_*.*.**-deleon.dll info link: http://www.google.com/intl/fr/toolbar/ie/index.html info source: TonyKlein Path: C:\Program Files\Google\Google Toolbar\ Long name: GoogleToolbar.dll Short name: GOOGLE~1.DLL Date (created): 14/01/2009 14:31:22 Date (last access): 14/01/2009 14:31:22 Date (last write): 14/01/2009 14:30:30 Filesize: 251504 Attributes: archive MD5: 105EBC389FEB20A5A6DE47316001B7F1 CRC32: 3760EC78 {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Google Toolbar Notifier BHO Path: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\ Long name: swg.dll Short name: Date (created): 08/07/2009 20:53:46 Date (last access): 08/07/2009 20:53:46 Date (last write): 08/07/2009 20:53:46 Filesize: 669168 Attributes: archive MD5: 7C987CAB519BC858FD4DBB6B40EE4BD2 CRC32: 2CC83660 Version: 5.1.1309.15642 {C7B76B90-3455-4AE6-A752-EAC4D19689E5} (EoBHO) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: EoBHO CLSID name: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (Google Dictionary Compression sdch) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: Google Dictionary Compression sdch CLSID name: Google Dictionary Compression sdch Path: C:\Program Files\Google\Google Toolbar\Component\ Long name: fastsearch_219B3E1547538286.dll Short name: FASTSE~1.DLL Date (created): 14/01/2009 14:30:26 Date (last access): 14/01/2009 14:30:26 Date (last write): 14/01/2009 14:30:26 Filesize: 522224 Attributes: archive MD5: E27153F524C86807079F62550094B073 CRC32: E181FF40 Version: 1.0.610.10250 {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Java(tm) Plug-In 2 SSV Helper Path: C:\Program Files\Java\jre6\bin\ Long name: jp2ssv.dll Short name: Date (created): 26/11/2008 14:02:44 Date (last access): 10/11/2008 04:39:26 Date (last write): 10/11/2008 06:43:16 Filesize: 34816 Attributes: archive MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162 CRC32: D7C13FB2 Version: 6.0.110.3 {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} () location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: --- ActiveX list --- {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) DPF name: CLSID name: MSN Photo Upload Tool Installer: C:\Windows\Downloaded Program Files\MSNPUpld.inf Codebase: http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab description: classification: Legitimate known filename: MsnPUpld.dll info link: info source: Safer Networking Ltd. Path: C:\Windows\Downloaded Program Files\ Long name: MsnPUpld.dll Short name: Date (created): 20/11/2006 11:04:16 Date (last access): 20/11/2006 11:04:16 Date (last write): 20/11/2006 11:04:16 Filesize: 543544 Attributes: archive MD5: A0F541D9D2CACEEC7A4A378CD0C31626 CRC32: 035C591F Version: 10.0.914.0 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () DPF name: CLSID name: Installer: C:\Windows\Downloaded Program Files\erma.inf Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab description: classification: Open for discussion known filename: info link: info source: Safer Networking Ltd. {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_11 Installer: Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab description: classification: Legitimate known filename: npjpi150_06.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files\Java\jre6\bin\ Long name: npjpi160_11.dll Short name: NPJPI1~1.DLL Date (created): 10/11/2008 04:39:26 Date (last access): 10/11/2072 04:39:26 Date (last write): 10/11/2008 06:43:32 Filesize: 132504 Attributes: archive MD5: D400116F6776ACB6EDB6B1F5EEB9F92D CRC32: CECB5751 Version: 6.0.110.3 --- Process list --- PID: 1816 (1176) C:\Windows\system32\Dwm.exe size: 81920 MD5: 59903071D7ACE6A02093C47E9E38AF97 PID: 1840 (1800) C:\Windows\Explorer.EXE size: 2927104 MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D PID: 1980 (1208) C:\Windows\system32 askeng.exe size: 169472 MD5: 5F109032CE46B7184ED9E50F9FE8489E PID: 2160 (2084) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe size: 186904 MD5: 38440FE1A65B1FE3D246C5C4CAD22F53 PID: 3348 (1840) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe size: 209153 MD5: 29680A793F690EEF4AAA68479D2A6DF8 PID: 3456 (1840) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe size: 31072 MD5: 644795F6985C740F5E36E9336B837D0B PID: 3532 (1840) C:\Program Files\iTunes\iTunesHelper.exe size: 292136 MD5: 9D4F3923F8D3A13F2FEADB66C62FE5D0 PID: 3560 (1840) C:\Program Files\F-Secure\ExploitShield\fsesgui.exe size: 629376 MD5: C3195D1010CE4EE40219566DC2135268 PID: 3592 (1840) C:\Program Files\Windows Sidebar\sidebar.exe size: 1233920 MD5: FD278E51A7D6F52D22FCE6C67E037AD6 PID: 3604 (1840) C:\Windows\ehome\ehtray.exe size: 125952 MD5: BF08674925F151BD4537B89A493E3E0C PID: 3652 (1840) C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe size: 49152 MD5: BEB9FB770075D484ACFB2645EB788527 PID: 3764 (1840) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe size: 39408 MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD PID: 3780 ( 856) C:\Windows\ehome\ehmsas.exe size: 37376 MD5: 0F4195B9B348DE5CF9B822F81704B20E PID: 3808 (1840) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe size: 2260480 MD5: 390679F7A217A5E73D756276C40AE887 PID: 3868 (1840) C:\Program Files\PDFCreator\PDFCreator.exe size: 2641920 MD5: 4DB47E14FF62720ADA91BE1E40226ACF PID: 2404 ( 856) C:\Windows\System32\mobsync.exe size: 95744 MD5: 9B89B3BB79EA1ACF041F40A7B6FC5827 PID: 1108 (3592) C:\Program Files\Windows Sidebar\sidebar.exe size: 1233920 MD5: FD278E51A7D6F52D22FCE6C67E037AD6 PID: 2276 ( 856) C:\Windows\system32\wbem\unsecapp.exe size: 37888 MD5: 25873356E52849C3F5B3F1B02317E8C8 PID: 5652 (1840) C:\Program Files\Mozilla Firefox\firefox.exe size: 307704 MD5: 26C3F01DF1B1AA6CFEC22D75F1E072F9 PID: 5500 (1840) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 5365592 MD5: 0477C2F9171599CA5BC3307FDFBA8D89 PID: 2260 ( 856) C:\Windows\system32\DllHost.exe size: 7168 MD5: BE01E566D1F569AAB32D0335613E1EEA PID: 6044 ( 856) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe size: 14456 MD5: B7A2FBBEB343CC841BB2A0E846455769 PID: 0 ( 0) [System Process] PID: 4 ( 0) System PID: 520 ( 4) smss.exe size: 64000 PID: 596 ( 584) csrss.exe size: 6144 PID: 648 ( 584) wininit.exe size: 96768 PID: 660 ( 640) csrss.exe size: 6144 PID: 696 ( 648) services.exe size: 279040 PID: 712 ( 648) lsass.exe size: 9728 PID: 720 ( 648) lsm.exe size: 229888 PID: 856 ( 696) svchost.exe size: 21504 PID: 892 ( 640) winlogon.exe size: 314880 PID: 980 ( 696) svchost.exe size: 21504 PID: 1020 ( 696) svchost.exe size: 21504 PID: 1112 ( 696) svchost.exe size: 21504 PID: 1176 ( 696) svchost.exe size: 21504 PID: 1208 ( 696) svchost.exe size: 21504 PID: 1272 (1112) audiodg.exe size: 88064 PID: 1296 ( 696) svchost.exe size: 21504 PID: 1320 ( 696) SLsvc.exe size: 2623488 PID: 1364 ( 696) svchost.exe size: 21504 PID: 1484 ( 696) svchost.exe size: 21504 PID: 1948 ( 696) spoolsv.exe size: 125952 PID: 1972 ( 696) sched.exe PID: 1992 ( 696) svchost.exe size: 21504 PID: 532 (1208) taskeng.exe size: 169472 PID: 2000 ( 696) a2service.exe PID: 12 ( 696) avguard.exe PID: 1756 ( 696) AppleMobileDeviceService.exe PID: 1748 ( 696) mDNSResponder.exe PID: 1344 ( 696) fsessrv.exe PID: 752 ( 696) LSSrvc.exe PID: 1292 ( 696) PIFSvc.exe PID: 2084 ( 696) LVComSer.exe PID: 2116 ( 696) LVPrcSrv.exe PID: 2140 ( 696) NBService.exe PID: 2204 ( 696) AluSchedulerSvc.exe PID: 2296 ( 696) PnkBstrA.exe size: 66872 PID: 2308 ( 696) PnkBstrB.exe size: 107832 PID: 2324 ( 696) svchost.exe size: 21504 PID: 2340 ( 696) svchost.exe size: 21504 PID: 2392 ( 696) svchost.exe size: 21504 PID: 2424 ( 696) SearchIndexer.exe size: 439808 PID: 2524 ( 696) SDWinSec.exe PID: 2640 (1176) WUDFHost.exe size: 142336 PID: 3304 ( 696) svchost.exe size: 21504 PID: 3100 ( 696) iPodService.exe PID: 2692 ( 856) WmiPrvSE.exe PID: 4336 ( 208) conime.exe size: 69120 PID: 4172 (1208) taskeng.exe size: 169472 PID: 6136 ( 696) VSSVC.exe size: 1054720 PID: 1532 ( 696) svchost.exe size: 21504 PID: 1724 (2424) SearchProtocolHost.exe size: 184832 PID: 2728 (2424) SearchFilterHost.exe size: 87552 --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 09/07/2009 14:57:14 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\Windows\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page https://www.google.fr/?gws_rd=ssl HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL https://www.msn.com/fr-fr/?ocid=iehp HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page C:\Windows\System32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page https://www.msn.com/fr-fr/ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL https://www.msn.com/fr-fr/?ocid=iehp HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF --- Winsock Layered Service Provider list --- Namespace Provider 1: Fournisseur Shim d'affectation de noms de messagerie GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE} Filename: Namespace Provider 2: Fournisseur d'espace de noms du nuage PNRP GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D} Filename: Namespace Provider 3: Fournisseur d'espace de noms du nom PNRP GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D} Filename: --- Uninstall list --- --- System Services --- Service (registry key): .NET CLR Data Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): .NET CLR Networking Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): .NET Data Provider for Oracle Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): .NET Data Provider for SqlServer Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): .NETFramework Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): 61883 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote d'unité 61883 Image path: system32\DRIVERS\61883.sys Image size: 45696 Image MD5: 585E64BB6DFBC0A2F1F0B554DED012DF Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): a2free Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: a-squared Free Service Description: Scans the PC for unwanted software and provides protection from malicious code Object name: LocalSystem Image path: "C:\Program Files\a-squared Free\a2service.exe" Image size: 718880 Image MD5: A86B9739EFB314FC13D81A21CC4E5102 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Service (registry key): ACPI Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote ACPI Microsoft Image path: system32\drivers\acpi.sys Image size: 266808 Image MD5: FCB8C7210F0135E24C6580F7F649C73C Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): Adobe LM Service Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Adobe LM Service Description: AdobeLM Service Object name: LocalSystem Image path: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" Image size: 72704 Image MD5: 8B46D5A1D3EF08232C04D0EAFB871FB2 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Service (registry key): adp94xx Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\adp94xx.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): adpahci Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\adpahci.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): adpu160m Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\adpu160m.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): adpu320 Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\adpu320.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): adsi Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): AeLookupSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\aelupsvc.dll,-1 Description: @%SystemRoot%\system32\aelupsvc.dll,-2 Object name: localSystem Image path: %systemroot%\system32\svchost.exe -k netsvcs Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): AFD Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Ancilliary Function Driver for Winsock Description: Ancilliary Function Driver for Winsock Image path: \SystemRoot\system32\drivers\afd.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): agp440 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Intel AGP Bus Filter Image path: \SystemRoot\system32\drivers\agp440.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): aic78xx Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\djsvs.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): ALG Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\Alg.exe,-112 Description: @%SystemRoot%\system32\Alg.exe,-113 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\alg.exe Image size: 59392 Image MD5: A1545B731579895D8CC44FC0481C1192 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Service (registry key): aliide Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\aliide.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 3 Service (registry key): amdagp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: AMD AGP Bus Filter Driver Image path: \SystemRoot\system32\drivers\amdagp.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): amdide Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\amdide.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 3 Service (registry key): AmdK7 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: AMD K7 Processor Driver Image path: \SystemRoot\system32\drivers\amdk7.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): AmdK8 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote de processeur AMD K8 Image path: system32\DRIVERS\amdk8.sys Image size: 44032 Image MD5: 93AE7F7DD54AB986A6F1A1B37BE7442D Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): AntiVirSchedulerService Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Avira AntiVir Planificateur Description: Service de commande des tâches de contrôle et mises à jour Avira AntiVir Personal - Free Antivirus. Object name: LocalSystem Image path: "C:\Program Files\Avira\AntiVir Desktop\sched.exe" Image size: 108289 Image MD5: 7C98F7A5BDE8A775B7DB9A1E808266D9 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Service (registry key): AntiVirService Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Avira AntiVir Guard Description: Offre une protection permanente contre les virus et les logiciels malveillants grâce au moteur de recherche AntiVir. Object name: LocalSystem Image path: "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" Image size: 185089 Image MD5: 81E58F368D62EC818F49D1C5CF3854C3 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Service (registry key): Appinfo Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\appinfo.dll,-100 Description: @%systemroot%\system32\appinfo.dll,-101 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,ProfSvc Service (registry key): Apple Mobile Device Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Apple Mobile Device Description: Fournit l’interface pour les appareils mobiles Apple. Object name: LocalSystem Image path: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" Image size: 144712 Image MD5: 7E94E567C1AA5ABE6174032B3DAB6C23 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Depends On services: Tcpip Service (registry key): arc Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\arc.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): arcsas Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\arcsas.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): ASP.NET_1.1.4322 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): AsyncMac Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote de média asynchrone RAS Description: Pilote de média asynchrone RAS Image path: system32\DRIVERS\asyncmac.sys Image size: 17408 Image MD5: 53B202ABEE6455406254444303E87BE1 Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): atapi Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Canal IDE Image path: system32\drivers\atapi.sys Image size: 21560 Image MD5: 2D9C903DC76A66813D350A562DE40ED9 Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): athr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Atheros Extensible Wireless LAN device driver Image path: system32\DRIVERS\athr.sys Image size: 952832 Image MD5: ACDB46B1A467752A2F280C68C8461556 Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): AudioEndpointBuilder Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\audiosrv.dll,-204 Description: @%SystemRoot%\System32\audiosrv.dll,-205 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: PlugPlay Service (registry key): Audiosrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\audiosrv.dll,-200 Description: @%SystemRoot%\System32\audiosrv.dll,-201 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: AudioEndpointBuilder,RpcSs,MMCSS Service (registry key): Avc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Périphérique AVC Image path: system32\DRIVERS\avc.sys Image size: 40448 Image MD5: F4B56425A00BEB32F5FA6603FF7B0EA2 Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): avgio Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: avgio Image path: \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Depends On services: FltMgr Service (registry key): avgntflt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: avgntflt Description: Avira files mini-filter driver Image path: system32\DRIVERS\avgntflt.sys Image size: 55640 Image MD5: 76C10D80E46CB79570479CB7CF205D39 Control Set: CurrentControlSet Start: 2 Type: 2 Error Control: 1 Depends On services: FltMgr Service (registry key): avipbb Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: avipbb Description: Avira's Driver for RootKit Detection Image path: system32\DRIVERS\avipbb.sys Image size: 96104 Image MD5: AD9BD66A862116E79CB45BB6BE46055F Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): BattC Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): BDFsDrv Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: BDFsDrv Image path: \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Beep Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Beep Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): BFE Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\bfe.dll,-1001 Description: @%SystemRoot%\system32\bfe.dll,-1002 Object name: NT AUTHORITY\LocalService Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): BITS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\qmgr.dll,-1000 Description: @%SystemRoot%\system32\qmgr.dll,-1001 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs,EventSystem Service (registry key): blbdrive Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\blbdrive.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): Bonjour Service Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Service Bonjour Description: Bonjour permet à des applications comme iTunes et Safari d’annoncer et de découvrir des services sur le réseau local. En gardant Bonjour en exécution, vous pouvez vous connecter à des périphériques comme l’Apple TV et à des services logiciels comme le partage iTunes et AirTunes. Si vous désactivez Bonjour, tous les services réseau qui en dépendent de manière explicite ne démarreront pas. Object name: LocalSystem Image path: "C:\Program Files\Bonjour\mDNSResponder.exe" Image size: 238888 Image MD5: 3F56903E124E820AEECE6D471583C6C1 Control Set: CurrentControlSet Start: 2 Type: 16 Error Control: 1 Depends On services: Tcpip Service (registry key): Boonty Games Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Boonty Games Description: Boonty Games Object name: LocalSystem Image path: "C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe" Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 16 Error Control: 1 Service (registry key): bowser Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Bowser Description: Implements the datagram receiver for the computer browser browser service. Image path: system32\DRIVERS\bowser.sys Image size: 69632 Image MD5: 74B442B2BE1260B7588C136177CEAC66 Control Set: CurrentControlSet Start: 3 Type: 2 Error Control: 1 Service (registry key): BrFiltLo Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Brother USB Mass-Storage Lower Filter Driver Image path: \SystemRoot\system32\drivers\brfiltlo.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): BrFiltUp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Brother USB Mass-Storage Upper Filter Driver Image path: \SystemRoot\system32\drivers\brfiltup.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): Browser Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\browser.dll,-100 Description: @%systemroot%\system32\browser.dll,-101 Object name: LocalSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: LanmanWorkstation,LanmanServer Service (registry key): Brserid Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Brother MFC Serial Port Interface Driver (WDM) Image path: \SystemRoot\system32\drivers\brserid.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): BrSerWdm Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Brother WDM Serial driver Image path: \SystemRoot\system32\drivers\brserwdm.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): BrUsbMdm Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Brother MFC USB Fax Only Modem Image path: \SystemRoot\system32\drivers\brusbmdm.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): BrUsbSer Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Brother MFC USB Serial WDM Driver Image path: \SystemRoot\system32\drivers\brusbser.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): BTHMODEM Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Bluetooth Serial Communications Driver Image path: \SystemRoot\system32\drivers\bthmodem.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): cdfs Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: CD/DVD File System Reader Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces) Image path: system32\DRIVERS\cdfs.sys Image size: 70144 Image MD5: 7ADD03E75BEB9E6DD102C3081D29840A Control Set: CurrentControlSet Start: 4 Type: 2 Error Control: 1 Depends On group: "SCSI CDROM Class" Service (registry key): cdrom Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote de CD-ROM Image path: system32\DRIVERS\cdrom.sys Image size: 67072 Image MD5: 1EC25CEA0DE6AC4718BF89F9E1778B57 Control Set: CurrentControlSet Start: 1 Type: 1 Error Control: 1 Service (registry key): CertPropSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\certprop.dll,-11 Description: @%SystemRoot%\System32\certprop.dll,-12 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k netsvcs Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): circlass Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Consumer IR Devices Image path: \SystemRoot\system32\drivers\circlass.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): CLFS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Common Log (CLFS) Description: Common Log (CLFS) Image path: System32\CLFS.sys Image size: 247352 Image MD5: 465745561C832B29F7C48B488AAB3842 Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): clr_optimization_v2.0.50727_32 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft .NET Framework NGEN v2.0.50727_X86 Description: Microsoft .NET Framework NGEN Object name: LocalSystem Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe Image size: 69632 Image MD5: D87ACAED61E417BBA546CED5E7E36D9C Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 0 Service (registry key): cmdide Registry path: \SYSTEM\CurrentControlSet\Services\ Image path: \SystemRoot\system32\drivers\cmdide.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 3 Service (registry key): Compbatt Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Microsoft Composite Battery Driver Image path: \SystemRoot\system32\drivers\compbatt.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 3 Service (registry key): COMSysApp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @comres.dll,-947 Description: @comres.dll,-948 Object name: LocalSystem Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} Image size: 7168 Image MD5: BE01E566D1F569AAB32D0335613E1EEA Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: RpcSs,EventSystem,SENS Service (registry key): crcdisk Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Crcdisk Filter Driver Image path: system32\drivers\crcdisk.sys Image size: 22632 Image MD5: 2A213AE086BBEC5E937553C7D9A2B22C Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): Crusoe Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Transmeta Crusoe Processor Driver Image path: \SystemRoot\system32\drivers\crusoe.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 4 Type: 1 Error Control: 1 Service (registry key): crypt32 Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): CryptSvc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001 Description: @%SystemRoot%\system32\cryptsvc.dll,-1002 Object name: NT Authority\NetworkService Image path: %SystemRoot%\system32\svchost.exe -k NetworkService Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: RpcSs Service (registry key): DCLocator Registry path: \SYSTEM\CurrentControlSet\Services\ Control Set: CurrentControlSet Start: 0 Type: 0 Error Control: 0 Service (registry key): DcomLaunch Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @oleres.dll,-5012 Description: @oleres.dll,-5013 Object name: LocalSystem Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): DfsC Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\drivers\dfsc.sys,-101 Description: @%systemroot%\system32\drivers\dfsc.sys,-102 Image path: System32\Drivers\dfsc.sys Image size: 75264 Image MD5: 9E635AE5E8AD93E2B5989E2E23679F97 Control Set: CurrentControlSet Start: 1 Type: 2 Error Control: 1 Depends On services: Mup Service (registry key): DFSR Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @dfsrres.dll,-101 Description: @dfsrres.dll,-102 Object name: LocalSystem Image path: %SystemRoot%\system32\DFSR.exe Image size: 2091520 Image MD5: FA3463F25F9CC9C3BCF1E7912FEFF099 Control Set: CurrentControlSet Start: 3 Type: 16 Error Control: 1 Depends On services: RpcSs,EventSystem Service (registry key): Dhcp Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\system32\dhcpcsvc.dll,-100 Description: @%SystemRoot%\system32\dhcpcsvc.dll,-101 Object name: NT Authority\LocalService Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: NSI,Tdx,Afd Service (registry key): disk Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Pilote de disque Image path: system32\drivers\disk.sys Image size: 55352 Image MD5: 64109E623ABD6955C8FB110B592E68B7 Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 1 Service (registry key): Dnscache Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\System32\dnsapi.dll,-101 Description: @%SystemRoot%\System32\dnsapi.dll,-102 Object name: NT AUTHORITY\NetworkService Image path: %SystemRoot%\system32\svchost.exe -k NetworkService Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Depends On services: Tdx Service (registry key): dot3svc Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\dot3svc.dll,-1102 Description: @%systemroot%\system32\dot3svc.dll,-1103 Object name: localSystem Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RpcSs,Ndisuio,Eaphost Service (registry key): DPS Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\dps.dll,-500 Description: @%systemroot%\system32\dps.dll,-501 Object name: NT AUTHORITY\LocalService Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 2 Type: 32 Error Control: 1 Service (registry key): drmkaud Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Filtre de décodeur DRM (Noyau Microsoft) Image path: system32\drivers\drmkaud.sys Image size: 5632 Image MD5: 97FEF831AB90BEE128C9AF390E243F80 Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): DXGKrnl Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: LDDM Graphics Subsystem Description: Controls the underlying video driver stacks to provide fully-featured display capabilities. Image path: \SystemRoot\System32\drivers\dxgkrnl.sys Image size: 0 Image MD5: D41D8CD98F00B204E9800998ECF8427E Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 0 Service (registry key): E1G60 Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: Intel(R) PRO/1000 NDIS 6 Adapter Driver Image path: system32\DRIVERS\E1G60I32.sys Image size: 117760 Image MD5: F88FB26547FD2CE6D0A5AF2985892C48 Control Set: CurrentControlSet Start: 3 Type: 1 Error Control: 1 Service (registry key): EapHost Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%systemroot%\system32\eapsvc.dll,-1 Description: @%systemroot%\system32\eapsvc.dll,-2 Object name: localSystem Image path: %SystemRoot%\System32\svchost.exe -k netsvcs Image size: 21504 Image MD5: 3794B461C45882E06856F282EEF025AF Control Set: CurrentControlSet Start: 3 Type: 32 Error Control: 1 Depends On services: RPCSS,KeyIso Service (registry key): Ecache Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: ReadyBoost Caching Driver Description: ReadyBoost Caching Driver Image path: System32\drivers\ecache.sys Image size: 143416 Image MD5: DD2CD259D83D8B72C02C5F2331FF9D68 Control Set: CurrentControlSet Start: 0 Type: 1 Error Control: 3 Service (registry key): ehRecvr Registry path: \SYSTEM\CurrentControlSet\Services\ Display name: @%SystemRoot%\ehome\ehrecvr.exe,-101 Description: @%SystemRoot%\ehome\ehrecvr.exe,-102 Ob

Utilisateur anonyme · Answer

bonjour, ne cherche pas, tu es infecté par un trojan msqpdxserv.sys qui c'est installé dans le registre.

télécharge GenProc sur ton bureau :
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip 
ou ici :  http://www.genproc.com/GenProc.exe
dézippe le dossier, double-clique sur GenProc.bat 
poste le contenu du rapport qui s'ouvre 

Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

ou télécharge GenProc http://www.genproc.com/GenProc.exe 

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre ensuite tu suit la procédure dans l'ordre .

bleurk · Answer

impossible de le lancer meme 
L'UAC désactiver

bleurk · Answer

il met même impossible de suprimer le dossier genproc de mon bureau!

Utilisateur anonyme · Answer

telecharge le fichier genproc et enregistre le sur ton bureau.
essaie de le relancer

bleurk · Answer

quand je le lance, voila ce qui me dit: accès refusé

Utilisateur anonyme · Answer

tu as ce problème depuis quand? arrives tu a trouvé un point de restauration de système enterieur à la date en question?

bleurk · Answer

je sais pas, je dirai 2 sem.

dit moi ce que tu en pensse de ce rapport s'il te plait

***** THE SYSTEM HAS BEEN RESTARTED *****
10/07/2009 15:48:42: Trojan Remover has been restarted
=======================================================
Removing the following registry keys:
HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys - Ownership taken
HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys - already removed (or did not exist)
=======================================================
10/07/2009 15:48:42: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.9.2584. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 15:46:02 10 juil. 2009
Using Database v7358
Operating System:  Windows Vista Home Premium (SP1) [Build: 6.0.6001]
File System:       NTFS
User Account Control is DISABLED.
UserData directory: C:\Users\johnny\AppData\Roaming\Simply Super Software\Trojan Remover\
Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Users\johnny\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Avira AntiVir

************************************************************


************************************************************
15:46:02: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
15:46:03: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [explorer.exe]
File: explorer.exe
C:\Windows\explorer.exe
2927104 bytes
Created:  10/12/2008 22:54
Modified: 29/10/2008 08:29
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\Windows\system32\userinit.exe,]
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
25088 bytes
Created:  10/05/2008 20:00
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created:  15/10/2008 02:04
Modified: 15/10/2008 02:04
Company:  Adobe Systems Incorporated
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
209153 bytes
Created:  01/05/2009 08:38
Modified: 02/03/2009 13:08
Company:  Avira GmbH
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
31072 bytes
Created:  25/10/2008 11:44
Modified: 25/10/2008 11:44
Company:  Microsoft Corporation
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
C:\Program Files\QuickTime\QTTask.exe
413696 bytes
Created:  26/05/2009 17:18
Modified: 26/05/2009 17:18
Company:  Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
292136 bytes
Created:  05/06/2009 13:39
Modified: 05/06/2009 13:39
Company:  Apple Inc.
--------------------
Value Name: F-Secure ExploitShield
Value Data: "C:\Program Files\F-Secure\ExploitShield\fsesgui.exe"
C:\Program Files\F-Secure\ExploitShield\fsesgui.exe
629376 bytes
Created:  05/07/2009 14:34
Modified: 29/06/2009 12:14
Company:  F-Secure Corporation
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1059720 bytes
Created:  10/07/2009 15:45
Modified: 01/06/2009 17:06
Company:  Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: Launcher
Value Data: %WINDIR%\SMINST\launcher.exe
C:\Windows\SMINST\launcher.exe
44168 bytes
Created:  07/03/2007 11:09
Modified: 07/03/2007 11:09
Company:  soft thinks
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: Sidebar
Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
C:\Program Files\Windows Sidebar\sidebar.exe
1233920 bytes
Created:  10/05/2008 20:02
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
Value Name: ehTray.exe
Value Data: C:\Windows\ehome\ehTray.exe
C:\Windows\ehome\ehTray.exe
125952 bytes
Created:  10/05/2008 20:00
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
Value Name: LDM
Value Data: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
36864 bytes
Created:  10/08/2008 11:50
Modified: 10/08/2008 11:50
Company:  Logitech
--------------------
Value Name: msnlivesearch
Value Data: C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
49152 bytes
Created:  04/10/2008 09:29
Modified: 04/10/2008 09:29
Company:  Microsoft
--------------------
Value Name: ISUSPM Startup
Value Data: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
249856 bytes
Created:  27/10/2007 18:59
Modified: 11/08/2005 15:30
Company:  Macrovision Corporation
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
39408 bytes
Created:  14/01/2009 14:31
Modified: 14/01/2009 14:31
Company:  Google Inc.
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
2260480 bytes
Created:  07/10/2007 13:59
Modified: 05/03/2009 16:07
Company:  Safer-Networking Ltd.
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty

************************************************************
15:46:05: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value:     Groove GFS Stub Execution Hook
File:      C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2217848 bytes
Created:  12/02/2009 15:19
Modified: 12/02/2009 15:19
Company:  Microsoft Corporation
----------

************************************************************
15:46:05: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
15:46:05: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\Windows\GAIA3D~1.SCR
C:\Windows\GAIA3D~1.SCR - [file not found to scan]
--------------------

************************************************************
15:46:05: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
15:46:05: Scanning ----- SERVICEDLL REGISTRY KEYS -----

************************************************************
15:46:05: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       61883
ImagePath: system32\DRIVERS\61883.sys
C:\Windows\system32\DRIVERS\61883.sys
45696 bytes
Created:  10/05/2008 19:59
Modified: 19/01/2008 07:53
Company:  Microsoft Corporation
----------
Key:       a2free
ImagePath: "C:\Program Files\a-squared Free\a2service.exe"
C:\Program Files\a-squared Free\a2service.exe
718880 bytes
Created:  08/07/2009 15:40
Modified: 08/07/2009 15:48
Company:  Emsi Software GmbH
----------
Key:       Adobe LM Service
ImagePath: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
72704 bytes
Created:  23/10/2007 12:21
Modified: 23/10/2007 12:21
Company:  Adobe Systems
----------
Key:       athr
ImagePath: system32\DRIVERS\athr.sys
C:\Windows\system32\DRIVERS\athr.sys
952832 bytes
Created:  29/12/2008 23:57
Modified: 29/12/2008 23:57
Company:  Atheros Communications, Inc.
----------
Key:       Avc
ImagePath: system32\DRIVERS\avc.sys
C:\Windows\system32\DRIVERS\avc.sys
40448 bytes
Created:  10/05/2008 20:00
Modified: 19/01/2008 07:53
Company:  Microsoft Corporation
----------
Key:       BDFsDrv
ImagePath: \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys
C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys - [file not found to scan]
----------
Key:       blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key:       Boonty Games
ImagePath: "C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe"
C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe - [file not found to scan]
----------
Key:       ExploitShield
ImagePath: "C:\Program Files\F-Secure\ExploitShield\fsessrv.exe"
C:\Program Files\F-Secure\ExploitShield\fsessrv.exe
326272 bytes
Created:  05/07/2009 14:34
Modified: 29/06/2009 12:14
Company:  F-Secure Corporation
----------
Key:       IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - [file not found to scan]
----------
Key:       IpInIp
ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key:       kbdhid
ImagePath: \SystemRoot\system32\drivers\kbdhid.sys
C:\Windows\system32\drivers\kbdhid.sys
15872 bytes
Created:  02/11/2006 10:51
Modified: 02/11/2006 10:51
Company:  Microsoft Corporation
----------
Key:       LHidKe
ImagePath: system32\DRIVERS\LHidKE.Sys
C:\Windows\system32\DRIVERS\LHidKE.Sys
27136 bytes
Created:  22/11/2007 12:09
Modified: 19/07/2006 13:29
Company:  Logitech Inc.
----------
Key:       LiveUpdate
ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
2918008 bytes
Created:  27/06/2007 23:24
Modified: 11/01/2007 11:13
Company:  Symantec Corporation
----------
Key:       LiveUpdate Notice Ex
ImagePath: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe - [file not found to scan]
----------
Key:       LiveUpdate Notice Service
ImagePath: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
517768 bytes
Created:  12/03/2007 10:22
Modified: 12/03/2007 10:22
Company:  Symantec Corporation
----------
Key:       LVCOMSer
ImagePath: "C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe"
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
186904 bytes
Created:  26/07/2008 08:23
Modified: 26/07/2008 08:23
Company:  Logitech Inc.
----------
Key:       LVPr2Mon
ImagePath: system32\DRIVERS\LVPr2Mon.sys
C:\Windows\system32\DRIVERS\LVPr2Mon.sys
25624 bytes
Created:  26/07/2008 08:25
Modified: 26/07/2008 08:25
Company:  Logitech Inc.
----------
Key:       LVPrcSrv
ImagePath: "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
150040 bytes
Created:  26/07/2008 08:25
Modified: 26/07/2008 08:25
Company:  Logitech Inc.
----------
Key:       LVRS
ImagePath: system32\DRIVERS\lvrs.sys
C:\Windows\system32\DRIVERS\lvrs.sys
627864 bytes
Created:  23/09/2008 00:53
Modified: 26/07/2008 17:25
Company:  Logitech Inc.
----------
Key:       maxidemo
ImagePath: system32\DRIVERS\maxidemo.sys
C:\Windows\system32\DRIVERS\maxidemo.sys - [file not found to scan]
----------
Key:       MSDV
ImagePath: system32\DRIVERS\msdv.sys
C:\Windows\system32\DRIVERS\msdv.sys
52608 bytes
Created:  10/05/2008 20:00
Modified: 19/01/2008 07:53
Company:  Microsoft Corporation
----------
Key:       msiserver
ImagePath: %systemroot%\system32\msiexec /V
----------
Key:       Nero BackItUp Scheduler 3
ImagePath: C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
836904 bytes
Created:  08/08/2007 09:25
Modified: 08/08/2007 09:25
Company:  Nero AG
----------
Key:       nvstor32
ImagePath: system32\drivers
vstor32.sys
C:\Windows\system32\drivers
vstor32.sys
110624 bytes
Created:  26/10/2007 19:51
Modified: 26/10/2007 19:51
Company:  NVIDIA Corporation
----------
Key:       NwlnkFlt
ImagePath: system32\DRIVERS
wlnkflt.sys - file is missing - alert is globally excluded
----------
Key:       NwlnkFwd
ImagePath: system32\DRIVERS
wlnkfwd.sys - file is missing - alert is globally excluded
----------
Key:       PcdrNdisuio
ImagePath: system32\DRIVERS\pcdrndisuio.sys
C:\Windows\system32\DRIVERS\pcdrndisuio.sys - [file not found to scan]
----------
Key:       pcouffin
ImagePath: System32\Drivers\pcouffin.sys
C:\Windows\System32\Drivers\pcouffin.sys
47360 bytes
Created:  10/10/2007 15:43
Modified: 10/10/2007 15:43
Company:  VSO Software
----------
Key:       pepifilter
ImagePath: system32\DRIVERS\lv302af.sys
C:\Windows\system32\DRIVERS\lv302af.sys
13848 bytes
Created:  23/09/2008 00:53
Modified: 26/07/2008 17:22
Company:  Logitech Inc.
----------
Key:       Planificateur LiveUpdate automatique
ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
554616 bytes
Created:  27/06/2007 23:24
Modified: 11/01/2007 11:13
Company:  Symantec Corporation
----------
Key:       PnkBstrA
ImagePath: C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\PnkBstrA.exe
66872 bytes
Created:  20/12/2007 00:12
Modified: 15/05/2009 10:50
Company:  [no info]
----------
Key:       PnkBstrB
ImagePath: C:\Windows\system32\PnkBstrB.exe
C:\Windows\system32\PnkBstrB.exe
107832 bytes
Created:  20/12/2007 00:12
Modified: 15/05/2009 10:50
Company:  [no info]
----------
Key:       RoxMediaDB9
ImagePath: "c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
887544 bytes
Created:  26/03/2007 13:21
Modified: 26/03/2007 13:21
Company:  Sonic Solutions
----------
Key:       SBSDWSCService
ImagePath: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
1153368 bytes
Created:  07/10/2007 13:59
Modified: 26/01/2009 15:31
Company:  Safer Networking Ltd.
----------
Key:       Serenum
ImagePath: \SystemRoot\system32\drivers\serenum.sys
C:\Windows\system32\drivers\serenum.sys
17920 bytes
Created:  02/11/2006 10:51
Modified: 02/11/2006 10:51
Company:  Microsoft Corporation
----------
Key:       Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\Windows\system32\drivers\serial.sys
83456 bytes
Created:  02/11/2006 10:51
Modified: 02/11/2006 10:51
Company:  Microsoft Corporation
----------
Key:       sfdrv01
ImagePath: System32\drivers\sfdrv01.sys
C:\Windows\System32\drivers\sfdrv01.sys
59256 bytes
Created:  05/07/2006 14:39
Modified: 05/07/2006 14:39
Company:  Protection Technology (StarForce)
----------
Key:       sfhlp02
ImagePath: System32\drivers\sfhlp02.sys
C:\Windows\System32\drivers\sfhlp02.sys
13680 bytes
Created:  14/06/2006 16:56
Modified: 14/06/2006 16:56
Company:  Protection Technology (StarForce)
----------
Key:       sfvfs02
ImagePath: System32\drivers\sfvfs02.sys
C:\Windows\System32\drivers\sfvfs02.sys
83320 bytes
Created:  08/02/2007 19:44
Modified: 08/02/2007 19:44
Company:  Protection Technology (StarForce)
----------
Key:       sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key:       stllssvr
ImagePath: "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
-R- 74656 bytes
Created:  08/03/2007 18:54
Modified: 08/03/2007 18:54
Company:  MicroVision Development, Inc.
----------
Key:       usbbus
ImagePath: system32\DRIVERS\lgusbbus.sys
C:\Windows\system32\DRIVERS\lgusbbus.sys
12416 bytes
Created:  19/04/2009 13:04
Modified: 11/07/2007 10:40
Company:  LG Electronics Inc.
----------
Key:       UsbDiag
ImagePath: system32\DRIVERS\lgusbdiag.sys
C:\Windows\system32\DRIVERS\lgusbdiag.sys
19840 bytes
Created:  19/04/2009 13:04
Modified: 11/07/2007 15:51
Company:  LG Electronics Inc.
----------
Key:       USBModem
ImagePath: system32\DRIVERS\lgusbmodem.sys
C:\Windows\system32\DRIVERS\lgusbmodem.sys
21632 bytes
Created:  19/04/2009 13:04
Modified: 11/07/2007 10:45
Company:  LG Electronics Inc.
----------
Key:       VBoxDrv
ImagePath: system32\DRIVERS\VBoxDrv.sys
C:\Windows\system32\DRIVERS\VBoxDrv.sys
117136 bytes
Created:  05/07/2009 10:48
Modified: 16/06/2009 19:07
Company:  Sun Microsystems, Inc.
----------
Key:       VBoxNetAdp
ImagePath: system32\DRIVERS\VBoxNetAdp.sys
C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
91280 bytes
Created:  16/06/2009 19:07
Modified: 16/06/2009 19:07
Company:  Sun Microsystems, Inc.
----------
Key:       VBoxNetFlt
ImagePath: system32\DRIVERS\VBoxNetFlt.sys
C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
99216 bytes
Created:  16/06/2009 19:07
Modified: 16/06/2009 19:07
Company:  Sun Microsystems, Inc.
----------
Key:       VBoxUSBMon
ImagePath: system32\DRIVERS\VBoxUSBMon.sys
C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
41424 bytes
Created:  05/07/2009 10:47
Modified: 16/06/2009 19:07
Company:  Sun Microsystems, Inc.
----------
Key:       WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\Windows\system32\DRIVERS\wpdusb.sys
39936 bytes
Created:  10/05/2008 20:00
Modified: 19/01/2008 08:04
Company:  Microsoft Corporation
----------

************************************************************
15:46:27: Scanning -----VXD ENTRIES-----

************************************************************
15:46:27: Scanning ----- WINLOGON\NOTIFY DLLS -----
No Winlogon\Notify DLLs found to scan

************************************************************
15:46:27: Scanning ----- CONTEXTMENUHANDLERS -----
Key:   {100BD527-7304-4b7f-BEE2-26D97B04EBA4}
Path:  C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll
C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll
255272 bytes
Created:  08/08/2007 09:25
Modified: 08/08/2007 09:25
Company:  Nero AG
----------

************************************************************
15:46:27: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key:  {7D4D6379-F301-4311-BEBA-E26EB0561882}
File: C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
1803560 bytes
Created:  08/08/2007 09:26
Modified: 08/08/2007 09:26
Company:  Nero AG
----------

************************************************************
15:46:27: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {19C8E43B-07B3-49CB-BFFC-6777B593E6F8}
BHO: C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
525792 bytes
Created:  21/05/2007 11:34
Modified: 21/05/2007 11:34
Company:  Protect Software GmbH
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
1879896 bytes
Created:  07/10/2007 13:59
Modified: 26/01/2009 15:31
Company:  Safer Networking Limited
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
251504 bytes
Created:  14/01/2009 14:31
Modified: 14/01/2009 14:30
Company:  [no info]
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
669168 bytes
Created:  08/07/2009 20:53
Modified: 08/07/2009 20:53
Company:  Google Inc.
----------

************************************************************
15:46:28: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
15:46:28: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
15:46:28: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
15:46:28: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
15:46:28: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
15:46:28: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  02/11/2006 14:50
Modified: 11/05/2008 00:05
Company:  [no info]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini - no action taken on this file
--------------------
Logitech Desktop Messenger.lnk - links to C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe
196608 bytes
Created:  10/08/2008 11:50
Modified: 10/08/2008 11:50
Company:  Logitech
--------------------
PDFCreator.lnk - links to C:\PROGRA~1\PDFCRE~1\PDFCRE~1.EXE
C:\PROGRA~1\PDFCRE~1\PDFCRE~1.EXE
2641920 bytes
Created:  11/01/2008 19:04
Modified: 11/01/2008 19:04
Company:  pdfforge  https://www.pdfforge.org/
--------------------

************************************************************
15:46:28: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Invité
[C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
--------------------
Checking Startup Group for: johnny
[C:\Users\johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
Adobe Gamma.lnk - links to C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
113664 bytes
Created:  16/03/2005 19:16
Modified: 16/03/2005 19:16
Company:  Adobe Systems, Inc.
----------
C:\Users\johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created:  02/10/2007 16:21
Modified: 03/10/2007 21:17
Company:  [no info]
C:\Users\johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini - no action taken on this file
----------
--------------------

************************************************************
15:46:29: Scanning ----- SCHEDULED TASKS -----
Taskname:      {3319FB9B-F5CA-46FD-9403-D5A69DCB65ED}
File:          C:\Windows\system32\pcalua.exe - globally excluded
Parameters:    -a C:\Users\johnny\Desktop\Downloads\alcohol-120_alcohol_120_1.9.7_build_6022_anglais_11016.exe -d C:\Users\johnny\Desktop\Downloads
----------
Taskname:      {626AC99C-304A-4506-B490-AD93A7963559}
File:          C:\Windows\system32\pcalua.exe - globally excluded
Parameters:    -a C:\Users\johnny\Desktop\Downloads\strip-poker.exe -d C:\Users\johnny\Desktop\Downloads
----------
Taskname:      {85CFB0C3-1862-4302-B41E-9F6753A37B96}
File:          C:\Windows\system32\pcalua.exe - globally excluded
Parameters:    -a C:\Users\johnny\Desktop\Downloads\incrazyball_demo_jouable_1_multijoueurs_multi-langues_15284.exe -d C:\Users\johnny\Desktop\Downloads
----------
Taskname:      {A1142016-46B0-4BDF-BFA7-F1C28C376760}
File:          C:\Windows\system32\pcalua.exe - globally excluded
Parameters:    -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe -c /M{CEBB0413-2628-4C49-8332-5EEC640B8005}
----------
Taskname:      {AF269F44-98B9-49E1-B3D4-78582CEFE5B3}
File:          C:\Windows\system32\pcalua.exe - globally excluded
Parameters:    -a "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" -c /uninstall
----------
Taskname:      {AFCD4E48-9750-4765-9A0C-6D7DCA693DDB}
File:          C:\Windows\system32\pcalua.exe - globally excluded
Parameters:    -a "C:\Users\johnny\Desktop\Downloads\POOL\Play89 Pool.exe" -d C:\Users\johnny\Desktop\Downloads\POOL
----------
Taskname:      {B56FE104-B28B-44A8-9A1C-B4FF525B7812}
File:          C:\Windows\system32\pcalua.exe - globally excluded
Parameters:    -a C:\Windows\unvise32.exe -d C:\Windows -c C:\PROGRA~1\SCIGAM~1\CONSTA~1\uninstal.log
----------
Taskname:      {B8C2FEA5-B1D7-438F-A239-55825B10C86F}
File:          C:\Windows\system32\pcalua.exe - globally excluded
Parameters:    -a C:\Users\johnny\Desktop\Downloads\DEMO\Attack_of_the_Silver_Ball_Demo_du_jeu.exe -d C:\Users\johnny\Desktop\Downloads\DEMO
----------
Taskname:      {B915C2C6-9BB9-47A2-8087-DD366E848FA7}
File:          C:\Windows\system32\pcalua.exe - globally excluded
Parameters:    -a C:\Users\johnny\Desktop\Downloads\f.e.a.r._perseus_mandate_demo_jouable_1_anglais_46000.exe -d C:\Users\johnny\Desktop\Downloads
----------
Taskname:      {D85907C9-3B7F-43A3-988D-06A72F06F68D}
File:          C:\Windows\system32\pcalua.exe - globally excluded
Parameters:    -a C:\Users\johnny\Desktop\Downloads\call_of_duty_4_modern_warfare_demo_en.exe -d C:\Users\johnny\Desktop\Downloads
----------
Taskname:      {E9D6FB80-F966-40B4-8805-9E2EE57A3028}
File:          C:\Windows\system32\pcalua.exe - globally excluded
Parameters:    -a "C:\Users\johnny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOESYUTJ\daemon408-x86[1].exe" -d C:\Users\johnny
----------
Taskname:      {EBFF3A6B-13F3-4915-BA6B-16E71B6BDF83}
File:          C:\Windows\system32\pcalua.exe - globally excluded
Parameters:    -a E:\CommonEASO\EASOInstaller.exe -d E:\CommonEASO
----------

************************************************************
15:46:29: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
15:46:29: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: VIDC.I420
File:  lvcodec2.dll
C:\Windows\system32\lvcodec2.dll
416280 bytes
Created:  03/10/2007 21:27
Modified: 26/07/2008 17:23
Company:  Logitech Inc.
----------
Value: VIDC.FFDS
File:  ff_vfw.dll
C:\Windows\system32\ff_vfw.dll
7680 bytes
Created:  04/10/2007 13:34
Modified: 07/09/2007 19:32
Company:  [no info]
----------
Value: msacm.vorbis
File:  vorbis.acm
C:\Windows\system32\vorbis.acm
1294336 bytes
Created:  01/11/2007 22:33
Modified: 08/07/2002 00:14
Company:  HMS http://hp.vector.co.jp/authors/VA012897/
----------

************************************************************
15:46:30: ----- ADDITIONAL CHECKS -----
Hidden or inaccessible Services entry: [msqpdxserv.sys]
ImagePath: \systemroot\system32\drivers\msqpdxvtsiprcf.sys
Entry has been scheduled for deletion when the PC is restarted
\systemroot\system32\drivers\msqpdxvtsiprcf.sys - no action requested on this file
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\johnny\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
C:\Users\johnny\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
261265 bytes
Created:  13/04/2009 20:24
Modified: 13/04/2009 20:24
Company:  [no info]
----------
Web Desktop Wallpaper: %APPDATA%\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
C:\Users\johnny\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
261265 bytes
Created:  13/04/2009 20:24
Modified: 13/04/2009 20:24
Company:  [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
15:46:56: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
64000 bytes
Created:  10/05/2008 20:01
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\csrss.exe
6144 bytes
Created:  10/05/2008 20:00
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\wininit.exe
96768 bytes
Created:  10/05/2008 20:01
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\csrss.exe - file already scanned
--------------------
C:\Windows\system32\services.exe
279040 bytes
Created:  10/05/2008 20:01
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\lsass.exe
9728 bytes
Created:  10/05/2008 20:00
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\lsm.exe
229888 bytes
Created:  10/05/2008 20:02
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe
21504 bytes
Created:  10/05/2008 20:00
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\winlogon.exe
314880 bytes
Created:  10/05/2008 20:01
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\SLsvc.exe
2623488 bytes
Created:  10/05/2008 20:02
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\Dwm.exe
81920 bytes
Created:  10/05/2008 20:01
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
C:\Windows\System32\spoolsv.exe
125952 bytes
Created:  10/05/2008 20:00
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
C:\Program Files\Avira\AntiVir Desktop\sched.exe
108289 bytes
Created:  01/05/2009 08:38
Modified: 01/04/2009 15:46
Company:  Avira GmbH
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32	askeng.exe
169472 bytes
Created:  10/05/2008 20:01
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
C:\Windows\system32	askeng.exe - file already scanned
--------------------
C:\Program Files\a-squared Free\a2service.exe - file already scanned
--------------------
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
185089 bytes
Created:  01/05/2009 08:38
Modified: 02/03/2009 13:09
Company:  Avira GmbH
--------------------
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
144712 bytes
Created:  05/06/2009 11:48
Modified: 05/06/2009 11:48
Company:  Apple Inc.
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created:  12/12/2008 11:17
Modified: 12/12/2008 11:17
Company:  Apple Inc.
--------------------
C:\Program Files\F-Secure\ExploitShield\fsessrv.exe - file already scanned
--------------------
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
61440 bytes
Created:  17/01/2007 11:20
Modified: 17/01/2007 11:20
Company:  Hewlett-Packard Company
--------------------
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe - file already scanned
--------------------
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe - file already scanned
--------------------
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe - file already scanned
--------------------
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe - file already scanned
--------------------
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe - file already scanned
--------------------
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - file already scanned
--------------------
C:\Windows\system32\PnkBstrA.exe - file already scanned
--------------------
C:\Windows\system32\PnkBstrB.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Windows\System32\svchost.exe - file already scanned
--------------------
C:\Windows\system32\SearchIndexer.exe
439808 bytes
Created:  28/07/2008 19:00
Modified: 27/05/2008 07:18
Company:  Microsoft Corporation
--------------------
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe - file already scanned
--------------------
C:\Windows\system32\WUDFHost.exe
142336 bytes
Created:  10/05/2008 20:01
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe - file already scanned
--------------------
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe - file already scanned
--------------------
C:\Program Files\iTunes\iTunesHelper.exe - file already scanned
--------------------
C:\Program Files\F-Secure\ExploitShield\fsesgui.exe - file already scanned
--------------------
C:\Program Files\Windows Sidebar\sidebar.exe - file already scanned
--------------------
C:\Windows\ehome\ehtray.exe - file already scanned
--------------------
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe - file already scanned
--------------------
C:\Windows\ehome\ehmsas.exe
37376 bytes
Created:  10/05/2008 20:00
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - file already scanned
--------------------
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - file already scanned
--------------------
C:\Program Files\PDFCreator\PDFCreator.exe
2641920 bytes
Created:  11/01/2008 19:04
Modified: 11/01/2008 19:04
Company:  pdfforge  https://www.pdfforge.org/
--------------------
C:\Windows\System32\mobsync.exe
95744 bytes
Created:  10/05/2008 20:00
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
C:\Program Files\Windows Sidebar\sidebar.exe - file already scanned
--------------------
C:\Windows\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\iPod\bin\iPodService.exe
541992 bytes
Created:  05/06/2009 13:39
Modified: 05/06/2009 13:39
Company:  Apple Inc.
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
307704 bytes
Created:  12/01/2009 19:10
Modified: 12/06/2009 21:52
Company:  Mozilla Corporation
--------------------
C:\Windows\system32\wbem\unsecapp.exe
37888 bytes
Created:  10/05/2008 20:00
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\wbem\wmiprvse.exe
247296 bytes
Created:  16/04/2009 20:04
Modified: 03/03/2009 04:16
Company:  Microsoft Corporation
--------------------
C:\Windows\system32\conime.exe
69120 bytes
Created:  10/05/2008 20:00
Modified: 19/01/2008 09:33
Company:  Microsoft Corporation
--------------------
C:\Windows\explorer.exe - file already scanned
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize:          3015544
[This is a Trojan Remover component]
--------------------

************************************************************
15:47:01: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 15:47:01 10 juil. 2009
Total Scan time: 00:00:58
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
10/07/2009 15:47:06: restart commenced
************************************************************

Utilisateur anonyme · Answer

ils sont toujours là :

Removing the following registry keys: 
HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys - Ownership taken 
HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys - already removed (or did not exist) 

on va les fixer avec hijackthis

pass un log de hijackthis et poste son rapport ici

bleurk · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:11:20, on 10/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\F-Secure\ExploitShield\fsesgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure ExploitShield] "C:\Program Files\F-Secure\ExploitShield\fsesgui.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O18 - Protocol: bw+0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Exploit Shield Service (ExploitShield) - F-Secure Corporation - C:\Program Files\F-Secure\ExploitShield\fsessrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

bleurk · Answer

je doit partir , je suis désolé, de retour vers 17h30 merci

Utilisateur anonyme · Answer

ok, pas de soucis 
quand tu revient fais ceci :

télécharge GenProc sur ton bureau :
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip 
ou ici :  http://www.genproc.com/GenProc.exe
dézippe le dossier, double-clique sur GenProc.bat 
poste le contenu du rapport qui s'ouvre 

Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
poste son rapport ici

à +

bleurk · Answer

voila le rapport
Rapport GenProc 2.602 [1] - 10/07/2009 à 17:45:32 
@ Windows Vista Service Pack 1 - Mode normal
@ Mozilla Firefox (3.0.11) [Navigateur par défaut]

GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante : 


Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
- coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :  
- C:\Program Files\EsetOnlineScanner\log.txt

 


~~~~ INFORMATION COMPLEMENTAIRE ~~~~
 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:19, on 10/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\F-Secure\ExploitShield\fsesgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\GenProc\outil\johnny_GenProc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - (no file)
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [F-Secure ExploitShield] "C:\Program Files\F-Secure\ExploitShield\fsesgui.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O18 - Protocol: bw+0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Exploit Shield Service (ExploitShield) - F-Secure Corporation - C:\Program Files\F-Secure\ExploitShield\fsessrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Utilisateur anonyme · Answer

déjà on va supprimer le restant de norton de ton pc :

Pour désinstaller Norton 
 http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

bleurk · Answer

bonjour, ça y est c'est fait il n'y a plu de norton

bleurk · Answer

ils sont encore la! que faire?


Win32.TDSS.reg: [SBI $2867D4A5] Réglages (Modification du registre, fixing failed)
  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules\msqpdxserv

Win32.TDSS.reg: [SBI $667311C3] Réglages (Modification du registre, fixing failed)
  HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules\msqpdxl

DoubleClick: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
  

MediaPlex: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
  

MediaPlex: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
  

BlueStreak: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
  

Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
  

Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
  

Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
  

Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
  

Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
  

Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
  

Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
  

Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
  

Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
  

Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
  

Adviva: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
  


--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-03-30 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-07-07 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-07 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-06-30 Includes\Malware.sbi (*)
2009-07-07 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-07-07 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-07-07 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-07-07 Includes\Trojans.sbi (*)
2009-07-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2008-12-24 Plugins\TCPIPAddress.dll

Utilisateur anonyme · Answer

bonsoir,
ton pc est infecté par rootkit.


1.Télécharges ComboFix à partir de ce lien : 

http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

A lire 
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix 


Et important, enregistre le sur le bureau. 

Avant d'utiliser ComboFix : 

&#9658; Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours. 

&#9658; Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil. 


Une fois fait, sur ton bureau double-clic sur Combofix.exe. 

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc. 

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes. 

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire. 

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt) 

&#9658; Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet. 

&#9658; Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

Si ça ne marche pas, tu vires combofix de sur ton bureau et tu télécharge depuis ce lien jacombo qui est combofix renommé cela permet de contrer certaine infection, tu le mets sur ton bureau et tu suis les explications données dans la procédure de combofix 
http://sd-1.archive-host.com/membres/up/89820622056365782/jacombo.exe

2.télécharge Malwarebyte's ici 

http://www.malwarebytes.org/mbam/program/mbam-setup.exe 
le programme va se mettre automatiquement a jour. 
S'il manque le fichier COMCTL32.OCX, vous pourrez le télécharger ici 
https://www.malekal.com/tutorial-aboutbuster/ 
Une fois a jour, le programme va se lancer; click sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression". 

Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide". 

Puis click sur "rechercher". 

Laisse le scanner le pc... 

Si des éléments on été trouvés > click sur supprimer la sélection. 

si il t´es demandé de redémarrer > click sur "yes". 

A la fin un rapport va s´ouvrir; sauvegarde le de manière a le retrouver en vu de le poster sur le forum. 

Copie et colle le rapport stp. 

PS : les rapport sont aussi rangé dans l onglet rapport/log

3.Désactivation/Réactivation de la restauration système

Il est nécessaire de désactiver puis réactiver la restauration système pour la purger car les points de restauration peuvent être infectés : 
Pour XP :          http://www.commentcamarche.net/faq/sujet 5097 virus system volume information 
Pour Vista :       http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista




poste moi les rapports une fois que tu te reconnectes à la fin de ces operations

bon courage

bleurk · Answer

ComboFix 09-07-14.08 - johnny 17/07/2009 20:17.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6001.1.1252.33.1036.18.3070.1912 [GMT 2:00]
Running from: c:\users\johnny\Desktop\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1636297552-275803887-4191282785-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3603102019-2234686749-2930555637-500
c:\users\johnny\AppData\Roaming\inst.exe
c:\windows\Installer\48f0b.msi
c:\windows\TEMP\logishrd\LVPrcInj01.dll
D:esycled

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games


(((((((((((((((((((((((((   Files Created from 2009-06-17 to 2009-07-17  )))))))))))))))))))))))))))))))
.

2009-07-15 13:29 . 2009-06-15 15:24	156672	----a-w-	c:\windows\system32	2embed.dll
2009-07-15 13:29 . 2009-06-15 15:20	72704	----a-w-	c:\windows\system32\fontsub.dll
2009-07-15 13:29 . 2009-06-15 15:20	10240	----a-w-	c:\windows\system32\dciman32.dll
2009-07-15 13:29 . 2009-06-15 12:52	289792	----a-w-	c:\windows\system32\atmfd.dll
2009-07-13 08:52 . 2009-07-13 08:52	--------	d-----w-	c:\program files\Total Uninstall 5
2009-07-11 17:06 . 2009-07-11 17:21	--------	d-----w-	c:\users\Invité.PC-de-johnny
2009-07-11 12:34 . 2009-07-11 16:27	--------	d-----w-	c:\progra~2\PC Tools
2009-07-11 11:04 . 2009-07-11 11:04	--------	d-----w-	c:\program files\Trend Micro
2009-07-10 16:10 . 2009-07-10 16:10	--------	d-----w-	c:\progra~2\NortonInstaller
2009-07-10 15:45 . 2009-07-10 15:45	--------	d-----w-	C:\GenProc
2009-07-10 13:01 . 2009-07-10 13:01	--------	d-----w-	C:\UAC
2009-07-09 12:51 . 2009-07-09 12:51	--------	d-----w-	c:\progra~2\Simply Super Software
2009-07-08 13:31 . 2009-07-06 20:44	937984	----a-w-	c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-08 13:31 . 2009-07-06 20:44	65536	----a-w-	c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-08 13:31 . 2009-07-06 20:44	4722688	----a-w-	c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-08 13:31 . 2009-07-06 20:44	344064	----a-w-	c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-08 13:31 . 2009-07-06 20:44	106496	----a-w-	c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\plugins
pcoolirisplugin.dll
2009-07-08 13:31 . 2009-07-06 20:44	103424	----a-w-	c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-05 18:05 . 2009-07-05 18:05	--------	d-----w-	c:\program files\AusLogics Disk Defrag
2009-07-05 12:57 . 2009-07-05 12:57	--------	d-----w-	c:\users\johnny\AppData\Roaming\Auslogics
2009-07-05 12:34 . 2009-07-05 12:34	--------	d-----w-	c:\progra~2\F-Secure
2009-07-05 09:35 . 2009-06-30 17:19	106496	----a-w-	c:\users\johnny\AppData\Roaming\Mozilla\Plugins
pcoolirisplugin.dll
2009-07-05 09:14 . 2009-07-05 09:14	--------	d-----w-	c:\users\johnny\AppData\Roaming\KC Softwares
2009-07-05 08:52 . 2009-07-05 08:52	--------	d-----w-	c:\users\johnny\.VirtualBox
2009-07-05 08:48 . 2009-06-16 17:07	117136	----a-w-	c:\windows\system32\drivers\VBoxDrv.sys
2009-07-05 08:47 . 2009-06-16 17:07	41424	----a-w-	c:\windows\system32\drivers\VBoxUSBMon.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 16:23 . 2007-10-03 20:10	--------	d-----w-	c:\users\johnny\AppData\Roaming\uTorrent
2009-07-16 10:27 . 2006-11-02 11:18	--------	d-----w-	c:\program files\Windows Mail
2009-07-16 10:27 . 2007-06-27 21:15	--------	d-----w-	c:\progra~2\Microsoft Help
2009-07-15 15:00 . 2009-01-23 20:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-07-13 11:36 . 2009-01-23 20:06	38160	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-01-23 20:06	19096	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-07-13 08:58 . 2008-01-27 11:16	--------	d-----w-	c:\progra~2\Martau
2009-07-10 16:14 . 2007-06-27 21:24	--------	d-----w-	c:\program files\Symantec
2009-07-10 16:11 . 2007-06-27 21:24	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2009-07-10 13:34 . 2009-04-23 14:10	--------	d-----w-	c:\users\johnny\AppData\Roaming\Apple Computer
2009-07-09 12:48 . 2007-10-07 11:58	--------	d-----w-	c:\progra~2\Spybot - Search & Destroy
2009-07-06 14:04 . 2007-11-26 19:37	--------	d-----w-	c:\program files\DeskSpace
2009-07-06 14:04 . 2007-10-15 11:53	--------	d-----w-	c:\progra~2\mpDRM
2009-06-29 19:41 . 2009-04-19 11:03	--------	d-----w-	c:\program files\LG PC Suite 2
2009-06-22 12:19 . 2007-06-27 20:58	--------	d--h--w-	c:\program files\InstallShield Installation Information
2009-06-21 12:35 . 2009-05-05 16:05	--------	d-----w-	c:\progra~2\TrackMania
2009-06-16 17:07 . 2009-06-16 17:07	91280	----a-w-	c:\windows\system32\drivers\VBoxNetAdp.sys
2009-06-12 18:11 . 2009-06-12 18:11	--------	d-----w-	c:\program files\iTunes
2009-06-12 18:11 . 2009-06-12 18:11	--------	d-----w-	c:\program files\iPod
2009-06-12 18:11 . 2009-04-23 14:07	--------	d-----w-	c:\program files\Common Files\Apple
2009-06-12 18:10 . 2009-06-12 18:10	--------	d-----w-	c:\program files\QuickTime
2009-06-12 18:08 . 2008-06-15 16:36	--------	d-----w-	c:\progra~2\Apple
2009-06-05 09:42 . 2009-06-05 09:42	39424	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2009-06-05 09:42 . 2009-06-05 09:42	2060288	----a-w-	c:\windows\system32\usbaaplrc.dll
2009-06-02 17:28 . 2007-10-13 15:56	--------	d-----w-	c:\progra~2\Skyline
2009-06-02 17:28 . 2009-06-02 17:28	--------	d-----w-	c:\program files\Skyline
2009-05-25 13:48 . 2007-10-07 11:58	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2009-05-19 12:26 . 2009-05-18 12:27	--------	d-----w-	c:\program files\PokerStars
2009-05-15 08:50 . 2007-12-19 22:12	22328	----a-w-	c:\windows\system32\drivers\PnkBstrK.sys
2009-05-15 08:50 . 2007-12-19 22:12	22328	----a-w-	c:\users\johnny\AppData\Roaming\PnkBstrK.sys
2009-05-15 08:50 . 2007-12-19 22:12	22328	----a-w-	c:\users\johnny\AppData\Roaming\PnkBstrK.sys
2009-05-15 08:50 . 2007-12-19 22:12	107832	----a-w-	c:\windows\system32\PnkBstrB.exe
2009-05-15 08:50 . 2007-12-19 22:12	66872	----a-w-	c:\windows\system32\PnkBstrA.exe
2009-05-15 08:50 . 2007-12-19 22:12	2250024	----a-w-	c:\windows\system32\pbsvc.exe
2009-05-14 13:20 . 2009-05-17 07:01	2645832	----a-w-	c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\maconfsetup.exe
2009-05-14 12:56 . 2009-05-17 07:01	402800	----a-w-	c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins
phardwaredetection.dll
2009-05-10 06:56 . 2007-06-27 20:30	267656652	----a-w-	c:\windows\DUMP2f78.tmp
2009-05-09 05:50 . 2009-06-10 15:35	915456	----a-w-	c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 15:35	71680	----a-w-	c:\windows\system32\iesetup.dll
2009-05-01 20:31 . 2007-10-02 14:21	123656	----a-w-	c:\users\johnny\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-30 12:37 . 2009-06-10 17:57	293376	----a-w-	c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-10 17:57	428544	----a-w-	c:\windows\system32\EncDec.dll
2009-04-23 12:43 . 2009-06-10 15:35	784896	----a-w-	c:\windows\system32pcrt4.dll
2009-04-23 12:42 . 2009-06-10 15:35	636928	----a-w-	c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 15:35	2033152	----a-w-	c:\windows\system32\win32k.sys
2009-06-12 19:52 . 2009-01-12 17:16	134648	----a-w-	c:\program files\mozilla firefox\components\brwsrcmp.dll
2007-10-09 18:10 . 2007-10-09 18:10	22	--sha-w-	c:\windows\SMINST\HPCD.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-08-10 36864]
"msnlivesearch"="c:\program files\Windows Live\MessengerSearchAddon\msgrsrch.exe" [2008-10-04 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-14 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]

c:\users\johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-8-10 196608]
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-1-11 2641920]

c:\users\johnny\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5162EBDC-EB52-4525-9173-09C840607D90}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{417F6086-6920-4531-8CF4-7A3689FCED8C}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{01E84E08-165A-4086-B97A-3A10EBF1F9D9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A5917D3D-D7CF-4ED0-8D7D-169E6FDAA32C}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2B632EF2-7214-4167-9682-8B183F3C31E9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"TCP Query User{4AD84DF4-9137-4D74-9FB9-371FE1D1CA58}c:\program files\real\realplayer\realplay.exe"= UDP:c:\program filesealealplayerealplay.exe:RealPlayer
"UDP Query User{9BF4F3F8-F790-4E1F-BC62-452BE27C3B2D}c:\program files\real\realplayer\realplay.exe"= TCP:c:\program filesealealplayerealplay.exe:RealPlayer
"TCP Query User{9206C643-84C6-4D1C-A269-36352EAD3BC1}c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe"= UDP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{07ED3DB4-E4B6-4DA4-AFF6-FBCC971E02EB}c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe"= TCP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{846315D1-0368-48BC-B5A4-2FF8C1DCC859}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{298B4F32-9134-4817-AF81-FD0226B509FD}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{FF640AF2-5623-4608-8663-6D3222355FC9}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A405207A-8514-425C-9A1E-8E39E781FA55}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{E4220E17-018B-41CE-AEC1-7F97A764C9A8}c:\users\johnny\appdata\local\temp\rar$ex43.190\setup\data\iw3mp.exe"= UDP:c:\users\johnny\appdata\local	empar$ex43.190\setup\data\iw3mp.exe:iw3mp.exe
"UDP Query User{77D7A68E-AF87-4117-9D77-127147023C0A}c:\users\johnny\appdata\local\temp\rar$ex43.190\setup\data\iw3mp.exe"= TCP:c:\users\johnny\appdata\local	empar$ex43.190\setup\data\iw3mp.exe:iw3mp.exe
"TCP Query User{4F23991F-7A77-4F9D-85C0-5E5389159D8E}c:\program files\simply tv-radio 2\str.exe"= UDP:c:\program files\simply tv-radio 2\str.exe:Str
"UDP Query User{E9649933-FEB9-4C00-BC0C-FABBD9D66721}c:\program files\simply tv-radio 2\str.exe"= TCP:c:\program files\simply tv-radio 2\str.exe:Str
"TCP Query User{8F39B91A-82A5-4D34-BABF-79B4436E0180}c:\program files\adsltv\adsltv.exe"= UDP:c:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{567E34F6-3452-4034-8547-2F5B96529EC1}c:\program files\adsltv\adsltv.exe"= TCP:c:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{35801024-4E8A-4066-90DA-171908EE3B10}c:\program files\adsltv\vlc.exe"= UDP:c:\program files\adsltv\vlc.exe:VLC media player
"UDP Query User{740BAE42-9E9D-45C7-B105-D57BD3A4EA21}c:\program files\adsltv\vlc.exe"= TCP:c:\program files\adsltv\vlc.exe:VLC media player
"TCP Query User{B067D3A4-3183-40BD-93D3-8DF8F11B20EF}c:\program files\nero\nero8\nero showtime\showtime.exe"= UDP:c:\program files
ero
ero8
ero showtime\showtime.exe:Nero ShowTime
"UDP Query User{EDA70E63-E001-47D0-825B-1664D483BA2F}c:\program files\nero\nero8\nero showtime\showtime.exe"= TCP:c:\program files
ero
ero8
ero showtime\showtime.exe:Nero ShowTime
"TCP Query User{5AADA53A-DA0C-4B8B-8C17-2A7C69BFD9A0}c:\program files\limewire\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{1B1AA0FF-621F-47CD-92F6-23877D4F00FB}c:\program files\limewire\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{C8ADAA61-F140-4FEA-B405-726CAD938B63}c:\program files\iepro\minidm.exe"= UDP:c:\program files\iepro\minidm.exe:MiniDM
"UDP Query User{915977C5-6D84-4B29-8B52-51ACA3C4487E}c:\program files\iepro\minidm.exe"= TCP:c:\program files\iepro\minidm.exe:MiniDM
"{CCADEC88-4ECD-42D3-8CF1-3EABF3A72EE0}"= UDP:990:LocalSubnet:LocalSubnet|IF={003ADBE6-2D4B-47C6-A8C2-4DF94771E13B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{F8349471-D697-49EF-B995-C5DEB54DFD67}"= UDP:990:LocalSubnet:LocalSubnet|IF={003ADBE6-2D4B-47C6-A8C2-4DF94771E13B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{3D3FBD41-FADF-41CF-9FD6-53BE8860D037}"= UDP:990:LocalSubnet:LocalSubnet|IF={003ADBE6-2D4B-47C6-A8C2-4DF94771E13B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{03F43575-6BC7-41F4-8EE4-7EDDCC4D0C39}c:\program files\mozilla firefox\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{76BCDC95-A1C8-43FE-9C4F-D9EA8E0343EF}c:\program files\mozilla firefox\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{834B1DFC-D528-44F1-A1AF-0326B3597DD9}c:\program files\utorrent\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:utorrent
"UDP Query User{DC876C6B-C858-45D2-8672-2B44641AF9A3}c:\program files\utorrent\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:utorrent
"{B1ED5A79-740E-4DA0-B433-CBB62CCBC012}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{696A12CA-3852-47B0-A80D-37D6ABCD15A4}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{A3E745AC-3C04-4B21-A152-A7DB4DAC424F}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{045DFB61-3038-47DB-BBC8-73615E3CC1EB}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{58421C1E-7353-4DB0-B5AD-A536241E89C8}c:\program files\artefacts studio\petanquedemo\bin\releasedemo\petanque.exe"= UDP:c:\program files\artefacts studio\petanquedemo\bineleasedemo\petanque.exe:Petanque
"UDP Query User{078C0394-FD5F-4822-AA5B-AB9280377A5A}c:\program files\artefacts studio\petanquedemo\bin\releasedemo\petanque.exe"= TCP:c:\program files\artefacts studio\petanquedemo\bineleasedemo\petanque.exe:Petanque
"TCP Query User{8F42515D-F1FF-450B-918E-4463971108D6}c:\program files\electronic arts\eadm\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{CD472C95-A988-40BE-93FA-6C90BB22ACE1}c:\program files\electronic arts\eadm\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{10FA6ACA-3105-46B5-A462-139DFBD4FAF6}c:\program files\mswt kart 2004\msworldtour.exe"= UDP:c:\program files\mswt kart 2004\msworldtour.exe:MSWorldTour
"UDP Query User{46AE1A8A-0341-4B75-BB31-440E060DCF64}c:\program files\mswt kart 2004\msworldtour.exe"= TCP:c:\program files\mswt kart 2004\msworldtour.exe:MSWorldTour
"{1EAFAFDD-669F-4A42-9C4D-C5387C1D8765}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A7852A8B-8591-4D36-B4B9-B31AE2E26535}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{B2CBA4FE-6113-442D-A6AB-DB5611ACFBDD}c:\program files\mozilla firefox 3 beta 5\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox
"UDP Query User{BD0EB77F-26E0-4D08-9426-B7D8A73958E6}c:\program files\mozilla firefox 3 beta 5\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox
"TCP Query User{8BD66FE2-85E6-4B40-A6ED-8E691CCB6D82}c:\windows\system32\ftp.exe"= UDP:c:\windows\system32\ftp.exe:Logiciel de transfert de fichiers
"UDP Query User{737C5251-8E31-4DFC-9EEE-C76E699DF6B8}c:\windows\system32\ftp.exe"= TCP:c:\windows\system32\ftp.exe:Logiciel de transfert de fichiers
"{AF2B9CA5-2053-46D7-AB3B-8965E8093959}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{0729553E-7BFB-4969-8E93-C1D9F64930B2}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{82BDCC02-A8E2-44EF-87A8-AB63C904824D}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{EE502F00-DA3E-4999-A2E8-D892980EAA3F}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{0667F5D7-5BA5-435A-A9A9-DE4E63BBA58F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{A1386FE0-76A9-47AD-92FF-D3A97E5F76F5}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A8BF65C8-10B7-4A1F-8958-F0947E00A279}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{57D3D91C-B649-4566-899C-5ACDFEACEE34}c:\program files\quicktime\quicktimeplayer.exe"= UDP:c:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{63AAFC8C-4BE2-4A0B-B812-278C8C311F92}c:\program files\quicktime\quicktimeplayer.exe"= TCP:c:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"TCP Query User{AEAD844D-3567-43F9-9CE7-9932C304CC8C}c:\program files\tmnationsforever\tmforever.exe"= UDP:c:\program files	mnationsforever	mforever.exe:TmForever
"UDP Query User{CCED0175-B490-43AC-9A65-F33D157DC1C8}c:\program files\tmnationsforever\tmforever.exe"= TCP:c:\program files	mnationsforever	mforever.exe:TmForever
"{7A11CE01-8592-4E58-9A9A-23A6307F5828}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2E73D536-1BD5-4459-ADF8-7B9A40EECCAE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{82F20FBE-4CE2-41BD-874F-E0759DC0928B}"= UDP:c:\users\johnny\AppData\Local\Temp\7zSE9F3.tmp\SymNRT.exe:Norton Removal Tool
"{645D8F0E-8408-4E16-BDF9-411CA8FBF79F}"= TCP:c:\users\johnny\AppData\Local\Temp\7zSE9F3.tmp\SymNRT.exe:Norton Removal Tool

R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [01/05/2009 08:38 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [07/10/2007 13:59 1153368]
S2 ExploitShield;F-Secure Exploit Shield Service;"c:\program files\F-Secure\ExploitShield\fsessrv.exe" --> c:\program files\F-Secure\ExploitShield\fsessrv.exe [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\System32\drivers\VBoxNetAdp.sys [16/06/2009 19:07 91280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-F-Secure ExploitShield - c:\program files\F-Secure\ExploitShield\fsesgui.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title = 
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\www
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/webhp?client=firefox-a&rls=org.mozilla:fr:official&channel=s&hl=fr&btnG=Recherche+Google
FF - component: c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Microsoft\Office Live
pOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
pzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer
pzylomgamesplayer.dll
FF - plugin: c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins
phardwaredetection.dll
FF - plugin: c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\plugins
pcoolirisplugin.dll
FF - plugin: c:\users\johnny\AppData\Roaming\Mozilla\plugins
pcoolirisplugin.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-17 20:23
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  


c:\windows\TEMP\TMP00000002250DB8F94DF7102F 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3603102019-2234686749-2930555637-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0805AF41-ECF3-AF94-76EE-CBA4C8039A52}*]
"oafblccplkocipoihlafglngbbjneh"=hex:6b,61,64,68,68,6a,62,68,66,67,6a,67,62,6b,
   68,6a,61,66,63,61,65,6e,00,77
"papbbaefbdagnhigjgannecbcdlamdal"=hex:6b,61,64,68,6b,6a,6d,66,6b,65,66,62,65,
   62,6c,70,63,62,69,65,65,62,00,77

[HKEY_USERS\S-1-5-21-3603102019-2234686749-2930555637-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E83FAB4A-1201-6040-6EB2-80F6A1BDC8D2}*]
"aa"=hex:6a,61,6f,61,6f,68,70,65,70,66,66,66,66,70,61,6e,6e,6e,63,6b,00,16

[HKEY_USERS\S-1-5-21-3603102019-2234686749-2930555637-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,2a,35,37,44,38,ef,b4,a5,ca,00,d9,a3,38,e4,eb,6f,e1,cd,7e,8b,fa,b5,
   c0,e0,08,27,5f,87,ac,02,33,09,50,77,3f,ca,57,08,d8,45,13,38,dc,1d,7c,f5,f6,\
"??"=hex:4b,00,14,ae,14,32,15,25,7b,dd,b7,94,6c,88,78,50

[HKEY_USERS\S-1-5-21-3603102019-2234686749-2930555637-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:18,d7,5b,22,53,ff,6e,36,5f,3c,c7,90,b8,4c,2d,9f,d6,fb,62,b4,e6,
   e9,4b,d2,11,85,0c,42,88,db,49,f5,8b,37,78,ba,ed,56,fd,49,60,74,7a,14,79,b3,\
"rkeysecu"=hex:9b,04,a8,92,08,fb,4f,36,8b,5e,a1,13,bb,bb,01,d1

[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(9024)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
.
**************************************************************************
.
Completion time: 2009-07-17 20:29 - machine was rebooted
ComboFix-quarantined-files.txt  2009-07-17 18:29

Pre-Run: 214 732 218 368 octets libres
Post-Run: 214 910 898 176 octets libres

308	--- E O F ---	2009-07-17 07:52

Utilisateur anonyme · Answer

n'oublie pas  la deuxième partie de poste 23 :
http://www.commentcamarche.net/forum/affich 13266950 trojan?page=2#23

bleurk · Answer

ok merci, est ce qu'il faut que je télécharge Gmer? ( comme il me le dit)

bleurk · Answer

Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2452
Windows 6.0.6001 Service Pack 1

17/07/2009 23:07:59
mbam-log-2009-07-17 (23-07-59).txt

Type de recherche: Examen rapide
Eléments examinés: 100856
Temps écoulé: 3 minute(s), 8 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

bleurk · Answer

croit tu que je suis encore infecté?

Utilisateur anonyme · Answer

bonjour,
pour être sûr qu'il en reste plus rien même dans les points de restauration suis ceci :
supprimer les point s de restauratuin sous vista :
démarrer => clic droit sur Ordinateur => Propriétés. 

Ensuite dans le volet de gauche, cliquez sur « protection du système ». 

va dans « Points de restauration automatique » et décochez toutes les cases. Une alerte vous informera que tous les points vont être supprimés. Cliquez sur « désactiver ». 

Valide par ok et redémarrez ton PC en lançant au démarrage une bonne analyse antivirus avec ton antivirus
Une fois le système sain, répéte l’opération et recoche ton Disque Système (par défaut c’est le C). 

N’oublie pas bien sur de créer ensuite immédiatement après être bien sur que ton système est sain, un point de restauration . 

Pour cela faites démarrer => Ensuite cliquez sur « Suivant » Tous les Programmes => Accessoires => Outils système => Restauration du système


passe tout simplement un scan de spaybot pour voir s'il trouve ecore quelque chose

puis un log de hijackthis pour voir les processus inutiles, les toolbar...

on va s'en occuper des que tu as fais ces étapes.

bleurk · Answer

bonjour,
ok merci bq

bleurk · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:30, on 18/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\johnny\Desktop\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O18 - Protocol: bw+0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Exploit Shield Service (ExploitShield) - Unknown owner - C:\Program Files\F-Secure\ExploitShield\fsessrv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Utilisateur anonyme · Answer

et le rapport spaybot?de 
en attendant je vais découper le log de hijackthis, il y a des bricoles à revoir, à commencer par le restant de norton et les toolbar.

1° Pour désinstaller le restant de Norton : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924

Un complément 
https://www.01net.com/telecharger/windows/Utilitaire/manipulation_de_fichier/fiches/32585.html

2° Vire les toolbar :
• Télécharge:
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 
• !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !! 
• Double-cliques sur l'.exe pour lancer l'installe et laisses toi guider 
• Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil . 
• Choisis l'option 1 ( "recherche") et tapes "entrée" . 
• Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité de son contenu dans ta prochaine réponse ... 
• ( le rapport est en outre sauvegardé ici -> C:\TB.txt ) 
• Tuto :
 https://sites.google.com/site/toolbarsd/aideenimages toolbarSD

je t'indique ce qui reste à faire après.

bleurk · Answer

-----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : johnny ( Not Administrator ! )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total:290 Go (Free:198 Go)
   D:\ (Local Disk) - NTFS - Total:7 Go (Free:1 Go)
   E:\ (CD or DVD)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)
   J:\ (USB)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [1] ( 18/07/2009|13:23 )

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\Windows\system32\blank.htm"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Url"="https://www.msn.com/fr-fr/actualite/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.msn.com/fr-fr/"
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Local Page"="C:\Windows\System32\blank.htm"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !


   1 - "C:\ToolBar SD\TB_1.txt" - 24/01/2009|17:43 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 25/01/2009|22:50 - Option : [2]
   3 - "C:\ToolBar SD\TB_3.txt" - 11/07/2009|11:37 - Option : [2]
   4 - "C:\ToolBar SD\TB_4.txt" - 18/07/2009|13:24 - Option : [1]

   -----------\  Fin du rapport a 13:24:24,93

bleurk · Answer

Félicitations!: Aucun mouchard n'a été trouvé. (Status)
  


--- Spybot - Search & Destroy version: 1.6.2  (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-03-30 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-07-07 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-07 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-06-30 Includes\Malware.sbi (*)
2009-07-07 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-07-07 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-07-07 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-07-07 Includes\Trojans.sbi (*)
2009-07-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2008-12-24 Plugins\TCPIPAddress.dll

bleurk · Answer

désinstallation norton effectuer

Utilisateur anonyme · Answer

repasse un autre log hijackthis pour que je t'indique les processus qui sont à fixer s'il te plait

bleurk · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:19, on 18/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\johnny\Desktop\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O18 - Protocol: bw+0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Exploit Shield Service (ExploitShield) - Unknown owner - C:\Program Files\F-Secure\ExploitShield\fsessrv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Utilisateur anonyme · Answer

1° google toolbar toujours présent sur ton pc, à suppimer avec le lien que je t'ai laissé pour les toolbar :

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll 
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll 
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll 
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 

Rappel pour virer les toolbar :
• Télécharge:https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2 
• !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !! 
• Double-cliques sur l'.exe pour lancer l'installe et laisses toi guider 
• Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil . 
• Choisis l'option 1 ( "recherche") et tapes "entrée" . 
• Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité de son contenu dans ta prochaine réponse ... 
• ( le rapport est en outre sauvegardé ici -> C:\TB.txt ) 
• Tuto : https://sites.google.com/site/toolbarsd/aideenimages toolbarSD



2° ces lignes inutiles sont à fixer avec hijackthis :
clique sur hijackthis, do a systeme scan only, coche les lignes indiquées dans la petite case à gauche de chaque ligne, puis fix checked et confirme la surpression.

O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file) 


3° programme à supprimer avec ajout surpression de programmes dans le panneau de confiuguration :

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe 
(source de spam)

4° il y a ceci-ci à revoir, je fais des recherche pour savoir ce que c'est exactement :

 O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
launcher.exe est une appartenance exécutable à beaucoup d'applications comprenant Webshots- par téléchargeur de bureau Windows, Uinterface Mouselaunch- un fichier et un initiateur d'application, et également une interface de matériel pour des produits de Samsung. 
Note : launcher.exe est un programme publicitaire par Intercort Systems. Ce process surveille vos habitudes de furetage et distribue les données de nouveau aux serveurs de l'auteur pour l'analyse. Ceci incite également annoncer des popups


ça prend du temps de vérifier toutes ces lignes, une par une, ouf !!!!

bleurk · Answer

encore merci pour tous le mal que tu te donne  sympa

Utilisateur anonyme · Answer

t'inquiette pas, je te suis jusqu'au bout :-)

fais le poste 38 du début à la fin et repasse un log hijackthis pourque je vérifie si tout va bien
j'attends ton rapport pour en finir ;-)

bleurk · Answer

-----------\  ToolBar S&D 1.2.8   XP/Vista

   Microsoft® Windows Vista™ Édition Familiale Premium  ( v6.0.6001 ) Service Pack 1
   X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ )
   BIOS : Phoenix - AwardBIOS v6.00PG
   USER : johnny ( Not Administrator ! )
   BOOT : Normal boot
   C:\ (Local Disk) - NTFS - Total:290 Go (Free:196 Go)
   D:\ (Local Disk) - NTFS - Total:7 Go (Free:1 Go)
   E:\ (CD or DVD)
   G:\ (USB)
   H:\ (USB)
   I:\ (USB)
   J:\ (USB)

   "C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
   Option : [1] ( 18/07/2009|18:24 )

   -----------\  Recherche de Fichiers / Dossiers ...


   -----------\  [..\Internet Explorer\Main]

   [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
   "Local Page"="C:\Windows\system32\blank.htm"
   "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Start Page"="https://www.google.fr/?gws_rd=ssl"
   "Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
   "Url"="https://www.msn.com/fr-fr/actualite/"

   [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
   "Start Page"="https://www.msn.com/fr-fr/"
   "Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
   "Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
   "Local Page"="C:\Windows\System32\blank.htm"


   --------------------\  Recherche d'autres infections


   Aucune autre infection trouvée  !


   1 - "C:\ToolBar SD\TB_1.txt" - 24/01/2009|17:43 - Option : [1]
   2 - "C:\ToolBar SD\TB_2.txt" - 25/01/2009|22:50 - Option : [2]
   3 - "C:\ToolBar SD\TB_3.txt" - 11/07/2009|11:37 - Option : [2]
   4 - "C:\ToolBar SD\TB_4.txt" - 18/07/2009|13:24 - Option : [1]
   5 - "C:\ToolBar SD\TB_5.txt" - 18/07/2009|18:24 - Option : [1]

   -----------\  Fin du rapport a 18:24:52,55

bleurk · Answer

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:37, on 18/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32	askeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\johnny\Desktop\Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix: 
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O18 - Protocol: bw+0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Exploit Shield Service (ExploitShield) - Unknown owner - C:\Program Files\F-Secure\ExploitShield\fsessrv.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Utilisateur anonyme · Answer

logitech te prend pas mal de ressources, c'est impressionnant !!!

il reste encore une ligne à fixer avec hijackthis :

O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)


je n'ai rien trouvé de plus sur luncher.exe.

je continue des recherches

bleurk · Answer

Logitech c'est ma souri et ma cam

Utilisateur anonyme · Answer

concernant launcher.exe j'ai trouvé ceci :

Ce processus serait en effet selon certains antivirus (pas très connus) un virus de type "trojan agent" il peut se copier en infectant d'autres fichiers exécutables 
toutefois, nous ne sonnes pas très sûr si il faut vraiment supprimer ce fichier se trouvant dans le dossier windows\SMINST\launcher.exe 

Taille : 43.1 Ko (sur un ordinateur équipé de vista 32 bit) 

nous avons remarqué que spybot search and destroy via, l'outil permettant de voir les fichiers qui s'exécutent sur au démarage, il le détecte comme un probable fichier dangereux 

donc, ce fichier crée une clé registre afin de s'exécuter au démarrage du système. nous vous conseillons donc de désactiver dans un premier temps l'exécution auto de ce fichier via spybot par exemple (ou tuneUp Utilities) 

puis si celà ne cause aucun poblème de le supprimer si vous le souhaitez... 

A voir : http://www.virustotal.com/analisis/45c2052a0abb7095bd081163232475c5

bleurk · Answer

je viens de le désactiver avec spybot on verra bien ce que ça donne
je te remercie pour tous, tu est super

Utilisateur anonyme · Answer

si ton pc fonctionne normalement et après l'utilisation sur plusieur jour, tu peux carrement le virer.

pour en finir je vais te demander de passe un scan antivir et un spaybot pour être sûr qu'il ne reste plus rien.
merci :-)

bleurk · Answer

Avira AntiVir Personal Date de création du fichier de rapport : samedi 18 juillet 2009 21:58 La recherche porte sur 1548239 souches de virus. Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus Numéro de série : 0000149996-ADJIE-0000001 Plateforme : Windows Vista Version de Windows : (Service Pack 1) [6.0.6001] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur : PC-DE-JOHNNY Informations de version : BUILD.DAT : 9.0.0.66 17958 Bytes 17/06/2009 14:44:00 AVSCAN.EXE : 9.0.3.6 466689 Bytes 21/04/2009 12:20:54 AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02 LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11 LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36 ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 09:04:39 ANTIVIR2.VDF : 7.1.4.221 1273856 Bytes 12/07/2009 16:51:14 ANTIVIR3.VDF : 7.1.4.252 445440 Bytes 17/07/2009 10:22:19 Version du moteur : 8.2.0.222 AEVDF.DLL : 8.1.1.1 106868 Bytes 01/05/2009 06:40:48 AESCRIPT.DLL : 8.1.2.18 442746 Bytes 18/07/2009 10:22:20 AESCN.DLL : 8.1.2.3 127347 Bytes 15/05/2009 17:50:23 AERDL.DLL : 8.1.2.4 430452 Bytes 15/07/2009 06:25:31 AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 18:38:12 AEOFFICE.DLL : 8.1.0.38 196987 Bytes 17/06/2009 18:35:46 AEHEUR.DLL : 8.1.0.143 1864055 Bytes 17/07/2009 10:22:15 AEHELP.DLL : 8.1.4.5 229748 Bytes 15/07/2009 06:24:59 AEGEN.DLL : 8.1.1.48 348532 Bytes 02/07/2009 18:29:06 AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40 AECORE.DLL : 8.1.7.5 180597 Bytes 15/07/2009 06:24:57 AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40 AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30 AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:39:26 AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28 AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42 AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22 AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37 SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49 SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57 NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59 RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 13/07/2009 16:51:14 RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05 Configuration pour la recherche actuelle : Nom de la tâche...............................: Contrôle intégral du système Fichier de configuration......................: c:\program files\avira\antivir desktop\sysscan.avp Documentation.................................: bas Action principale.............................: interactif Action secondaire.............................: ignorer Recherche sur les secteurs d'amorçage maître..: marche Recherche sur les secteurs d'amorçage.........: marche Secteurs d'amorçage...........................: C:, D:, Recherche dans les programmes actifs..........: marche Recherche en cours sur l'enregistrement.......: marche Recherche de Rootkits.........................: marche Contrôle d'intégrité de fichiers système......: marche Recherche optimisée...........................: marche Fichier mode de recherche.....................: Tous les fichiers Recherche sur les archives....................: marche Limiter la profondeur de récursivité..........: 20 Archive Smart Extensions......................: marche Heuristique de macrovirus.....................: marche Heuristique fichier...........................: moyen Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+SPR, Début de la recherche : samedi 18 juillet 2009 21:58 Début du contrôle des fichiers système : Signé -> 'C:\Windows\system32\svchost.exe' Signé -> 'C:\Windows\system32\winlogon.exe' Signé -> 'C:\Windows\explorer.exe' Signé -> 'C:\Windows\system32\smss.exe' Signé -> 'C:\Windows\system32\wininet.DLL' Signé -> 'C:\Windows\system32\wsock32.DLL' Signé -> 'C:\Windows\system32\ws2_32.DLL' Signé -> 'C:\Windows\system32\services.exe' Signé -> 'C:\Windows\system32\lsass.exe' Signé -> 'C:\Windows\system32\csrss.exe' Signé -> 'C:\Windows\system32\drivers\kbdclass.sys' Signé -> 'C:\Windows\system32\spoolsv.exe' Signé -> 'C:\Windows\system32\alg.exe' Signé -> 'C:\Windows\system32\wuauclt.exe' Signé -> 'C:\Windows\system32\advapi32.DLL' Signé -> 'C:\Windows\system32\user32.DLL' Signé -> 'C:\Windows\system32\gdi32.DLL' Signé -> 'C:\Windows\system32\kernel32.DLL' Signé -> 'C:\Windows\system32 tdll.DLL' Signé -> 'C:\Windows\system32 toskrnl.exe' Signé -> 'C:\Windows\system32\ctfmon.exe' Les fichiers système ont été contrôlés ('21' fichiers) La recherche d'objets cachés commence. '100775' objets ont été contrôlés, '0' objets cachés ont été trouvés. La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'SpybotSD.exe' - '1' module(s) sont contrôlés Processus de recherche 'TeaTimer.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés Processus de recherche 'WmiPrvSE.exe' - '1' module(s) sont contrôlés Processus de recherche 'unsecapp.exe' - '1' module(s) sont contrôlés Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés Processus de recherche 'sidebar.exe' - '1' module(s) sont contrôlés Processus de recherche 'PDFCreator.exe' - '1' module(s) sont contrôlés Processus de recherche 'ehmsas.exe' - '1' module(s) sont contrôlés Processus de recherche 'msgrsrch.exe' - '1' module(s) sont contrôlés Processus de recherche 'ehtray.exe' - '1' module(s) sont contrôlés Processus de recherche 'sidebar.exe' - '1' module(s) sont contrôlés Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés Processus de recherche 'GrooveMonitor.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'SDWinSec.exe' - '1' module(s) sont contrôlés Processus de recherche 'SearchIndexer.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'PnkBstrB.exe' - '1' module(s) sont contrôlés Processus de recherche 'PnkBstrA.exe' - '1' module(s) sont contrôlés Processus de recherche 'NBService.exe' - '1' module(s) sont contrôlés Processus de recherche 'LVComSer.exe' - '1' module(s) sont contrôlés Processus de recherche 'LVPrcSrv.exe' - '1' module(s) sont contrôlés Processus de recherche 'LVComSer.exe' - '1' module(s) sont contrôlés Processus de recherche 'LSSrvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'dwm.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'SLsvc.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'audiodg.exe' - '0' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsm.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'wininit.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '57' processus ont été contrôlés avec '57' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [INFO] Aucun virus trouvé ! Secteur d'amorçage maître HD1 [INFO] Aucun virus trouvé ! [INFO] Veuillez relancer la recherche avec les droits d'administrateur Secteur d'amorçage maître HD2 [INFO] Aucun virus trouvé ! [INFO] Veuillez relancer la recherche avec les droits d'administrateur Secteur d'amorçage maître HD3 [INFO] Aucun virus trouvé ! [INFO] Veuillez relancer la recherche avec les droits d'administrateur Secteur d'amorçage maître HD4 [INFO] Aucun virus trouvé ! [INFO] Veuillez relancer la recherche avec les droits d'administrateur La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [INFO] Aucun virus trouvé ! Secteur d'amorçage 'D:\' [INFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence : Le registre a été contrôlé ( '39' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' C:\hiberfil.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! [REMARQUE] Ce fichier est un fichier système Windows. [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche. C:\Windows\System32\drivers\sptd.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! Recherche débutant dans 'D:\' Fin de la recherche : samedi 18 juillet 2009 22:48 Temps nécessaire: 50:11 Minute(s) La recherche a été effectuée intégralement 24845 Les répertoires ont été contrôlés 489694 Des fichiers ont été contrôlés 0 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 0 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 3 Impossible de contrôler des fichiers 489691 Fichiers non infectés 4331 Les archives ont été contrôlées 3 Avertissements 2 Consignes 100775 Des objets ont été contrôlés lors du Rootkitscan 0 Des objets cachés ont été trouvés Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed) Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed) Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed) Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed) Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed) Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed) Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed) Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed) Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed) MediaPlex: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed) MediaPlex: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed) DoubleClick: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed) BlueStreak: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed) Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed) --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) --- 2009-01-26 blindman.exe (1.0.0.8) 2008-01-28 SDDelFile.exe (1.0.2.4) 2009-01-26 SDFiles.exe (1.6.1.7) 2009-01-26 SDMain.exe (1.0.0.6) 2009-01-26 SDShred.exe (1.0.2.5) 2009-01-26 SDUpdate.exe (1.6.0.12) 2009-01-26 SDWinSec.exe (1.0.0.12) 2009-01-26 SpybotSD.exe (1.6.2.46) 2009-03-05 TeaTimer.exe (1.6.6.32) 2009-03-30 unins000.exe (51.49.0.0) 2009-01-26 Update.exe (1.6.0.7) 2009-01-26 advcheck.dll (1.6.2.15) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2009-01-26 SDHelper.dll (1.6.2.14) 2008-06-19 sqlite3.dll 2008-10-22 Tools.dll (2.1.6.8) 2009-01-16 UninsSrv.dll (1.0.0.0) 2009-05-19 Includes\Adware.sbi (*) 2009-06-02 Includes\AdwareC.sbi (*) 2009-01-22 Includes\Cookies.sbi (*) 2009-05-19 Includes\Dialer.sbi (*) 2009-06-02 Includes\DialerC.sbi (*) 2009-01-22 Includes\HeavyDuty.sbi (*) 2009-05-26 Includes\Hijackers.sbi (*) 2009-07-07 Includes\HijackersC.sbi (*) 2009-06-23 Includes\Keyloggers.sbi (*) 2009-07-07 Includes\KeyloggersC.sbi (*) 2004-11-29 Includes\LSP.sbi (*) 2009-06-30 Includes\Malware.sbi (*) 2009-07-07 Includes\MalwareC.sbi (*) 2009-03-25 Includes\PUPS.sbi (*) 2009-07-07 Includes\PUPSC.sbi (*) 2009-01-22 Includes\Revision.sbi (*) 2009-01-13 Includes\Security.sbi (*) 2009-06-02 Includes\SecurityC.sbi (*) 2008-06-03 Includes\Spybots.sbi (*) 2008-06-03 Includes\SpybotsC.sbi (*) 2009-04-07 Includes\Spyware.sbi (*) 2009-07-07 Includes\SpywareC.sbi (*) 2009-06-08 Includes\Tracks.uti 2009-07-07 Includes\Trojans.sbi (*) 2009-07-08 Includes\TrojansC.sbi (*) 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2008-12-24 Plugins\TCPIPAddress.dll

Utilisateur anonyme · Answer

bonjour, 
ça, l'air correct 
es tu satisfait de fonctionnement de ton pc ce matin ? as tu eu des soucis en particulier ?

bleurk · Answer

non aucun souci tout a l'air nikel  merci

Utilisateur anonyme · Answer

si tout est bon pour toi, n'oublie pas de cocher ton poste comme résolu.
sur ce, bon surf et bonne journée ;-)

Trojan

51 réponses

Discussions similaires