Trojan

Résolu
bleurk Messages postés 115 Statut Membre -  
 Utilisateur anonyme -
Bonjour,
je suis infecté par des trojan, je n'arrive pas a les suprimer
quelqu'un peu m'aider svp?
Configuration: Windows Vista
Firefox 3.0.11

51 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Plusieurs éléments indiquent une problématique de suppression de trojans sur Windows Vista avec Firefox 3.0.11, et une demande d'aide pour évaluer les solutions possibles et prioriser l'action. Des solutions évoquées incluent l'exécution d'outils de sécurité en ligne comme Nod32/ESET, la génération et la mise à disposition de rapports de scans, ainsi que des procédures basées sur HijackThis. Des éléments techniques supplémentaires dans les messages suggèrent d'examiner les paramètres Internet, les pages de démarrage, les modules complémentaires et les programmes de démarrage pour repérer les modifications malveillantes. En cas de résultats longs et complexes, une étape possible est de partager les rapports détaillés pour interprétation et évaluer les prochaines mesures de nettoyage, éventuellement avec une assistance spécialisée.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Utilisateur anonyme
     
    bonsoir,
    poste le rapport de ton antivirus ou l'outil qui a détecté le virus ici s'il te plait
    0
  2. bleurk Messages postés 115 Statut Membre
     
    voici le rapport de spybot

    --- Search result list ---
    Win32.TDSS.reg: [SBI $2867D4A5] Réglages (Modification du registre, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules\msqpdxserv

    Win32.TDSS.reg: [SBI $EDA68CC2] Réglages (Modification du registre, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules\msqpdxserv

    Win32.TDSS.reg: [SBI $667311C3] Réglages (Modification du registre, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules\msqpdxl

    Win32.TDSS.reg: [SBI $99E026E5] Réglages (Modification du registre, nothing done)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules\msqpdxl

    DoubleClick: Cookie traceur (Firefox: johnny (default)) (Cookie, nothing done)

    Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, nothing done)

    Statcounter: Cookie traceur (Firefox: johnny (default)) (Cookie, nothing done)

    Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, nothing done)

    Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, nothing done)

    Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, nothing done)

    BlueStreak: Cookie traceur (Firefox: johnny (default)) (Cookie, nothing done)

    Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, nothing done)

    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2008-01-28 SDDelFile.exe (1.0.2.4)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-03-30 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-01-26 advcheck.dll (1.6.2.15)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2008-10-22 Tools.dll (2.1.6.8)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2009-05-19 Includes\Adware.sbi (*)
    2009-06-02 Includes\AdwareC.sbi (*)
    2009-01-22 Includes\Cookies.sbi (*)
    2009-05-19 Includes\Dialer.sbi (*)
    2009-06-02 Includes\DialerC.sbi (*)
    2009-01-22 Includes\HeavyDuty.sbi (*)
    2009-05-26 Includes\Hijackers.sbi (*)
    2009-06-23 Includes\HijackersC.sbi (*)
    2009-06-23 Includes\Keyloggers.sbi (*)
    2009-06-30 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2009-06-30 Includes\Malware.sbi (*)
    2009-06-30 Includes\MalwareC.sbi (*)
    2009-03-25 Includes\PUPS.sbi (*)
    2009-06-30 Includes\PUPSC.sbi (*)
    2009-01-22 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2009-06-02 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2009-04-07 Includes\Spyware.sbi (*)
    2009-06-02 Includes\SpywareC.sbi (*)
    2009-06-08 Includes\Tracks.uti
    2009-06-17 Includes\Trojans.sbi (*)
    2009-06-30 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2008-12-24 Plugins\TCPIPAddress.dll

    --- System information ---
    Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)

    --- Startup entries list ---
    Located: HK_LM:Run, Adobe Reader Speed Launcher
    command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    size: 39792
    MD5: 392845E8D49B5F0E81AAC4D795000A8C

    Located: HK_LM:Run, avgnt
    command: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    file: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    size: 209153
    MD5: 29680A793F690EEF4AAA68479D2A6DF8

    Located: HK_LM:Run, F-Secure ExploitShield
    command: "C:\Program Files\F-Secure\ExploitShield\fsesgui.exe"
    file: C:\Program Files\F-Secure\ExploitShield\fsesgui.exe
    size: 629376
    MD5: C3195D1010CE4EE40219566DC2135268

    Located: HK_LM:Run, GrooveMonitor
    command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    size: 31072
    MD5: 644795F6985C740F5E36E9336B837D0B

    Located: HK_LM:Run, iTunesHelper
    command: "C:\Program Files\iTunes\iTunesHelper.exe"
    file: C:\Program Files\iTunes\iTunesHelper.exe
    size: 292136
    MD5: 9D4F3923F8D3A13F2FEADB66C62FE5D0

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    file: C:\Program Files\QuickTime\QTTask.exe
    size: 413696
    MD5: FABAD2BFD44661D8CC627E5485BFAFAF

    Located: HK_LM:RunOnce, Launcher
    command: %WINDIR%\SMINST\launcher.exe
    file: C:\Windows\SMINST\launcher.exe
    size: 44168
    MD5: 31539595F006DAE39F719735F30C3570

    Located: HK_CU:Run, ehTray.exe
    where: S-1-5-21-3603102019-2234686749-2930555637-1000...
    command: C:\Windows\ehome\ehTray.exe
    file: C:\Windows\ehome\ehTray.exe
    size: 125952
    MD5: BF08674925F151BD4537B89A493E3E0C

    Located: HK_CU:Run, ISUSPM Startup
    where: S-1-5-21-3603102019-2234686749-2930555637-1000...
    command: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    file: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    size: 249856
    MD5: 1C46FC1AB600766B8554580204806E84

    Located: HK_CU:Run, LDM
    where: S-1-5-21-3603102019-2234686749-2930555637-1000...
    command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    size: 36864
    MD5: 75A8679F5D996D286FC8649E74394B79

    Located: HK_CU:Run, msnlivesearch
    where: S-1-5-21-3603102019-2234686749-2930555637-1000...
    command: C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
    file: C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
    size: 49152
    MD5: BEB9FB770075D484ACFB2645EB788527

    Located: HK_CU:Run, Sidebar
    where: S-1-5-21-3603102019-2234686749-2930555637-1000...
    command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    file: C:\Program Files\Windows Sidebar\sidebar.exe
    size: 1233920
    MD5: FD278E51A7D6F52D22FCE6C67E037AD6

    Located: HK_CU:Run, SpybotSD TeaTimer
    where: S-1-5-21-3603102019-2234686749-2930555637-1000...
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 2260480
    MD5: 390679F7A217A5E73D756276C40AE887

    Located: HK_CU:Run, swg
    where: S-1-5-21-3603102019-2234686749-2930555637-1000...
    command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 39408
    MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD

    Located: Démarrage (tous utilisateurs), Logitech Desktop Messenger.lnk
    where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    size: 196608
    MD5: 6F2E5108667BF1149D884E3CBEB9CDD1

    Located: Démarrage (tous utilisateurs), PDFCreator.lnk
    where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\PDFCreator\PDFCreator.exe
    file: C:\Program Files\PDFCreator\PDFCreator.exe
    size: 2641920
    MD5: 4DB47E14FF62720ADA91BE1E40226ACF

    Located: Démarrage (utilisateur), Adobe Gamma.lnk
    where: C:\Users\johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    size: 113664
    MD5: C2FF17734176CD15221C10044EF0BA1A

    --- Browser helper object list ---
    {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} (Download Manager Browser Helper Object)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Download Manager Browser Helper Object
    Path: C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\
    Long name: XEBDLHelper.dll
    Short name: XEBDLH~1.DLL
    Date (created): 21/05/2007 11:34:48
    Date (last access): 15/10/2007 13:54:34
    Date (last write): 21/05/2007 11:34:48
    Filesize: 525792
    Attributes: archive
    MD5: FD850334FE0EAC8B286235996E533B10
    CRC32: E6717AAB
    Version: 1.0.0.14

    {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: SWEETIE
    CLSID name:

    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: WormRadar.com IESiteBlocker.NavFilter
    CLSID name:

    {5C255C8A-E604-49b4-9D64-90988571CECB} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:

    {64F56FC1-1272-44CD-BA6E-39723696E350} (EoRezoBHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: EoRezoBHO
    CLSID name:

    {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Groove GFS Browser Helper
    Path: C:\Program Files\Microsoft Office\Office12\
    Long name: GrooveShellExtensions.dll
    Short name: GRA8E1~1.DLL
    Date (created): 12/02/2009 15:19:32
    Date (last access): 01/05/2009 10:21:28
    Date (last write): 12/02/2009 15:19:32
    Filesize: 2217848
    Attributes: archive
    MD5: A6B5A41C0ED007AB6C43CAD899E533D8
    CRC32: BA078F79
    Version: 12.0.6421.1000

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Programme d'aide de l'Assistant de connexion Windows Live
    Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 22/01/2009 16:41:30
    Date (last access): 18/02/2009 16:20:22
    Date (last write): 22/01/2009 16:41:30
    Filesize: 408448
    Attributes: archive
    MD5: B7899C3E21B299D7A3C0DA96CAE340BD
    CRC32: 288935F8
    Version: 5.0.818.5

    {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Google Toolbar Helper
    description: Google toolbar
    classification: Open for discussion
    known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
    info link: http://www.google.com/intl/fr/toolbar/ie/index.html
    info source: TonyKlein
    Path: C:\Program Files\Google\Google Toolbar\
    Long name: GoogleToolbar.dll
    Short name: GOOGLE~1.DLL
    Date (created): 14/01/2009 14:31:22
    Date (last access): 14/01/2009 14:31:22
    Date (last write): 14/01/2009 14:30:30
    Filesize: 251504
    Attributes: archive
    MD5: 105EBC389FEB20A5A6DE47316001B7F1
    CRC32: 3760EC78

    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Google Toolbar Notifier BHO
    Path: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\
    Long name: swg.dll
    Short name:
    Date (created): 07/04/2009 19:22:08
    Date (last access): 07/04/2009 19:22:08
    Date (last write): 07/04/2009 19:22:08
    Filesize: 668656
    Attributes: archive
    MD5: D1585B06DED161E13B905DC4FFBF7F12
    CRC32: 88D5BAA5
    Version: 5.1.1309.3572

    {C7B76B90-3455-4AE6-A752-EAC4D19689E5} (EoBHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: EoBHO
    CLSID name:

    {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (Google Dictionary Compression sdch)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: Google Dictionary Compression sdch
    CLSID name: Google Dictionary Compression sdch
    Path: C:\Program Files\Google\Google Toolbar\Component\
    Long name: fastsearch_219B3E1547538286.dll
    Short name: FASTSE~1.DLL
    Date (created): 14/01/2009 14:30:26
    Date (last access): 14/01/2009 14:30:26
    Date (last write): 14/01/2009 14:30:26
    Filesize: 522224
    Attributes: archive
    MD5: E27153F524C86807079F62550094B073
    CRC32: E181FF40
    Version: 1.0.610.10250

    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 26/11/2008 14:02:44
    Date (last access): 10/11/2008 04:39:26
    Date (last write): 10/11/2008 06:43:16
    Filesize: 34816
    Attributes: archive
    MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
    CRC32: D7C13FB2
    Version: 6.0.110.3

    {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:

    --- ActiveX list ---
    {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
    DPF name:
    CLSID name: MSN Photo Upload Tool
    Installer: C:\Windows\Downloaded Program Files\MSNPUpld.inf
    Codebase: http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
    description:
    classification: Legitimate
    known filename: MsnPUpld.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Windows\Downloaded Program Files\
    Long name: MsnPUpld.dll
    Short name:
    Date (created): 20/11/2006 11:04:16
    Date (last access): 20/11/2006 11:04:16
    Date (last write): 20/11/2006 11:04:16
    Filesize: 543544
    Attributes: archive
    MD5: A0F541D9D2CACEEC7A4A378CD0C31626
    CRC32: 035C591F
    Version: 10.0.914.0

    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
    DPF name:
    CLSID name:
    Installer: C:\Windows\Downloaded Program Files\erma.inf
    Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_11
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_11.dll
    Short name: NPJPI1~1.DLL
    Date (created): 10/11/2008 04:39:26
    Date (last access): 10/11/2072 04:39:26
    Date (last write): 10/11/2008 06:43:32
    Filesize: 132504
    Attributes: archive
    MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
    CRC32: CECB5751
    Version: 6.0.110.3

    --- Process list ---
    PID: 1840 (1156) C:\Windows\system32\Dwm.exe
    size: 81920
    MD5: 59903071D7ACE6A02093C47E9E38AF97
    PID: 1868 (1820) C:\Windows\Explorer.EXE
    size: 2927104
    MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D
    PID: 1932 (1216) C:\Windows\system32\taskeng.exe
    size: 169472
    MD5: 5F109032CE46B7184ED9E50F9FE8489E
    PID: 2144 (2064) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    size: 186904
    MD5: 38440FE1A65B1FE3D246C5C4CAD22F53
    PID: 3480 (1868) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    size: 209153
    MD5: 29680A793F690EEF4AAA68479D2A6DF8
    PID: 3508 (1868) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    size: 31072
    MD5: 644795F6985C740F5E36E9336B837D0B
    PID: 3564 (1868) C:\Program Files\iTunes\iTunesHelper.exe
    size: 292136
    MD5: 9D4F3923F8D3A13F2FEADB66C62FE5D0
    PID: 3596 (1868) C:\Program Files\F-Secure\ExploitShield\fsesgui.exe
    size: 629376
    MD5: C3195D1010CE4EE40219566DC2135268
    PID: 3624 (1868) C:\Program Files\Windows Sidebar\sidebar.exe
    size: 1233920
    MD5: FD278E51A7D6F52D22FCE6C67E037AD6
    PID: 3652 (1868) C:\Windows\ehome\ehtray.exe
    size: 125952
    MD5: BF08674925F151BD4537B89A493E3E0C
    PID: 3708 (1868) C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
    size: 49152
    MD5: BEB9FB770075D484ACFB2645EB788527
    PID: 3780 (1868) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 39408
    MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
    PID: 3860 (1868) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 2260480
    MD5: 390679F7A217A5E73D756276C40AE887
    PID: 3944 (1868) C:\Program Files\PDFCreator\PDFCreator.exe
    size: 2641920
    MD5: 4DB47E14FF62720ADA91BE1E40226ACF
    PID: 4068 ( 856) C:\Windows\ehome\ehmsas.exe
    size: 37376
    MD5: 0F4195B9B348DE5CF9B822F81704B20E
    PID: 3940 (3624) C:\Program Files\Windows Sidebar\sidebar.exe
    size: 1233920
    MD5: FD278E51A7D6F52D22FCE6C67E037AD6
    PID: 4120 ( 856) C:\Windows\system32\wbem\unsecapp.exe
    size: 37888
    MD5: 25873356E52849C3F5B3F1B02317E8C8
    PID: 5192 (2516) C:\Program Files\uTorrent\utorrent.exe
    size: 288048
    MD5: 273E8C52E12B0E67913BBBF5CEF5B07E
    PID: 4296 (1868) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    size: 3885408
    MD5: 35B9FA77B73358D9063CD61AA3D83EE8
    PID: 1800 ( 856) C:\Program Files\Windows Live\Contacts\wlcomm.exe
    size: 27512
    MD5: 654480EA67078C7B4C6C8BA871B07D5D
    PID: 1708 (1868) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 3524 ( 856) C:\Windows\System32\mobsync.exe
    size: 95744
    MD5: 9B89B3BB79EA1ACF041F40A7B6FC5827
    PID: 0 ( 0) [System Process]
    PID: 4 ( 0) System
    PID: 468 ( 4) smss.exe
    size: 64000
    PID: 588 ( 576) csrss.exe
    size: 6144
    PID: 648 ( 576) wininit.exe
    size: 96768
    PID: 660 ( 640) csrss.exe
    size: 6144
    PID: 696 ( 648) services.exe
    size: 279040
    PID: 712 ( 648) lsass.exe
    size: 9728
    PID: 720 ( 648) lsm.exe
    size: 229888
    PID: 856 ( 696) svchost.exe
    size: 21504
    PID: 920 ( 640) winlogon.exe
    size: 314880
    PID: 980 ( 696) svchost.exe
    size: 21504
    PID: 1020 ( 696) svchost.exe
    size: 21504
    PID: 1120 ( 696) svchost.exe
    size: 21504
    PID: 1156 ( 696) svchost.exe
    size: 21504
    PID: 1216 ( 696) svchost.exe
    size: 21504
    PID: 1292 (1120) audiodg.exe
    size: 88064
    PID: 1316 ( 696) svchost.exe
    size: 21504
    PID: 1340 ( 696) SLsvc.exe
    size: 2623488
    PID: 1392 ( 696) svchost.exe
    size: 21504
    PID: 1596 ( 696) svchost.exe
    size: 21504
    PID: 1984 ( 696) spoolsv.exe
    size: 125952
    PID: 2008 ( 696) sched.exe
    PID: 2040 ( 696) svchost.exe
    size: 21504
    PID: 640 (1216) taskeng.exe
    size: 169472
    PID: 2028 ( 696) avguard.exe
    PID: 1908 ( 696) AppleMobileDeviceService.exe
    PID: 1592 ( 696) mDNSResponder.exe
    PID: 1624 ( 696) fsessrv.exe
    PID: 764 ( 696) LSSrvc.exe
    PID: 1312 ( 696) PIFSvc.exe
    PID: 2064 ( 696) LVComSer.exe
    PID: 2104 ( 696) LVPrcSrv.exe
    PID: 2156 ( 696) NBService.exe
    PID: 2216 ( 696) AluSchedulerSvc.exe
    PID: 2244 ( 696) PnkBstrA.exe
    size: 66872
    PID: 2268 ( 696) PnkBstrB.exe
    size: 107832
    PID: 2324 ( 696) svchost.exe
    size: 21504
    PID: 2340 ( 696) svchost.exe
    size: 21504
    PID: 2372 ( 696) svchost.exe
    size: 21504
    PID: 2420 ( 696) SearchIndexer.exe
    size: 439808
    PID: 2528 ( 696) SDWinSec.exe
    MD5: 794D4B48DFB6E999537C7C3947863463
    PID: 2640 (1156) WUDFHost.exe
    size: 142336
    PID: 3736 ( 696) iPodService.exe
    PID: 2356 ( 696) svchost.exe
    size: 21504
    PID: 4168 ( 856) WmiPrvSE.exe
    PID: 3280 (4228) conime.exe
    size: 69120
    PID: 2596 ( 696) a2service.exe
    PID: 4400 (2420) SearchProtocolHost.exe
    size: 184832
    PID: 5704 (2420) SearchFilterHost.exe
    size: 87552

    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 08/07/2009 19:29:09

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    https://www.google.fr/?gws_rd=ssl
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    https://www.msn.com/fr-fr/?ocid=iehp
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\System32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    https://www.msn.com/fr-fr/
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    https://www.msn.com/fr-fr/?ocid=iehp
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

    --- Winsock Layered Service Provider list ---
    Namespace Provider 1: Fournisseur Shim d'affectation de noms de messagerie
    GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename:

    Namespace Provider 2: Fournisseur d'espace de noms du nuage PNRP
    GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 3: Fournisseur d'espace de noms du nom PNRP
    GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    --- Uninstall list ---

    --- System Services ---
    Service (registry key): .NET CLR Data
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NET CLR Networking
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NET Data Provider for Oracle
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NET Data Provider for SqlServer
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NETFramework
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): 61883
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote d'unité 61883
    Image path: system32\DRIVERS\61883.sys
    Image size: 45696
    Image MD5: 585E64BB6DFBC0A2F1F0B554DED012DF
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): a2free
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: a-squared Free Service
    Description: Scans the PC for unwanted software and provides protection from malicious code
    Object name: LocalSystem
    Image path: "C:\Program Files\a-squared Free\a2service.exe"
    Image size: 718880
    Image MD5: A86B9739EFB314FC13D81A21CC4E5102
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): ACPI
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote ACPI Microsoft
    Image path: system32\drivers\acpi.sys
    Image size: 266808
    Image MD5: FCB8C7210F0135E24C6580F7F649C73C
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): Adobe LM Service
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Adobe LM Service
    Description: AdobeLM Service
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
    Image size: 72704
    Image MD5: 8B46D5A1D3EF08232C04D0EAFB871FB2
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): adp94xx
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\adp94xx.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adpahci
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\adpahci.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adpu160m
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\adpu160m.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adpu320
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\adpu320.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adsi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): AeLookupSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
    Description: @%SystemRoot%\system32\aelupsvc.dll,-2
    Object name: localSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): AFD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Ancilliary Function Driver for Winsock
    Description: Ancilliary Function Driver for Winsock
    Image path: \SystemRoot\system32\drivers\afd.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): agp440
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Intel AGP Bus Filter
    Image path: \SystemRoot\system32\drivers\agp440.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): aic78xx
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\djsvs.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ALG
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\Alg.exe,-112
    Description: @%SystemRoot%\system32\Alg.exe,-113
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\alg.exe
    Image size: 59392
    Image MD5: A1545B731579895D8CC44FC0481C1192
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): aliide
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\aliide.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): amdagp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AMD AGP Bus Filter Driver
    Image path: \SystemRoot\system32\drivers\amdagp.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): amdide
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\amdide.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): AmdK7
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AMD K7 Processor Driver
    Image path: \SystemRoot\system32\drivers\amdk7.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): AmdK8
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote de processeur AMD K8
    Image path: system32\DRIVERS\amdk8.sys
    Image size: 44032
    Image MD5: 93AE7F7DD54AB986A6F1A1B37BE7442D
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): AntiVirSchedulerService
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Avira AntiVir Planificateur
    Description: Service de commande des tâches de contrôle et mises à jour Avira AntiVir Personal - Free Antivirus.
    Object name: LocalSystem
    Image path: "C:\Program Files\Avira\AntiVir Desktop\sched.exe"
    Image size: 108289
    Image MD5: 7C98F7A5BDE8A775B7DB9A1E808266D9
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): AntiVirService
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Avira AntiVir Guard
    Description: Offre une protection permanente contre les virus et les logiciels malveillants grâce au moteur de recherche AntiVir.
    Object name: LocalSystem
    Image path: "C:\Program Files\Avira\AntiVir Desktop\avguard.exe"
    Image size: 185089
    Image MD5: 81E58F368D62EC818F49D1C5CF3854C3
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): Appinfo
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\appinfo.dll,-100
    Description: @%systemroot%\system32\appinfo.dll,-101
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,ProfSvc

    Service (registry key): Apple Mobile Device
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Apple Mobile Device
    Description: Fournit l’interface pour les appareils mobiles Apple.
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
    Image size: 144712
    Image MD5: 7E94E567C1AA5ABE6174032B3DAB6C23
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): arc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\arc.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): arcsas
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\arcsas.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ASP.NET_1.1.4322
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): AsyncMac
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote de média asynchrone RAS
    Description: Pilote de média asynchrone RAS
    Image path: system32\DRIVERS\asyncmac.sys
    Image size: 17408
    Image MD5: 53B202ABEE6455406254444303E87BE1
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): atapi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Canal IDE
    Image path: system32\drivers\atapi.sys
    Image size: 21560
    Image MD5: 2D9C903DC76A66813D350A562DE40ED9
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): athr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Atheros Extensible Wireless LAN device driver
    Image path: system32\DRIVERS\athr.sys
    Image size: 952832
    Image MD5: ACDB46B1A467752A2F280C68C8461556
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): AudioEndpointBuilder
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\audiosrv.dll,-204
    Description: @%SystemRoot%\System32\audiosrv.dll,-205
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: PlugPlay

    Service (registry key): Audiosrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\audiosrv.dll,-200
    Description: @%SystemRoot%\System32\audiosrv.dll,-201
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: AudioEndpointBuilder,RpcSs,MMCSS

    Service (registry key): Avc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Périphérique AVC
    Image path: system32\DRIVERS\avc.sys
    Image size: 40448
    Image MD5: F4B56425A00BEB32F5FA6603FF7B0EA2
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): avgio
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: avgio
    Image path: \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1
    Depends On services: FltMgr

    Service (registry key): avgntflt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: avgntflt
    Description: Avira files mini-filter driver
    Image path: system32\DRIVERS\avgntflt.sys
    Image size: 55640
    Image MD5: 76C10D80E46CB79570479CB7CF205D39
    Control Set: CurrentControlSet
    Start: 2
    Type: 2
    Error Control: 1
    Depends On services: FltMgr

    Service (registry key): avipbb
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: avipbb
    Description: Avira's Driver for RootKit Detection
    Image path: system32\DRIVERS\avipbb.sys
    Image size: 96104
    Image MD5: AD9BD66A862116E79CB45BB6BE46055F
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): BattC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): BDFsDrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: BDFsDrv
    Image path: \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Beep
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Beep
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): BFE
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\bfe.dll,-1001
    Description: @%SystemRoot%\system32\bfe.dll,-1002
    Object name: NT AUTHORITY\LocalService
    Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): BITS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\qmgr.dll,-1000
    Description: @%SystemRoot%\system32\qmgr.dll,-1001
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,EventSystem

    Service (registry key): blbdrive
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\blbdrive.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Bonjour Service
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Service Bonjour
    Description: Bonjour permet à des applications comme iTunes et Safari d’annoncer et de découvrir des services sur le réseau local. En gardant Bonjour en exécution, vous pouvez vous connecter à des périphériques comme l’Apple TV et à des services logiciels comme le partage iTunes et AirTunes. Si vous désactivez Bonjour, tous les services réseau qui en dépendent de manière explicite ne démarreront pas.
    Object name: LocalSystem
    Image path: "C:\Program Files\Bonjour\mDNSResponder.exe"
    Image size: 238888
    Image MD5: 3F56903E124E820AEECE6D471583C6C1
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): Boonty Games
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Boonty Games
    Description: Boonty Games
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe"
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 16
    Error Control: 1

    Service (registry key): bowser
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Bowser
    Description: Implements the datagram receiver for the computer browser browser service.
    Image path: system32\DRIVERS\bowser.sys
    Image size: 69632
    Image MD5: 74B442B2BE1260B7588C136177CEAC66
    Control Set: CurrentControlSet
    Start: 3
    Type: 2
    Error Control: 1

    Service (registry key): BrFiltLo
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Brother USB Mass-Storage Lower Filter Driver
    Image path: \SystemRoot\system32\drivers\brfiltlo.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): BrFiltUp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Brother USB Mass-Storage Upper Filter Driver
    Image path: \SystemRoot\system32\drivers\brfiltup.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Browser
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\browser.dll,-100
    Description: @%systemroot%\system32\browser.dll,-101
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation,LanmanServer

    Service (registry key): Brserid
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Brother MFC Serial Port Interface Driver (WDM)
    Image path: \SystemRoot\system32\drivers\brserid.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): BrSerWdm
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Brother WDM Serial driver
    Image path: \SystemRoot\system32\drivers\brserwdm.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): BrUsbMdm
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Brother MFC USB Fax Only Modem
    Image path: \SystemRoot\system32\drivers\brusbmdm.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): BrUsbSer
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Brother MFC USB Serial WDM Driver
    Image path: \SystemRoot\system32\drivers\brusbser.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): BTHMODEM
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Bluetooth Serial Communications Driver
    Image path: \SystemRoot\system32\drivers\bthmodem.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): cdfs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: CD/DVD File System Reader
    Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
    Image path: system32\DRIVERS\cdfs.sys
    Image size: 70144
    Image MD5: 7ADD03E75BEB9E6DD102C3081D29840A
    Control Set: CurrentControlSet
    Start: 4
    Type: 2
    Error Control: 1
    Depends On group: "SCSI CDROM Class"

    Service (registry key): cdrom
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote de CD-ROM
    Image path: system32\DRIVERS\cdrom.sys
    Image size: 67072
    Image MD5: 1EC25CEA0DE6AC4718BF89F9E1778B57
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): CertPropSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\certprop.dll,-11
    Description: @%SystemRoot%\System32\certprop.dll,-12
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): circlass
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Consumer IR Devices
    Image path: \SystemRoot\system32\drivers\circlass.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): CLFS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Common Log (CLFS)
    Description: Common Log (CLFS)
    Image path: System32\CLFS.sys
    Image size: 247352
    Image MD5: 465745561C832B29F7C48B488AAB3842
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): clr_optimization_v2.0.50727_32
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
    Description: Microsoft .NET Framework NGEN
    Object name: LocalSystem
    Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    Image size: 69632
    Image MD5: D87ACAED61E417BBA546CED5E7E36D9C
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 0

    Service (registry key): cmdide
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\cmdide.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): Compbatt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Composite Battery Driver
    Image path: \SystemRoot\system32\drivers\compbatt.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): COMSysApp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @comres.dll,-947
    Description: @comres.dll,-948
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    Image size: 7168
    Image MD5: BE01E566D1F569AAB32D0335613E1EEA
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RpcSs,EventSystem,SENS

    Service (registry key): crcdisk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Crcdisk Filter Driver
    Image path: system32\drivers\crcdisk.sys
    Image size: 22632
    Image MD5: 2A213AE086BBEC5E937553C7D9A2B22C
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): Crusoe
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Transmeta Crusoe Processor Driver
    Image path: \SystemRoot\system32\drivers\crusoe.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): crypt32
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): CryptSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001
    Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
    Object name: NT Authority\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): DCLocator
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): DcomLaunch
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @oleres.dll,-5012
    Description: @oleres.dll,-5013
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): DfsC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\drivers\dfsc.sys,-101
    Description: @%systemroot%\system32\drivers\dfsc.sys,-102
    Image path: System32\Drivers\dfsc.sys
    Image size: 75264
    Image MD5: 9E635AE5E8AD93E2B5989E2E23679F97
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 1
    Depends On services: Mup

    Service (registry key): DFSR
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @dfsrres.dll,-101
    Description: @dfsrres.dll,-102
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\DFSR.exe
    Image size: 2091520
    Image MD5: FA3463F25F9CC9C3BCF1E7912FEFF099
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RpcSs,EventSystem

    Service (registry key): Dhcp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\dhcpcsvc.dll,-100
    Description: @%SystemRoot%\system32\dhcpcsvc.dll,-101
    Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: NSI,Tdx,Afd

    Service (registry key): disk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote de disque
    Image path: system32\drivers\disk.sys
    Image size: 55352
    Image MD5: 64109E623ABD6955C8FB110B592E68B7
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): Dnscache
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\dnsapi.dll,-101
    Description: @%SystemRoot%\System32\dnsapi.dll,-102
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: Tdx

    Service (registry key): dot3svc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\dot3svc.dll,-1102
    Description: @%systemroot%\system32\dot3svc.dll,-1103
    Object name: localSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,Ndisuio,Eaphost

    Service (registry key): DPS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\dps.dll,-500
    Description: @%systemroot%\system32\dps.dll,-501
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): drmkaud
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Filtre de décodeur DRM (Noyau Microsoft)
    Image path: system32\drivers\drmkaud.sys
    Image size: 5632
    Image MD5: 97FEF831AB90BEE128C9AF390E243F80
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): DXGKrnl
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: LDDM Graphics Subsystem
    Description: Controls the underlying video driver stacks to provide fully-featured display capabilities.
    Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): E1G60
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Intel(R) PRO/1000 NDIS 6 Adapter Driver
    Image path: system32\DRIVERS\E1G60I32.sys
    Image size: 117760
    Image MD5: F88FB26547FD2CE6D0A5AF2985892C48
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): EapHost
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\eapsvc.dll,-1
    Description: @%systemroot%\system32\eapsvc.dll,-2
    Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RPCSS,KeyIso

    Service (registry key): Ecache
    Registry
    0
  3. Utilisateur anonyme
     
    j'ai l'impression que antivir n'est pas à jour
    fais une mise à jour et fait lui faire un scan complet mais avant tou configure le de manière suivante :

    Configuration de Antivir :

    clic droit sur son icône dans la barre des taches et sélectionner Configurer Antivir.

    cocher la case : Mode Expert.

    => Cliquer sur Scanner dans le volet de gauche :

    > Dans "Fichiers" sélectionner Tous les fichiers.

    > Dans procédure de recherche, cocher Autoriser l'arrêt, et dans "priorité scanner" sélectionner Elevé.

    > Dans "Autres réglages" cocher toutes les cases.

    NE SURTOUT PAS OUBLIER LA RECHERCHE DES ROOTKIT QUI EST TRES IMPORTANTE !

    => Cliquer sur "Recherche" dans le volet de gauche et appliquer les mêmes paramètres que précédemment.

    => Dérouler "Recherche" en cliquant sur le +. Cliquer sur "Heuristique" :

    > Cocher "Heuristique de MacroVirus" et "Heuristique fichier Win32" avec degré d'indentification ELEVE !

    => Dans le volet de gauche, dérouler "Guard" puis dérouler "Recherche" :

    > Cocher "Heuristique de MacroVirus" et "Heuristique fichier Win32" avec degré d'identification ELEVE !

    n'oublie pas de poster son rapport
    0
  4. bleurk Messages postés 115 Statut Membre
     
    ok merci je lance le scan
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. bleurk Messages postés 115 Statut Membre
     
    Avira AntiVir Personal
    Date de création du fichier de rapport : mercredi 8 juillet 2009 20:16

    La recherche porte sur 1475195 souches de virus.

    Détenteur de la licence : Avira AntiVir Personal - FREE Antivirus
    Numéro de série : 0000149996-ADJIE-0000001
    Plateforme : Windows Vista
    Version de Windows : (Service Pack 1) [6.0.6001]
    Mode Boot : Démarré normalement
    Identifiant : SYSTEM
    Nom de l'ordinateur : PC-DE-JOHNNY

    Informations de version :
    BUILD.DAT : 9.0.0.65 17959 Bytes 22/04/2009 12:06:00
    AVSCAN.EXE : 9.0.3.6 466689 Bytes 21/04/2009 12:20:54
    AVSCAN.DLL : 9.0.3.0 49409 Bytes 03/03/2009 09:21:02
    LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:11
    LUKERES.DLL : 9.0.2.0 13569 Bytes 03/03/2009 09:21:31
    ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
    ANTIVIR1.VDF : 7.1.4.132 5707264 Bytes 24/06/2009 09:04:39
    ANTIVIR2.VDF : 7.1.4.173 306688 Bytes 02/07/2009 18:28:44
    ANTIVIR3.VDF : 7.1.4.197 430592 Bytes 07/07/2009 18:28:32
    Version du moteur : 8.2.0.204
    AEVDF.DLL : 8.1.1.1 106868 Bytes 01/05/2009 06:40:48
    AESCRIPT.DLL : 8.1.2.13 426362 Bytes 02/07/2009 18:29:24
    AESCN.DLL : 8.1.2.3 127347 Bytes 15/05/2009 17:50:23
    AERDL.DLL : 8.1.2.2 438642 Bytes 02/07/2009 18:29:17
    AEPACK.DLL : 8.1.3.18 401783 Bytes 27/05/2009 18:38:12
    AEOFFICE.DLL : 8.1.0.38 196987 Bytes 17/06/2009 18:35:46
    AEHEUR.DLL : 8.1.0.137 1823095 Bytes 27/06/2009 09:01:50
    AEHELP.DLL : 8.1.3.6 205174 Bytes 11/06/2009 17:34:17
    AEGEN.DLL : 8.1.1.48 348532 Bytes 02/07/2009 18:29:06
    AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 13:32:40
    AECORE.DLL : 8.1.6.12 180599 Bytes 27/05/2009 18:38:11
    AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 13:32:40
    AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:47:30
    AVPREF.DLL : 9.0.0.1 43777 Bytes 03/12/2008 10:39:26
    AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:28
    AVREG.DLL : 9.0.0.0 36609 Bytes 07/11/2008 14:24:42
    AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:22
    AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:36:37
    SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:49
    SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:20:57
    NETNT.DLL : 9.0.0.0 11521 Bytes 07/11/2008 14:40:59
    RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 17/02/2009 12:49:32
    RCTEXT.DLL : 9.0.37.0 88321 Bytes 15/04/2009 09:07:05

    Configuration pour la recherche actuelle :
    Nom de la tâche...............................: Contrôle intégral du système
    Fichier de configuration......................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
    Documentation.................................: bas
    Action principale.............................: interactif
    Action secondaire.............................: ignorer
    Recherche sur les secteurs d'amorçage maître..: marche
    Recherche sur les secteurs d'amorçage.........: marche
    Secteurs d'amorçage...........................: C:, D:,
    Recherche dans les programmes actifs..........: marche
    Recherche en cours sur l'enregistrement.......: marche
    Recherche de Rootkits.........................: marche
    Contrôle d'intégrité de fichiers système......: marche
    Recherche optimisée...........................: marche
    Fichier mode de recherche.....................: Tous les fichiers
    Recherche sur les archives....................: marche
    Limiter la profondeur de récursivité..........: 20
    Archive Smart Extensions......................: marche
    Heuristique de macrovirus.....................: marche
    Heuristique fichier...........................: moyen
    Catégories de dangers divergentes.............: +APPL,+GAME,+JOKE,+PCK,+SPR,

    Début de la recherche : mercredi 8 juillet 2009 20:16

    Début du contrôle des fichiers système :
    Signé -> 'C:\Windows\system32\svchost.exe'
    Signé -> 'C:\Windows\system32\winlogon.exe'
    Signé -> 'C:\Windows\explorer.exe'
    Signé -> 'C:\Windows\system32\smss.exe'
    Signé -> 'C:\Windows\system32\wininet.DLL'
    Signé -> 'C:\Windows\system32\wsock32.DLL'
    Signé -> 'C:\Windows\system32\ws2_32.DLL'
    Signé -> 'C:\Windows\system32\services.exe'
    Signé -> 'C:\Windows\system32\lsass.exe'
    Signé -> 'C:\Windows\system32\csrss.exe'
    Signé -> 'C:\Windows\system32\drivers\kbdclass.sys'
    Signé -> 'C:\Windows\system32\spoolsv.exe'
    Signé -> 'C:\Windows\system32\alg.exe'
    Signé -> 'C:\Windows\system32\wuauclt.exe'
    Signé -> 'C:\Windows\system32\advapi32.DLL'
    Signé -> 'C:\Windows\system32\user32.DLL'
    Signé -> 'C:\Windows\system32\gdi32.DLL'
    Signé -> 'C:\Windows\system32\kernel32.DLL'
    Signé -> 'C:\Windows\system32\ntdll.DLL'
    Signé -> 'C:\Windows\system32\ntoskrnl.exe'
    Signé -> 'C:\Windows\system32\ctfmon.exe'
    Les fichiers système ont été contrôlés ('21' fichiers)

    La recherche d'objets cachés commence.
    HKEY_LOCAL_MACHINE\System\ControlSet003\Services\msqpdxserv.sys\modules
    [INFO] L'entrée d'enregistrement n'est pas visible.
    HKEY_LOCAL_MACHINE\System\ControlSet003\Services\msqpdxserv.sys\start
    [INFO] L'entrée d'enregistrement n'est pas visible.
    HKEY_LOCAL_MACHINE\System\ControlSet003\Services\msqpdxserv.sys\type
    [INFO] L'entrée d'enregistrement n'est pas visible.
    HKEY_LOCAL_MACHINE\System\ControlSet003\Services\msqpdxserv.sys\imagepath
    [INFO] L'entrée d'enregistrement n'est pas visible.
    HKEY_LOCAL_MACHINE\System\ControlSet003\Services\msqpdxserv.sys\group
    [INFO] L'entrée d'enregistrement n'est pas visible.
    '101092' objets ont été contrôlés, '5' objets cachés ont été trouvés.

    La recherche sur les processus démarrés commence :
    Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'firefox.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'notepad.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'mobsync.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wlcomm.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'msnmsgr.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'a2service.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'conime.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'uTorrent.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'WmiPrvSE.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'unsecapp.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'sidebar.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'iPodService.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ehmsas.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'PDFCreator.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'TeaTimer.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'GoogleToolbarNotifier.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'msgrsrch.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'ehtray.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'sidebar.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'fsesgui.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'iTunesHelper.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'GrooveMonitor.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'WUDFHost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'SDWinSec.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'SearchIndexer.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'PnkBstrB.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'PnkBstrA.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'AluSchedulerSvc.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'NBService.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'LVComSer.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'LVPrcSrv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'LVComSer.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'PIFSvc.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'LSSrvc.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'fsessrv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'mDNSResponder.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'AppleMobileDeviceService.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'taskeng.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'dwm.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'SLsvc.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'audiodg.exe' - '0' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'lsm.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'services.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'wininit.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés
    Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés
    '71' processus ont été contrôlés avec '71' modules

    La recherche sur les secteurs d'amorçage maître commence :
    Secteur d'amorçage maître HD0
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage maître HD1
    [INFO] Aucun virus trouvé !
    [INFO] Veuillez relancer la recherche avec les droits d'administrateur

    La recherche sur les secteurs d'amorçage commence :
    Secteur d'amorçage 'C:\'
    [INFO] Aucun virus trouvé !
    Secteur d'amorçage 'D:\'
    [INFO] Aucun virus trouvé !

    La recherche sur les renvois aux fichiers exécutables (registre) commence :
    Le registre a été contrôlé ( '43' fichiers).

    La recherche sur les fichiers sélectionnés commence :

    Recherche débutant dans 'C:\' <HP>
    C:\hiberfil.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    [REMARQUE] Ce fichier est un fichier système Windows.
    [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
    C:\pagefile.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    [REMARQUE] Ce fichier est un fichier système Windows.
    [REMARQUE] Il est correct que ce fichier ne puisse pas être ouvert pour la recherche.
    C:\Windows\System32\drivers\sptd.sys
    [AVERTISSEMENT] Impossible d'ouvrir le fichier !
    Recherche débutant dans 'D:\' <Recovery>

    Fin de la recherche : mercredi 8 juillet 2009 21:25
    Temps nécessaire: 1:08:48 Heure(s)

    La recherche a été effectuée intégralement

    25168 Les répertoires ont été contrôlés
    498441 Des fichiers ont été contrôlés
    0 Des virus ou programmes indésirables ont été trouvés
    0 Des fichiers ont été classés comme suspects
    0 Des fichiers ont été supprimés
    0 Des virus ou programmes indésirables ont été réparés
    0 Les fichiers ont été déplacés dans la quarantaine
    0 Les fichiers ont été renommés
    3 Impossible de contrôler des fichiers
    498438 Fichiers non infectés
    4595 Les archives ont été contrôlées
    3 Avertissements
    2 Consignes
    101092 Des objets ont été contrôlés lors du Rootkitscan
    5 Des objets cachés ont été trouvés
    0
  7. Utilisateur anonyme
     
    Télécharge Ccleaner sur ton Bureau, il y a 5 objets cachés dans ton registre :

    https://forums.cnetfrance.fr/tutoriels-logiciels-et-applis/7669-ccleaner-telecharger-et-utiliser

    * Clique sur "download the latest version"
    * Installe-le en laissant seulement les options suivantes cochées :

    - Ajouter un raccourci sur le Bureau
    - Contrôler automatiquement les mises à jour de CCleaner

    * Lance le Nettoyage
    * Clique sur Chercher des erreurs et sauvegarde si tu le souhaites.

    tuto Comment utiliser CCleaner.

    http://www.infos-du-net.com/forum/272336-7-aide-ccleaner
    0
  8. bleurk Messages postés 115 Statut Membre
     
    bonjour, après lancement de Ccleaner, j'ai relancer Spybots, toujours le même problème! voici le rapport

    --- Search result list ---
    Win32.TDSS.reg: [SBI $2867D4A5] Réglages (Modification du registre, fixing failed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules\msqpdxserv

    Win32.TDSS.reg: [SBI $EDA68CC2] Réglages (Modification du registre, fixing failed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules\msqpdxserv

    Win32.TDSS.reg: [SBI $667311C3] Réglages (Modification du registre, fixing failed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules\msqpdxl

    Win32.TDSS.reg: [SBI $99E026E5] Réglages (Modification du registre, fixing failed)
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msqpdxserv.sys\modules\msqpdxl

    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2008-01-28 SDDelFile.exe (1.0.2.4)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-03-30 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-01-26 advcheck.dll (1.6.2.15)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2008-10-22 Tools.dll (2.1.6.8)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2009-05-19 Includes\Adware.sbi (*)
    2009-06-02 Includes\AdwareC.sbi (*)
    2009-01-22 Includes\Cookies.sbi (*)
    2009-05-19 Includes\Dialer.sbi (*)
    2009-06-02 Includes\DialerC.sbi (*)
    2009-01-22 Includes\HeavyDuty.sbi (*)
    2009-05-26 Includes\Hijackers.sbi (*)
    2009-06-23 Includes\HijackersC.sbi (*)
    2009-06-23 Includes\Keyloggers.sbi (*)
    2009-06-30 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2009-06-30 Includes\Malware.sbi (*)
    2009-06-30 Includes\MalwareC.sbi (*)
    2009-03-25 Includes\PUPS.sbi (*)
    2009-06-30 Includes\PUPSC.sbi (*)
    2009-01-22 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2009-06-02 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2009-04-07 Includes\Spyware.sbi (*)
    2009-06-02 Includes\SpywareC.sbi (*)
    2009-06-08 Includes\Tracks.uti
    2009-06-17 Includes\Trojans.sbi (*)
    2009-06-30 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2008-12-24 Plugins\TCPIPAddress.dll

    --- System information ---
    Windows Vista (Build: 6001) Service Pack 1 (6.0.6001)

    --- Startup entries list ---
    Located: HK_LM:Run, Adobe Reader Speed Launcher
    command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    size: 39792
    MD5: 392845E8D49B5F0E81AAC4D795000A8C

    Located: HK_LM:Run, avgnt
    command: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    file: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    size: 209153
    MD5: 29680A793F690EEF4AAA68479D2A6DF8

    Located: HK_LM:Run, F-Secure ExploitShield
    command: "C:\Program Files\F-Secure\ExploitShield\fsesgui.exe"
    file: C:\Program Files\F-Secure\ExploitShield\fsesgui.exe
    size: 629376
    MD5: C3195D1010CE4EE40219566DC2135268

    Located: HK_LM:Run, GrooveMonitor
    command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    size: 31072
    MD5: 644795F6985C740F5E36E9336B837D0B

    Located: HK_LM:Run, iTunesHelper
    command: "C:\Program Files\iTunes\iTunesHelper.exe"
    file: C:\Program Files\iTunes\iTunesHelper.exe
    size: 292136
    MD5: 9D4F3923F8D3A13F2FEADB66C62FE5D0

    Located: HK_LM:Run, QuickTime Task
    command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    file: C:\Program Files\QuickTime\QTTask.exe
    size: 413696
    MD5: FABAD2BFD44661D8CC627E5485BFAFAF

    Located: HK_LM:RunOnce, Launcher
    command: %WINDIR%\SMINST\launcher.exe
    file: C:\Windows\SMINST\launcher.exe
    size: 44168
    MD5: 31539595F006DAE39F719735F30C3570

    Located: HK_CU:Run, ehTray.exe
    where: S-1-5-21-3603102019-2234686749-2930555637-1000...
    command: C:\Windows\ehome\ehTray.exe
    file: C:\Windows\ehome\ehTray.exe
    size: 125952
    MD5: BF08674925F151BD4537B89A493E3E0C

    Located: HK_CU:Run, ISUSPM Startup
    where: S-1-5-21-3603102019-2234686749-2930555637-1000...
    command: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    file: C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    size: 249856
    MD5: 1C46FC1AB600766B8554580204806E84

    Located: HK_CU:Run, LDM
    where: S-1-5-21-3603102019-2234686749-2930555637-1000...
    command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    size: 36864
    MD5: 75A8679F5D996D286FC8649E74394B79

    Located: HK_CU:Run, msnlivesearch
    where: S-1-5-21-3603102019-2234686749-2930555637-1000...
    command: C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
    file: C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
    size: 49152
    MD5: BEB9FB770075D484ACFB2645EB788527

    Located: HK_CU:Run, Sidebar
    where: S-1-5-21-3603102019-2234686749-2930555637-1000...
    command: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    file: C:\Program Files\Windows Sidebar\sidebar.exe
    size: 1233920
    MD5: FD278E51A7D6F52D22FCE6C67E037AD6

    Located: HK_CU:Run, SpybotSD TeaTimer
    where: S-1-5-21-3603102019-2234686749-2930555637-1000...
    command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 2260480
    MD5: 390679F7A217A5E73D756276C40AE887

    Located: HK_CU:Run, swg
    where: S-1-5-21-3603102019-2234686749-2930555637-1000...
    command: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    file: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 39408
    MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD

    Located: Démarrage (tous utilisateurs), Logitech Desktop Messenger.lnk
    where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    size: 196608
    MD5: 6F2E5108667BF1149D884E3CBEB9CDD1

    Located: Démarrage (tous utilisateurs), PDFCreator.lnk
    where: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\PDFCreator\PDFCreator.exe
    file: C:\Program Files\PDFCreator\PDFCreator.exe
    size: 2641920
    MD5: 4DB47E14FF62720ADA91BE1E40226ACF

    Located: Démarrage (utilisateur), Adobe Gamma.lnk
    where: C:\Users\johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup...
    command: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    file: C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    size: 113664
    MD5: C2FF17734176CD15221C10044EF0BA1A

    --- Browser helper object list ---
    {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} (Download Manager Browser Helper Object)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Download Manager Browser Helper Object
    Path: C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\
    Long name: XEBDLHelper.dll
    Short name: XEBDLH~1.DLL
    Date (created): 21/05/2007 11:34:48
    Date (last access): 15/10/2007 13:54:34
    Date (last write): 21/05/2007 11:34:48
    Filesize: 525792
    Attributes: archive
    MD5: FD850334FE0EAC8B286235996E533B10
    CRC32: E6717AAB
    Version: 1.0.0.14

    {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} (SWEETIE)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: SWEETIE
    CLSID name:

    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (WormRadar.com IESiteBlocker.NavFilter)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: WormRadar.com IESiteBlocker.NavFilter
    CLSID name:

    {5C255C8A-E604-49b4-9D64-90988571CECB} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:

    {64F56FC1-1272-44CD-BA6E-39723696E350} (EoRezoBHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: EoRezoBHO
    CLSID name:

    {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Groove GFS Browser Helper
    Path: C:\Program Files\Microsoft Office\Office12\
    Long name: GrooveShellExtensions.dll
    Short name: GRA8E1~1.DLL
    Date (created): 12/02/2009 15:19:32
    Date (last access): 01/05/2009 10:21:28
    Date (last write): 12/02/2009 15:19:32
    Filesize: 2217848
    Attributes: archive
    MD5: A6B5A41C0ED007AB6C43CAD899E533D8
    CRC32: BA078F79
    Version: 12.0.6421.1000

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Programme d'aide de l'Assistant de connexion Windows Live)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Programme d'aide de l'Assistant de connexion Windows Live
    Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 22/01/2009 16:41:30
    Date (last access): 18/02/2009 16:20:22
    Date (last write): 22/01/2009 16:41:30
    Filesize: 408448
    Attributes: archive
    MD5: B7899C3E21B299D7A3C0DA96CAE340BD
    CRC32: 288935F8
    Version: 5.0.818.5

    {AA58ED58-01DD-4d91-8333-CF10577473F7} (Google Toolbar Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Google Toolbar Helper
    description: Google toolbar
    classification: Open for discussion
    known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
    info link: http://www.google.com/intl/fr/toolbar/ie/index.html
    info source: TonyKlein
    Path: C:\Program Files\Google\Google Toolbar\
    Long name: GoogleToolbar.dll
    Short name: GOOGLE~1.DLL
    Date (created): 14/01/2009 14:31:22
    Date (last access): 14/01/2009 14:31:22
    Date (last write): 14/01/2009 14:30:30
    Filesize: 251504
    Attributes: archive
    MD5: 105EBC389FEB20A5A6DE47316001B7F1
    CRC32: 3760EC78

    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Google Toolbar Notifier BHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Google Toolbar Notifier BHO
    Path: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\
    Long name: swg.dll
    Short name:
    Date (created): 08/07/2009 20:53:46
    Date (last access): 08/07/2009 20:53:46
    Date (last write): 08/07/2009 20:53:46
    Filesize: 669168
    Attributes: archive
    MD5: 7C987CAB519BC858FD4DBB6B40EE4BD2
    CRC32: 2CC83660
    Version: 5.1.1309.15642

    {C7B76B90-3455-4AE6-A752-EAC4D19689E5} (EoBHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: EoBHO
    CLSID name:

    {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} (Google Dictionary Compression sdch)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: Google Dictionary Compression sdch
    CLSID name: Google Dictionary Compression sdch
    Path: C:\Program Files\Google\Google Toolbar\Component\
    Long name: fastsearch_219B3E1547538286.dll
    Short name: FASTSE~1.DLL
    Date (created): 14/01/2009 14:30:26
    Date (last access): 14/01/2009 14:30:26
    Date (last write): 14/01/2009 14:30:26
    Filesize: 522224
    Attributes: archive
    MD5: E27153F524C86807079F62550094B073
    CRC32: E181FF40
    Version: 1.0.610.10250

    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files\Java\jre6\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 26/11/2008 14:02:44
    Date (last access): 10/11/2008 04:39:26
    Date (last write): 10/11/2008 06:43:16
    Filesize: 34816
    Attributes: archive
    MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
    CRC32: D7C13FB2
    Version: 6.0.110.3

    {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} ()
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name:

    --- ActiveX list ---
    {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
    DPF name:
    CLSID name: MSN Photo Upload Tool
    Installer: C:\Windows\Downloaded Program Files\MSNPUpld.inf
    Codebase: http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
    description:
    classification: Legitimate
    known filename: MsnPUpld.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Windows\Downloaded Program Files\
    Long name: MsnPUpld.dll
    Short name:
    Date (created): 20/11/2006 11:04:16
    Date (last access): 20/11/2006 11:04:16
    Date (last write): 20/11/2006 11:04:16
    Filesize: 543544
    Attributes: archive
    MD5: A0F541D9D2CACEEC7A4A378CD0C31626
    CRC32: 035C591F
    Version: 10.0.914.0

    {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} ()
    DPF name:
    CLSID name:
    Installer: C:\Windows\Downloaded Program Files\erma.inf
    Codebase: http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    description:
    classification: Open for discussion
    known filename:
    info link:
    info source: Safer Networking Ltd.

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_11
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files\Java\jre6\bin\
    Long name: npjpi160_11.dll
    Short name: NPJPI1~1.DLL
    Date (created): 10/11/2008 04:39:26
    Date (last access): 10/11/2072 04:39:26
    Date (last write): 10/11/2008 06:43:32
    Filesize: 132504
    Attributes: archive
    MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
    CRC32: CECB5751
    Version: 6.0.110.3

    --- Process list ---
    PID: 1816 (1176) C:\Windows\system32\Dwm.exe
    size: 81920
    MD5: 59903071D7ACE6A02093C47E9E38AF97
    PID: 1840 (1800) C:\Windows\Explorer.EXE
    size: 2927104
    MD5: 4F554999D7D5F05DAAEBBA7B5BA1089D
    PID: 1980 (1208) C:\Windows\system32\taskeng.exe
    size: 169472
    MD5: 5F109032CE46B7184ED9E50F9FE8489E
    PID: 2160 (2084) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    size: 186904
    MD5: 38440FE1A65B1FE3D246C5C4CAD22F53
    PID: 3348 (1840) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    size: 209153
    MD5: 29680A793F690EEF4AAA68479D2A6DF8
    PID: 3456 (1840) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    size: 31072
    MD5: 644795F6985C740F5E36E9336B837D0B
    PID: 3532 (1840) C:\Program Files\iTunes\iTunesHelper.exe
    size: 292136
    MD5: 9D4F3923F8D3A13F2FEADB66C62FE5D0
    PID: 3560 (1840) C:\Program Files\F-Secure\ExploitShield\fsesgui.exe
    size: 629376
    MD5: C3195D1010CE4EE40219566DC2135268
    PID: 3592 (1840) C:\Program Files\Windows Sidebar\sidebar.exe
    size: 1233920
    MD5: FD278E51A7D6F52D22FCE6C67E037AD6
    PID: 3604 (1840) C:\Windows\ehome\ehtray.exe
    size: 125952
    MD5: BF08674925F151BD4537B89A493E3E0C
    PID: 3652 (1840) C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
    size: 49152
    MD5: BEB9FB770075D484ACFB2645EB788527
    PID: 3764 (1840) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    size: 39408
    MD5: 5D61BE7DB55B026A5D61A3EED09D0EAD
    PID: 3780 ( 856) C:\Windows\ehome\ehmsas.exe
    size: 37376
    MD5: 0F4195B9B348DE5CF9B822F81704B20E
    PID: 3808 (1840) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    size: 2260480
    MD5: 390679F7A217A5E73D756276C40AE887
    PID: 3868 (1840) C:\Program Files\PDFCreator\PDFCreator.exe
    size: 2641920
    MD5: 4DB47E14FF62720ADA91BE1E40226ACF
    PID: 2404 ( 856) C:\Windows\System32\mobsync.exe
    size: 95744
    MD5: 9B89B3BB79EA1ACF041F40A7B6FC5827
    PID: 1108 (3592) C:\Program Files\Windows Sidebar\sidebar.exe
    size: 1233920
    MD5: FD278E51A7D6F52D22FCE6C67E037AD6
    PID: 2276 ( 856) C:\Windows\system32\wbem\unsecapp.exe
    size: 37888
    MD5: 25873356E52849C3F5B3F1B02317E8C8
    PID: 5652 (1840) C:\Program Files\Mozilla Firefox\firefox.exe
    size: 307704
    MD5: 26C3F01DF1B1AA6CFEC22D75F1E072F9
    PID: 5500 (1840) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 2260 ( 856) C:\Windows\system32\DllHost.exe
    size: 7168
    MD5: BE01E566D1F569AAB32D0335613E1EEA
    PID: 6044 ( 856) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
    size: 14456
    MD5: B7A2FBBEB343CC841BB2A0E846455769
    PID: 0 ( 0) [System Process]
    PID: 4 ( 0) System
    PID: 520 ( 4) smss.exe
    size: 64000
    PID: 596 ( 584) csrss.exe
    size: 6144
    PID: 648 ( 584) wininit.exe
    size: 96768
    PID: 660 ( 640) csrss.exe
    size: 6144
    PID: 696 ( 648) services.exe
    size: 279040
    PID: 712 ( 648) lsass.exe
    size: 9728
    PID: 720 ( 648) lsm.exe
    size: 229888
    PID: 856 ( 696) svchost.exe
    size: 21504
    PID: 892 ( 640) winlogon.exe
    size: 314880
    PID: 980 ( 696) svchost.exe
    size: 21504
    PID: 1020 ( 696) svchost.exe
    size: 21504
    PID: 1112 ( 696) svchost.exe
    size: 21504
    PID: 1176 ( 696) svchost.exe
    size: 21504
    PID: 1208 ( 696) svchost.exe
    size: 21504
    PID: 1272 (1112) audiodg.exe
    size: 88064
    PID: 1296 ( 696) svchost.exe
    size: 21504
    PID: 1320 ( 696) SLsvc.exe
    size: 2623488
    PID: 1364 ( 696) svchost.exe
    size: 21504
    PID: 1484 ( 696) svchost.exe
    size: 21504
    PID: 1948 ( 696) spoolsv.exe
    size: 125952
    PID: 1972 ( 696) sched.exe
    PID: 1992 ( 696) svchost.exe
    size: 21504
    PID: 532 (1208) taskeng.exe
    size: 169472
    PID: 2000 ( 696) a2service.exe
    PID: 12 ( 696) avguard.exe
    PID: 1756 ( 696) AppleMobileDeviceService.exe
    PID: 1748 ( 696) mDNSResponder.exe
    PID: 1344 ( 696) fsessrv.exe
    PID: 752 ( 696) LSSrvc.exe
    PID: 1292 ( 696) PIFSvc.exe
    PID: 2084 ( 696) LVComSer.exe
    PID: 2116 ( 696) LVPrcSrv.exe
    PID: 2140 ( 696) NBService.exe
    PID: 2204 ( 696) AluSchedulerSvc.exe
    PID: 2296 ( 696) PnkBstrA.exe
    size: 66872
    PID: 2308 ( 696) PnkBstrB.exe
    size: 107832
    PID: 2324 ( 696) svchost.exe
    size: 21504
    PID: 2340 ( 696) svchost.exe
    size: 21504
    PID: 2392 ( 696) svchost.exe
    size: 21504
    PID: 2424 ( 696) SearchIndexer.exe
    size: 439808
    PID: 2524 ( 696) SDWinSec.exe
    PID: 2640 (1176) WUDFHost.exe
    size: 142336
    PID: 3304 ( 696) svchost.exe
    size: 21504
    PID: 3100 ( 696) iPodService.exe
    PID: 2692 ( 856) WmiPrvSE.exe
    PID: 4336 ( 208) conime.exe
    size: 69120
    PID: 4172 (1208) taskeng.exe
    size: 169472
    PID: 6136 ( 696) VSSVC.exe
    size: 1054720
    PID: 1532 ( 696) svchost.exe
    size: 21504
    PID: 1724 (2424) SearchProtocolHost.exe
    size: 184832
    PID: 2728 (2424) SearchFilterHost.exe
    size: 87552

    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 09/07/2009 14:57:14

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    https://www.google.fr/?gws_rd=ssl
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    https://www.msn.com/fr-fr/?ocid=iehp
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\System32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    https://www.msn.com/fr-fr/
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    https://www.msn.com/fr-fr/?ocid=iehp
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

    --- Winsock Layered Service Provider list ---
    Namespace Provider 1: Fournisseur Shim d'affectation de noms de messagerie
    GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename:

    Namespace Provider 2: Fournisseur d'espace de noms du nuage PNRP
    GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 3: Fournisseur d'espace de noms du nom PNRP
    GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    --- Uninstall list ---

    --- System Services ---
    Service (registry key): .NET CLR Data
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NET CLR Networking
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NET Data Provider for Oracle
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NET Data Provider for SqlServer
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): .NETFramework
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): 61883
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote d'unité 61883
    Image path: system32\DRIVERS\61883.sys
    Image size: 45696
    Image MD5: 585E64BB6DFBC0A2F1F0B554DED012DF
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): a2free
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: a-squared Free Service
    Description: Scans the PC for unwanted software and provides protection from malicious code
    Object name: LocalSystem
    Image path: "C:\Program Files\a-squared Free\a2service.exe"
    Image size: 718880
    Image MD5: A86B9739EFB314FC13D81A21CC4E5102
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): ACPI
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote ACPI Microsoft
    Image path: system32\drivers\acpi.sys
    Image size: 266808
    Image MD5: FCB8C7210F0135E24C6580F7F649C73C
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): Adobe LM Service
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Adobe LM Service
    Description: AdobeLM Service
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
    Image size: 72704
    Image MD5: 8B46D5A1D3EF08232C04D0EAFB871FB2
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): adp94xx
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\adp94xx.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adpahci
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\adpahci.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adpu160m
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\adpu160m.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adpu320
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\adpu320.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): adsi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): AeLookupSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
    Description: @%SystemRoot%\system32\aelupsvc.dll,-2
    Object name: localSystem
    Image path: %systemroot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): AFD
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Ancilliary Function Driver for Winsock
    Description: Ancilliary Function Driver for Winsock
    Image path: \SystemRoot\system32\drivers\afd.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): agp440
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Intel AGP Bus Filter
    Image path: \SystemRoot\system32\drivers\agp440.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): aic78xx
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\djsvs.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ALG
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\Alg.exe,-112
    Description: @%SystemRoot%\system32\Alg.exe,-113
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\alg.exe
    Image size: 59392
    Image MD5: A1545B731579895D8CC44FC0481C1192
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1

    Service (registry key): aliide
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\aliide.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): amdagp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AMD AGP Bus Filter Driver
    Image path: \SystemRoot\system32\drivers\amdagp.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): amdide
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\amdide.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): AmdK7
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: AMD K7 Processor Driver
    Image path: \SystemRoot\system32\drivers\amdk7.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): AmdK8
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote de processeur AMD K8
    Image path: system32\DRIVERS\amdk8.sys
    Image size: 44032
    Image MD5: 93AE7F7DD54AB986A6F1A1B37BE7442D
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): AntiVirSchedulerService
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Avira AntiVir Planificateur
    Description: Service de commande des tâches de contrôle et mises à jour Avira AntiVir Personal - Free Antivirus.
    Object name: LocalSystem
    Image path: "C:\Program Files\Avira\AntiVir Desktop\sched.exe"
    Image size: 108289
    Image MD5: 7C98F7A5BDE8A775B7DB9A1E808266D9
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): AntiVirService
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Avira AntiVir Guard
    Description: Offre une protection permanente contre les virus et les logiciels malveillants grâce au moteur de recherche AntiVir.
    Object name: LocalSystem
    Image path: "C:\Program Files\Avira\AntiVir Desktop\avguard.exe"
    Image size: 185089
    Image MD5: 81E58F368D62EC818F49D1C5CF3854C3
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1

    Service (registry key): Appinfo
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\appinfo.dll,-100
    Description: @%systemroot%\system32\appinfo.dll,-101
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,ProfSvc

    Service (registry key): Apple Mobile Device
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Apple Mobile Device
    Description: Fournit l’interface pour les appareils mobiles Apple.
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
    Image size: 144712
    Image MD5: 7E94E567C1AA5ABE6174032B3DAB6C23
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): arc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\arc.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): arcsas
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\arcsas.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): ASP.NET_1.1.4322
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): AsyncMac
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote de média asynchrone RAS
    Description: Pilote de média asynchrone RAS
    Image path: system32\DRIVERS\asyncmac.sys
    Image size: 17408
    Image MD5: 53B202ABEE6455406254444303E87BE1
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): atapi
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Canal IDE
    Image path: system32\drivers\atapi.sys
    Image size: 21560
    Image MD5: 2D9C903DC76A66813D350A562DE40ED9
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): athr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Atheros Extensible Wireless LAN device driver
    Image path: system32\DRIVERS\athr.sys
    Image size: 952832
    Image MD5: ACDB46B1A467752A2F280C68C8461556
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): AudioEndpointBuilder
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\audiosrv.dll,-204
    Description: @%SystemRoot%\System32\audiosrv.dll,-205
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: PlugPlay

    Service (registry key): Audiosrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\audiosrv.dll,-200
    Description: @%SystemRoot%\System32\audiosrv.dll,-201
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: AudioEndpointBuilder,RpcSs,MMCSS

    Service (registry key): Avc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Périphérique AVC
    Image path: system32\DRIVERS\avc.sys
    Image size: 40448
    Image MD5: F4B56425A00BEB32F5FA6603FF7B0EA2
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): avgio
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: avgio
    Image path: \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1
    Depends On services: FltMgr

    Service (registry key): avgntflt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: avgntflt
    Description: Avira files mini-filter driver
    Image path: system32\DRIVERS\avgntflt.sys
    Image size: 55640
    Image MD5: 76C10D80E46CB79570479CB7CF205D39
    Control Set: CurrentControlSet
    Start: 2
    Type: 2
    Error Control: 1
    Depends On services: FltMgr

    Service (registry key): avipbb
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: avipbb
    Description: Avira's Driver for RootKit Detection
    Image path: system32\DRIVERS\avipbb.sys
    Image size: 96104
    Image MD5: AD9BD66A862116E79CB45BB6BE46055F
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): BattC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): BDFsDrv
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: BDFsDrv
    Image path: \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Beep
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Beep
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): BFE
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\bfe.dll,-1001
    Description: @%SystemRoot%\system32\bfe.dll,-1002
    Object name: NT AUTHORITY\LocalService
    Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): BITS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\qmgr.dll,-1000
    Description: @%SystemRoot%\system32\qmgr.dll,-1001
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,EventSystem

    Service (registry key): blbdrive
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\blbdrive.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): Bonjour Service
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Service Bonjour
    Description: Bonjour permet à des applications comme iTunes et Safari d’annoncer et de découvrir des services sur le réseau local. En gardant Bonjour en exécution, vous pouvez vous connecter à des périphériques comme l’Apple TV et à des services logiciels comme le partage iTunes et AirTunes. Si vous désactivez Bonjour, tous les services réseau qui en dépendent de manière explicite ne démarreront pas.
    Object name: LocalSystem
    Image path: "C:\Program Files\Bonjour\mDNSResponder.exe"
    Image size: 238888
    Image MD5: 3F56903E124E820AEECE6D471583C6C1
    Control Set: CurrentControlSet
    Start: 2
    Type: 16
    Error Control: 1
    Depends On services: Tcpip

    Service (registry key): Boonty Games
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Boonty Games
    Description: Boonty Games
    Object name: LocalSystem
    Image path: "C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe"
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 16
    Error Control: 1

    Service (registry key): bowser
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Bowser
    Description: Implements the datagram receiver for the computer browser browser service.
    Image path: system32\DRIVERS\bowser.sys
    Image size: 69632
    Image MD5: 74B442B2BE1260B7588C136177CEAC66
    Control Set: CurrentControlSet
    Start: 3
    Type: 2
    Error Control: 1

    Service (registry key): BrFiltLo
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Brother USB Mass-Storage Lower Filter Driver
    Image path: \SystemRoot\system32\drivers\brfiltlo.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): BrFiltUp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Brother USB Mass-Storage Upper Filter Driver
    Image path: \SystemRoot\system32\drivers\brfiltup.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): Browser
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\browser.dll,-100
    Description: @%systemroot%\system32\browser.dll,-101
    Object name: LocalSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: LanmanWorkstation,LanmanServer

    Service (registry key): Brserid
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Brother MFC Serial Port Interface Driver (WDM)
    Image path: \SystemRoot\system32\drivers\brserid.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): BrSerWdm
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Brother WDM Serial driver
    Image path: \SystemRoot\system32\drivers\brserwdm.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): BrUsbMdm
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Brother MFC USB Fax Only Modem
    Image path: \SystemRoot\system32\drivers\brusbmdm.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): BrUsbSer
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Brother MFC USB Serial WDM Driver
    Image path: \SystemRoot\system32\drivers\brusbser.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): BTHMODEM
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Bluetooth Serial Communications Driver
    Image path: \SystemRoot\system32\drivers\bthmodem.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): cdfs
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: CD/DVD File System Reader
    Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
    Image path: system32\DRIVERS\cdfs.sys
    Image size: 70144
    Image MD5: 7ADD03E75BEB9E6DD102C3081D29840A
    Control Set: CurrentControlSet
    Start: 4
    Type: 2
    Error Control: 1
    Depends On group: "SCSI CDROM Class"

    Service (registry key): cdrom
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote de CD-ROM
    Image path: system32\DRIVERS\cdrom.sys
    Image size: 67072
    Image MD5: 1EC25CEA0DE6AC4718BF89F9E1778B57
    Control Set: CurrentControlSet
    Start: 1
    Type: 1
    Error Control: 1

    Service (registry key): CertPropSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\certprop.dll,-11
    Description: @%SystemRoot%\System32\certprop.dll,-12
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): circlass
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Consumer IR Devices
    Image path: \SystemRoot\system32\drivers\circlass.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): CLFS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Common Log (CLFS)
    Description: Common Log (CLFS)
    Image path: System32\CLFS.sys
    Image size: 247352
    Image MD5: 465745561C832B29F7C48B488AAB3842
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): clr_optimization_v2.0.50727_32
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
    Description: Microsoft .NET Framework NGEN
    Object name: LocalSystem
    Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    Image size: 69632
    Image MD5: D87ACAED61E417BBA546CED5E7E36D9C
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 0

    Service (registry key): cmdide
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Image path: \SystemRoot\system32\drivers\cmdide.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): Compbatt
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Microsoft Composite Battery Driver
    Image path: \SystemRoot\system32\drivers\compbatt.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 3

    Service (registry key): COMSysApp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @comres.dll,-947
    Description: @comres.dll,-948
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
    Image size: 7168
    Image MD5: BE01E566D1F569AAB32D0335613E1EEA
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RpcSs,EventSystem,SENS

    Service (registry key): crcdisk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Crcdisk Filter Driver
    Image path: system32\drivers\crcdisk.sys
    Image size: 22632
    Image MD5: 2A213AE086BBEC5E937553C7D9A2B22C
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): Crusoe
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Transmeta Crusoe Processor Driver
    Image path: \SystemRoot\system32\drivers\crusoe.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 4
    Type: 1
    Error Control: 1

    Service (registry key): crypt32
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): CryptSvc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001
    Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
    Object name: NT Authority\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: RpcSs

    Service (registry key): DCLocator
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Control Set: CurrentControlSet
    Start: 0
    Type: 0
    Error Control: 0

    Service (registry key): DcomLaunch
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @oleres.dll,-5012
    Description: @oleres.dll,-5013
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): DfsC
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\drivers\dfsc.sys,-101
    Description: @%systemroot%\system32\drivers\dfsc.sys,-102
    Image path: System32\Drivers\dfsc.sys
    Image size: 75264
    Image MD5: 9E635AE5E8AD93E2B5989E2E23679F97
    Control Set: CurrentControlSet
    Start: 1
    Type: 2
    Error Control: 1
    Depends On services: Mup

    Service (registry key): DFSR
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @dfsrres.dll,-101
    Description: @dfsrres.dll,-102
    Object name: LocalSystem
    Image path: %SystemRoot%\system32\DFSR.exe
    Image size: 2091520
    Image MD5: FA3463F25F9CC9C3BCF1E7912FEFF099
    Control Set: CurrentControlSet
    Start: 3
    Type: 16
    Error Control: 1
    Depends On services: RpcSs,EventSystem

    Service (registry key): Dhcp
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\system32\dhcpcsvc.dll,-100
    Description: @%SystemRoot%\system32\dhcpcsvc.dll,-101
    Object name: NT Authority\LocalService
    Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: NSI,Tdx,Afd

    Service (registry key): disk
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Pilote de disque
    Image path: system32\drivers\disk.sys
    Image size: 55352
    Image MD5: 64109E623ABD6955C8FB110B592E68B7
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 1

    Service (registry key): Dnscache
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\System32\dnsapi.dll,-101
    Description: @%SystemRoot%\System32\dnsapi.dll,-102
    Object name: NT AUTHORITY\NetworkService
    Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1
    Depends On services: Tdx

    Service (registry key): dot3svc
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\dot3svc.dll,-1102
    Description: @%systemroot%\system32\dot3svc.dll,-1103
    Object name: localSystem
    Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RpcSs,Ndisuio,Eaphost

    Service (registry key): DPS
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\dps.dll,-500
    Description: @%systemroot%\system32\dps.dll,-501
    Object name: NT AUTHORITY\LocalService
    Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 2
    Type: 32
    Error Control: 1

    Service (registry key): drmkaud
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Filtre de décodeur DRM (Noyau Microsoft)
    Image path: system32\drivers\drmkaud.sys
    Image size: 5632
    Image MD5: 97FEF831AB90BEE128C9AF390E243F80
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): DXGKrnl
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: LDDM Graphics Subsystem
    Description: Controls the underlying video driver stacks to provide fully-featured display capabilities.
    Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
    Image size: 0
    Image MD5: D41D8CD98F00B204E9800998ECF8427E
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 0

    Service (registry key): E1G60
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: Intel(R) PRO/1000 NDIS 6 Adapter Driver
    Image path: system32\DRIVERS\E1G60I32.sys
    Image size: 117760
    Image MD5: F88FB26547FD2CE6D0A5AF2985892C48
    Control Set: CurrentControlSet
    Start: 3
    Type: 1
    Error Control: 1

    Service (registry key): EapHost
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%systemroot%\system32\eapsvc.dll,-1
    Description: @%systemroot%\system32\eapsvc.dll,-2
    Object name: localSystem
    Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
    Image size: 21504
    Image MD5: 3794B461C45882E06856F282EEF025AF
    Control Set: CurrentControlSet
    Start: 3
    Type: 32
    Error Control: 1
    Depends On services: RPCSS,KeyIso

    Service (registry key): Ecache
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: ReadyBoost Caching Driver
    Description: ReadyBoost Caching Driver
    Image path: System32\drivers\ecache.sys
    Image size: 143416
    Image MD5: DD2CD259D83D8B72C02C5F2331FF9D68
    Control Set: CurrentControlSet
    Start: 0
    Type: 1
    Error Control: 3

    Service (registry key): ehRecvr
    Registry path: \SYSTEM\CurrentControlSet\Services\
    Display name: @%SystemRoot%\ehome\ehrecvr.exe,-101
    Description: @%SystemRoot%\ehome\ehrecvr.exe,-102
    Ob
    0
  9. Utilisateur anonyme
     
    bonjour, ne cherche pas, tu es infecté par un trojan msqpdxserv.sys qui c'est installé dans le registre.

    télécharge GenProc sur ton bureau :
    http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
    ou ici : http://www.genproc.com/GenProc.exe
    dézippe le dossier, double-clique sur GenProc.bat
    poste le contenu du rapport qui s'ouvre

    Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html

    ou télécharge GenProc http://www.genproc.com/GenProc.exe

    double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre ensuite tu suit la procédure dans l'ordre .
    0
  10. bleurk Messages postés 115 Statut Membre
     
    impossible de le lancer meme
    L'UAC désactiver
    0
  11. bleurk Messages postés 115 Statut Membre
     
    il met même impossible de suprimer le dossier genproc de mon bureau!
    0
  12. Utilisateur anonyme
     
    telecharge le fichier genproc et enregistre le sur ton bureau.
    essaie de le relancer
    0
  13. bleurk Messages postés 115 Statut Membre
     
    quand je le lance, voila ce qui me dit: accès refusé
    0
  14. Utilisateur anonyme
     
    tu as ce problème depuis quand? arrives tu a trouvé un point de restauration de système enterieur à la date en question?
    0
  15. bleurk Messages postés 115 Statut Membre
     
    je sais pas, je dirai 2 sem.

    dit moi ce que tu en pensse de ce rapport s'il te plait

    ***** THE SYSTEM HAS BEEN RESTARTED *****
    10/07/2009 15:48:42: Trojan Remover has been restarted
    =======================================================
    Removing the following registry keys:
    HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys - Ownership taken
    HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys - already removed (or did not exist)
    =======================================================
    10/07/2009 15:48:42: Trojan Remover closed
    ************************************************************

    ***** NORMAL SCAN FOR ACTIVE MALWARE *****
    Trojan Remover Ver 6.7.9.2584. For information, email support@simplysup.com
    [Unregistered version]
    Scan started at: 15:46:02 10 juil. 2009
    Using Database v7358
    Operating System: Windows Vista Home Premium (SP1) [Build: 6.0.6001]
    File System: NTFS
    User Account Control is DISABLED.
    UserData directory: C:\Users\johnny\AppData\Roaming\Simply Super Software\Trojan Remover\
    Database directory: C:\ProgramData\Simply Super Software\Trojan Remover\Data\
    Logfile directory: C:\Users\johnny\Documents\Simply Super Software\Trojan Remover Logfiles\
    Program directory: C:\Program Files\Trojan Remover\
    Running with Administrator privileges

    ************************************************************
    The following Anti-Malware program(s) are loaded:
    Avira AntiVir

    ************************************************************

    ************************************************************
    15:46:02: ----- SCANNING FOR ROOTKIT SERVICES -----
    No hidden Services were detected.

    ************************************************************
    15:46:03: Scanning -----WINDOWS REGISTRY-----
    --------------------
    Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
    This key's "Shell" value calls the following program(s):
    Key value: [explorer.exe]
    File: explorer.exe
    C:\Windows\explorer.exe
    2927104 bytes
    Created: 10/12/2008 22:54
    Modified: 29/10/2008 08:29
    Company: Microsoft Corporation
    ----------
    This key's "Userinit" value calls the following program(s):
    Key value: [C:\Windows\system32\userinit.exe,]
    File: C:\Windows\system32\userinit.exe
    C:\Windows\system32\userinit.exe
    25088 bytes
    Created: 10/05/2008 20:00
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    ----------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    --------------------
    Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Value Name: load
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Value Name: Adobe Reader Speed Launcher
    Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    39792 bytes
    Created: 15/10/2008 02:04
    Modified: 15/10/2008 02:04
    Company: Adobe Systems Incorporated
    --------------------
    Value Name: avgnt
    Value Data: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    209153 bytes
    Created: 01/05/2009 08:38
    Modified: 02/03/2009 13:08
    Company: Avira GmbH
    --------------------
    Value Name: GrooveMonitor
    Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    31072 bytes
    Created: 25/10/2008 11:44
    Modified: 25/10/2008 11:44
    Company: Microsoft Corporation
    --------------------
    Value Name: QuickTime Task
    Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    C:\Program Files\QuickTime\QTTask.exe
    413696 bytes
    Created: 26/05/2009 17:18
    Modified: 26/05/2009 17:18
    Company: Apple Inc.
    --------------------
    Value Name: iTunesHelper
    Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
    C:\Program Files\iTunes\iTunesHelper.exe
    292136 bytes
    Created: 05/06/2009 13:39
    Modified: 05/06/2009 13:39
    Company: Apple Inc.
    --------------------
    Value Name: F-Secure ExploitShield
    Value Data: "C:\Program Files\F-Secure\ExploitShield\fsesgui.exe"
    C:\Program Files\F-Secure\ExploitShield\fsesgui.exe
    629376 bytes
    Created: 05/07/2009 14:34
    Modified: 29/06/2009 12:14
    Company: F-Secure Corporation
    --------------------
    Value Name: TrojanScanner
    Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
    C:\Program Files\Trojan Remover\Trjscan.exe
    1059720 bytes
    Created: 10/07/2009 15:45
    Modified: 01/06/2009 17:06
    Company: Simply Super Software
    --------------------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    Value Name: Launcher
    Value Data: %WINDIR%\SMINST\launcher.exe
    C:\Windows\SMINST\launcher.exe
    44168 bytes
    Created: 07/03/2007 11:09
    Modified: 07/03/2007 11:09
    Company: soft thinks
    --------------------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    This Registry Key appears to be empty
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
    This Registry Key appears to be empty
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Value Name: Sidebar
    Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    C:\Program Files\Windows Sidebar\sidebar.exe
    1233920 bytes
    Created: 10/05/2008 20:02
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    Value Name: ehTray.exe
    Value Data: C:\Windows\ehome\ehTray.exe
    C:\Windows\ehome\ehTray.exe
    125952 bytes
    Created: 10/05/2008 20:00
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    Value Name: LDM
    Value Data: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    36864 bytes
    Created: 10/08/2008 11:50
    Modified: 10/08/2008 11:50
    Company: Logitech
    --------------------
    Value Name: msnlivesearch
    Value Data: C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
    C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
    49152 bytes
    Created: 04/10/2008 09:29
    Modified: 04/10/2008 09:29
    Company: Microsoft
    --------------------
    Value Name: ISUSPM Startup
    Value Data: "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    249856 bytes
    Created: 27/10/2007 18:59
    Modified: 11/08/2005 15:30
    Company: Macrovision Corporation
    --------------------
    Value Name: swg
    Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    39408 bytes
    Created: 14/01/2009 14:31
    Modified: 14/01/2009 14:31
    Company: Google Inc.
    --------------------
    Value Name: SpybotSD TeaTimer
    Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    2260480 bytes
    Created: 07/10/2007 13:59
    Modified: 05/03/2009 16:07
    Company: Safer-Networking Ltd.
    --------------------
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    This Registry Key appears to be empty
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    This Registry Key appears to be empty
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    This Registry Key appears to be empty

    ************************************************************
    15:46:05: Scanning -----SHELLEXECUTEHOOKS-----
    ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
    Value: Groove GFS Stub Execution Hook
    File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    2217848 bytes
    Created: 12/02/2009 15:19
    Modified: 12/02/2009 15:19
    Company: Microsoft Corporation
    ----------

    ************************************************************
    15:46:05: Scanning -----HIDDEN REGISTRY ENTRIES-----
    Taskdir check completed
    ----------
    No Hidden File-loading Registry Entries found
    ----------

    ************************************************************
    15:46:05: Scanning -----ACTIVE SCREENSAVER-----
    ScreenSaver: C:\Windows\GAIA3D~1.SCR
    C:\Windows\GAIA3D~1.SCR - [file not found to scan]
    --------------------

    ************************************************************
    15:46:05: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

    ************************************************************
    15:46:05: Scanning ----- SERVICEDLL REGISTRY KEYS -----

    ************************************************************
    15:46:05: Scanning ----- SERVICES REGISTRY KEYS -----
    Key: 61883
    ImagePath: system32\DRIVERS\61883.sys
    C:\Windows\system32\DRIVERS\61883.sys
    45696 bytes
    Created: 10/05/2008 19:59
    Modified: 19/01/2008 07:53
    Company: Microsoft Corporation
    ----------
    Key: a2free
    ImagePath: "C:\Program Files\a-squared Free\a2service.exe"
    C:\Program Files\a-squared Free\a2service.exe
    718880 bytes
    Created: 08/07/2009 15:40
    Modified: 08/07/2009 15:48
    Company: Emsi Software GmbH
    ----------
    Key: Adobe LM Service
    ImagePath: "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"
    C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    72704 bytes
    Created: 23/10/2007 12:21
    Modified: 23/10/2007 12:21
    Company: Adobe Systems
    ----------
    Key: athr
    ImagePath: system32\DRIVERS\athr.sys
    C:\Windows\system32\DRIVERS\athr.sys
    952832 bytes
    Created: 29/12/2008 23:57
    Modified: 29/12/2008 23:57
    Company: Atheros Communications, Inc.
    ----------
    Key: Avc
    ImagePath: system32\DRIVERS\avc.sys
    C:\Windows\system32\DRIVERS\avc.sys
    40448 bytes
    Created: 10/05/2008 20:00
    Modified: 19/01/2008 07:53
    Company: Microsoft Corporation
    ----------
    Key: BDFsDrv
    ImagePath: \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys
    C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys - [file not found to scan]
    ----------
    Key: blbdrive
    ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
    ----------
    Key: Boonty Games
    ImagePath: "C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe"
    C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe - [file not found to scan]
    ----------
    Key: ExploitShield
    ImagePath: "C:\Program Files\F-Secure\ExploitShield\fsessrv.exe"
    C:\Program Files\F-Secure\ExploitShield\fsessrv.exe
    326272 bytes
    Created: 05/07/2009 14:34
    Modified: 29/06/2009 12:14
    Company: F-Secure Corporation
    ----------
    Key: IDriverT
    ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
    C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe - [file not found to scan]
    ----------
    Key: IpInIp
    ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
    ----------
    Key: kbdhid
    ImagePath: \SystemRoot\system32\drivers\kbdhid.sys
    C:\Windows\system32\drivers\kbdhid.sys
    15872 bytes
    Created: 02/11/2006 10:51
    Modified: 02/11/2006 10:51
    Company: Microsoft Corporation
    ----------
    Key: LHidKe
    ImagePath: system32\DRIVERS\LHidKE.Sys
    C:\Windows\system32\DRIVERS\LHidKE.Sys
    27136 bytes
    Created: 22/11/2007 12:09
    Modified: 19/07/2006 13:29
    Company: Logitech Inc.
    ----------
    Key: LiveUpdate
    ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    2918008 bytes
    Created: 27/06/2007 23:24
    Modified: 11/01/2007 11:13
    Company: Symantec Corporation
    ----------
    Key: LiveUpdate Notice Ex
    ImagePath: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
    c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe - [file not found to scan]
    ----------
    Key: LiveUpdate Notice Service
    ImagePath: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    517768 bytes
    Created: 12/03/2007 10:22
    Modified: 12/03/2007 10:22
    Company: Symantec Corporation
    ----------
    Key: LVCOMSer
    ImagePath: "C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe"
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    186904 bytes
    Created: 26/07/2008 08:23
    Modified: 26/07/2008 08:23
    Company: Logitech Inc.
    ----------
    Key: LVPr2Mon
    ImagePath: system32\DRIVERS\LVPr2Mon.sys
    C:\Windows\system32\DRIVERS\LVPr2Mon.sys
    25624 bytes
    Created: 26/07/2008 08:25
    Modified: 26/07/2008 08:25
    Company: Logitech Inc.
    ----------
    Key: LVPrcSrv
    ImagePath: "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    150040 bytes
    Created: 26/07/2008 08:25
    Modified: 26/07/2008 08:25
    Company: Logitech Inc.
    ----------
    Key: LVRS
    ImagePath: system32\DRIVERS\lvrs.sys
    C:\Windows\system32\DRIVERS\lvrs.sys
    627864 bytes
    Created: 23/09/2008 00:53
    Modified: 26/07/2008 17:25
    Company: Logitech Inc.
    ----------
    Key: maxidemo
    ImagePath: system32\DRIVERS\maxidemo.sys
    C:\Windows\system32\DRIVERS\maxidemo.sys - [file not found to scan]
    ----------
    Key: MSDV
    ImagePath: system32\DRIVERS\msdv.sys
    C:\Windows\system32\DRIVERS\msdv.sys
    52608 bytes
    Created: 10/05/2008 20:00
    Modified: 19/01/2008 07:53
    Company: Microsoft Corporation
    ----------
    Key: msiserver
    ImagePath: %systemroot%\system32\msiexec /V
    ----------
    Key: Nero BackItUp Scheduler 3
    ImagePath: C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    836904 bytes
    Created: 08/08/2007 09:25
    Modified: 08/08/2007 09:25
    Company: Nero AG
    ----------
    Key: nvstor32
    ImagePath: system32\drivers\nvstor32.sys
    C:\Windows\system32\drivers\nvstor32.sys
    110624 bytes
    Created: 26/10/2007 19:51
    Modified: 26/10/2007 19:51
    Company: NVIDIA Corporation
    ----------
    Key: NwlnkFlt
    ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
    ----------
    Key: NwlnkFwd
    ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
    ----------
    Key: PcdrNdisuio
    ImagePath: system32\DRIVERS\pcdrndisuio.sys
    C:\Windows\system32\DRIVERS\pcdrndisuio.sys - [file not found to scan]
    ----------
    Key: pcouffin
    ImagePath: System32\Drivers\pcouffin.sys
    C:\Windows\System32\Drivers\pcouffin.sys
    47360 bytes
    Created: 10/10/2007 15:43
    Modified: 10/10/2007 15:43
    Company: VSO Software
    ----------
    Key: pepifilter
    ImagePath: system32\DRIVERS\lv302af.sys
    C:\Windows\system32\DRIVERS\lv302af.sys
    13848 bytes
    Created: 23/09/2008 00:53
    Modified: 26/07/2008 17:22
    Company: Logitech Inc.
    ----------
    Key: Planificateur LiveUpdate automatique
    ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    554616 bytes
    Created: 27/06/2007 23:24
    Modified: 11/01/2007 11:13
    Company: Symantec Corporation
    ----------
    Key: PnkBstrA
    ImagePath: C:\Windows\system32\PnkBstrA.exe
    C:\Windows\system32\PnkBstrA.exe
    66872 bytes
    Created: 20/12/2007 00:12
    Modified: 15/05/2009 10:50
    Company: [no info]
    ----------
    Key: PnkBstrB
    ImagePath: C:\Windows\system32\PnkBstrB.exe
    C:\Windows\system32\PnkBstrB.exe
    107832 bytes
    Created: 20/12/2007 00:12
    Modified: 15/05/2009 10:50
    Company: [no info]
    ----------
    Key: RoxMediaDB9
    ImagePath: "c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
    c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    887544 bytes
    Created: 26/03/2007 13:21
    Modified: 26/03/2007 13:21
    Company: Sonic Solutions
    ----------
    Key: SBSDWSCService
    ImagePath: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    1153368 bytes
    Created: 07/10/2007 13:59
    Modified: 26/01/2009 15:31
    Company: Safer Networking Ltd.
    ----------
    Key: Serenum
    ImagePath: \SystemRoot\system32\drivers\serenum.sys
    C:\Windows\system32\drivers\serenum.sys
    17920 bytes
    Created: 02/11/2006 10:51
    Modified: 02/11/2006 10:51
    Company: Microsoft Corporation
    ----------
    Key: Serial
    ImagePath: \SystemRoot\system32\drivers\serial.sys
    C:\Windows\system32\drivers\serial.sys
    83456 bytes
    Created: 02/11/2006 10:51
    Modified: 02/11/2006 10:51
    Company: Microsoft Corporation
    ----------
    Key: sfdrv01
    ImagePath: System32\drivers\sfdrv01.sys
    C:\Windows\System32\drivers\sfdrv01.sys
    59256 bytes
    Created: 05/07/2006 14:39
    Modified: 05/07/2006 14:39
    Company: Protection Technology (StarForce)
    ----------
    Key: sfhlp02
    ImagePath: System32\drivers\sfhlp02.sys
    C:\Windows\System32\drivers\sfhlp02.sys
    13680 bytes
    Created: 14/06/2006 16:56
    Modified: 14/06/2006 16:56
    Company: Protection Technology (StarForce)
    ----------
    Key: sfvfs02
    ImagePath: System32\drivers\sfvfs02.sys
    C:\Windows\System32\drivers\sfvfs02.sys
    83320 bytes
    Created: 08/02/2007 19:44
    Modified: 08/02/2007 19:44
    Company: Protection Technology (StarForce)
    ----------
    Key: sptd
    ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
    ----------
    Key: stllssvr
    ImagePath: "c:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
    c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    -R- 74656 bytes
    Created: 08/03/2007 18:54
    Modified: 08/03/2007 18:54
    Company: MicroVision Development, Inc.
    ----------
    Key: usbbus
    ImagePath: system32\DRIVERS\lgusbbus.sys
    C:\Windows\system32\DRIVERS\lgusbbus.sys
    12416 bytes
    Created: 19/04/2009 13:04
    Modified: 11/07/2007 10:40
    Company: LG Electronics Inc.
    ----------
    Key: UsbDiag
    ImagePath: system32\DRIVERS\lgusbdiag.sys
    C:\Windows\system32\DRIVERS\lgusbdiag.sys
    19840 bytes
    Created: 19/04/2009 13:04
    Modified: 11/07/2007 15:51
    Company: LG Electronics Inc.
    ----------
    Key: USBModem
    ImagePath: system32\DRIVERS\lgusbmodem.sys
    C:\Windows\system32\DRIVERS\lgusbmodem.sys
    21632 bytes
    Created: 19/04/2009 13:04
    Modified: 11/07/2007 10:45
    Company: LG Electronics Inc.
    ----------
    Key: VBoxDrv
    ImagePath: system32\DRIVERS\VBoxDrv.sys
    C:\Windows\system32\DRIVERS\VBoxDrv.sys
    117136 bytes
    Created: 05/07/2009 10:48
    Modified: 16/06/2009 19:07
    Company: Sun Microsystems, Inc.
    ----------
    Key: VBoxNetAdp
    ImagePath: system32\DRIVERS\VBoxNetAdp.sys
    C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
    91280 bytes
    Created: 16/06/2009 19:07
    Modified: 16/06/2009 19:07
    Company: Sun Microsystems, Inc.
    ----------
    Key: VBoxNetFlt
    ImagePath: system32\DRIVERS\VBoxNetFlt.sys
    C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
    99216 bytes
    Created: 16/06/2009 19:07
    Modified: 16/06/2009 19:07
    Company: Sun Microsystems, Inc.
    ----------
    Key: VBoxUSBMon
    ImagePath: system32\DRIVERS\VBoxUSBMon.sys
    C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
    41424 bytes
    Created: 05/07/2009 10:47
    Modified: 16/06/2009 19:07
    Company: Sun Microsystems, Inc.
    ----------
    Key: WpdUsb
    ImagePath: system32\DRIVERS\wpdusb.sys
    C:\Windows\system32\DRIVERS\wpdusb.sys
    39936 bytes
    Created: 10/05/2008 20:00
    Modified: 19/01/2008 08:04
    Company: Microsoft Corporation
    ----------

    ************************************************************
    15:46:27: Scanning -----VXD ENTRIES-----

    ************************************************************
    15:46:27: Scanning ----- WINLOGON\NOTIFY DLLS -----
    No Winlogon\Notify DLLs found to scan

    ************************************************************
    15:46:27: Scanning ----- CONTEXTMENUHANDLERS -----
    Key: {100BD527-7304-4b7f-BEE2-26D97B04EBA4}
    Path: C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBShell.dll
    255272 bytes
    Created: 08/08/2007 09:25
    Modified: 08/08/2007 09:25
    Company: Nero AG
    ----------

    ************************************************************
    15:46:27: Scanning ----- FOLDER\COLUMNHANDLERS -----
    Key: {7D4D6379-F301-4311-BEBA-E26EB0561882}
    File: C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
    C:\Program Files\Common Files\Nero\Lib\NeroDigitalExt.dll
    1803560 bytes
    Created: 08/08/2007 09:26
    Modified: 08/08/2007 09:26
    Company: Nero AG
    ----------

    ************************************************************
    15:46:27: Scanning ----- BROWSER HELPER OBJECTS -----
    Key: {19C8E43B-07B3-49CB-BFFC-6777B593E6F8}
    BHO: C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    525792 bytes
    Created: 21/05/2007 11:34
    Modified: 21/05/2007 11:34
    Company: Protect Software GmbH
    ----------
    Key: {53707962-6F74-2D53-2644-206D7942484F}
    BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    1879896 bytes
    Created: 07/10/2007 13:59
    Modified: 26/01/2009 15:31
    Company: Safer Networking Limited
    ----------
    Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
    BHO: C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    251504 bytes
    Created: 14/01/2009 14:31
    Modified: 14/01/2009 14:30
    Company: [no info]
    ----------
    Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
    BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    669168 bytes
    Created: 08/07/2009 20:53
    Modified: 08/07/2009 20:53
    Company: Google Inc.
    ----------

    ************************************************************
    15:46:28: Scanning ----- SHELLSERVICEOBJECTS -----

    ************************************************************
    15:46:28: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

    ************************************************************
    15:46:28: Scanning ----- IMAGEFILE DEBUGGERS -----
    No "Debugger" entries found.

    ************************************************************
    15:46:28: Scanning ----- APPINIT_DLLS -----
    The AppInit_DLLs value is blank or does not exist

    ************************************************************
    15:46:28: Scanning ----- SECURITY PROVIDER DLLS -----

    ************************************************************
    15:46:28: Scanning ------ COMMON STARTUP GROUP ------
    [C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
    The Common Startup Group attempts to load the following file(s) at boot time:
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
    -HS- 174 bytes
    Created: 02/11/2006 14:50
    Modified: 11/05/2008 00:05
    Company: [no info]
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini - no action taken on this file
    --------------------
    Logitech Desktop Messenger.lnk - links to C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe
    C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LDMConf.exe
    196608 bytes
    Created: 10/08/2008 11:50
    Modified: 10/08/2008 11:50
    Company: Logitech
    --------------------
    PDFCreator.lnk - links to C:\PROGRA~1\PDFCRE~1\PDFCRE~1.EXE
    C:\PROGRA~1\PDFCRE~1\PDFCRE~1.EXE
    2641920 bytes
    Created: 11/01/2008 19:04
    Modified: 11/01/2008 19:04
    Company: pdfforge https://www.pdfforge.org/
    --------------------

    ************************************************************
    15:46:28: Scanning ----- USER STARTUP GROUPS -----
    Checking Startup Group for: Invité
    [C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
    --------------------
    Checking Startup Group for: johnny
    [C:\Users\johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
    Adobe Gamma.lnk - links to C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE
    113664 bytes
    Created: 16/03/2005 19:16
    Modified: 16/03/2005 19:16
    Company: Adobe Systems, Inc.
    ----------
    C:\Users\johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
    -HS- 174 bytes
    Created: 02/10/2007 16:21
    Modified: 03/10/2007 21:17
    Company: [no info]
    C:\Users\johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini - no action taken on this file
    ----------
    --------------------

    ************************************************************
    15:46:29: Scanning ----- SCHEDULED TASKS -----
    Taskname: {3319FB9B-F5CA-46FD-9403-D5A69DCB65ED}
    File: C:\Windows\system32\pcalua.exe - globally excluded
    Parameters: -a C:\Users\johnny\Desktop\Downloads\alcohol-120_alcohol_120_1.9.7_build_6022_anglais_11016.exe -d C:\Users\johnny\Desktop\Downloads
    ----------
    Taskname: {626AC99C-304A-4506-B490-AD93A7963559}
    File: C:\Windows\system32\pcalua.exe - globally excluded
    Parameters: -a C:\Users\johnny\Desktop\Downloads\strip-poker.exe -d C:\Users\johnny\Desktop\Downloads
    ----------
    Taskname: {85CFB0C3-1862-4302-B41E-9F6753A37B96}
    File: C:\Windows\system32\pcalua.exe - globally excluded
    Parameters: -a C:\Users\johnny\Desktop\Downloads\incrazyball_demo_jouable_1_multijoueurs_multi-langues_15284.exe -d C:\Users\johnny\Desktop\Downloads
    ----------
    Taskname: {A1142016-46B0-4BDF-BFA7-F1C28C376760}
    File: C:\Windows\system32\pcalua.exe - globally excluded
    Parameters: -a C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe -c /M{CEBB0413-2628-4C49-8332-5EEC640B8005}
    ----------
    Taskname: {AF269F44-98B9-49E1-B3D4-78582CEFE5B3}
    File: C:\Windows\system32\pcalua.exe - globally excluded
    Parameters: -a "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" -c /uninstall
    ----------
    Taskname: {AFCD4E48-9750-4765-9A0C-6D7DCA693DDB}
    File: C:\Windows\system32\pcalua.exe - globally excluded
    Parameters: -a "C:\Users\johnny\Desktop\Downloads\POOL\Play89 Pool.exe" -d C:\Users\johnny\Desktop\Downloads\POOL
    ----------
    Taskname: {B56FE104-B28B-44A8-9A1C-B4FF525B7812}
    File: C:\Windows\system32\pcalua.exe - globally excluded
    Parameters: -a C:\Windows\unvise32.exe -d C:\Windows -c C:\PROGRA~1\SCIGAM~1\CONSTA~1\uninstal.log
    ----------
    Taskname: {B8C2FEA5-B1D7-438F-A239-55825B10C86F}
    File: C:\Windows\system32\pcalua.exe - globally excluded
    Parameters: -a C:\Users\johnny\Desktop\Downloads\DEMO\Attack_of_the_Silver_Ball_Demo_du_jeu.exe -d C:\Users\johnny\Desktop\Downloads\DEMO
    ----------
    Taskname: {B915C2C6-9BB9-47A2-8087-DD366E848FA7}
    File: C:\Windows\system32\pcalua.exe - globally excluded
    Parameters: -a C:\Users\johnny\Desktop\Downloads\f.e.a.r._perseus_mandate_demo_jouable_1_anglais_46000.exe -d C:\Users\johnny\Desktop\Downloads
    ----------
    Taskname: {D85907C9-3B7F-43A3-988D-06A72F06F68D}
    File: C:\Windows\system32\pcalua.exe - globally excluded
    Parameters: -a C:\Users\johnny\Desktop\Downloads\call_of_duty_4_modern_warfare_demo_en.exe -d C:\Users\johnny\Desktop\Downloads
    ----------
    Taskname: {E9D6FB80-F966-40B4-8805-9E2EE57A3028}
    File: C:\Windows\system32\pcalua.exe - globally excluded
    Parameters: -a "C:\Users\johnny\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DOESYUTJ\daemon408-x86[1].exe" -d C:\Users\johnny
    ----------
    Taskname: {EBFF3A6B-13F3-4915-BA6B-16E71B6BDF83}
    File: C:\Windows\system32\pcalua.exe - globally excluded
    Parameters: -a E:\CommonEASO\EASOInstaller.exe -d E:\CommonEASO
    ----------

    ************************************************************
    15:46:29: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

    ************************************************************
    15:46:29: Scanning ----- DEVICE DRIVER ENTRIES -----
    Value: VIDC.I420
    File: lvcodec2.dll
    C:\Windows\system32\lvcodec2.dll
    416280 bytes
    Created: 03/10/2007 21:27
    Modified: 26/07/2008 17:23
    Company: Logitech Inc.
    ----------
    Value: VIDC.FFDS
    File: ff_vfw.dll
    C:\Windows\system32\ff_vfw.dll
    7680 bytes
    Created: 04/10/2007 13:34
    Modified: 07/09/2007 19:32
    Company: [no info]
    ----------
    Value: msacm.vorbis
    File: vorbis.acm
    C:\Windows\system32\vorbis.acm
    1294336 bytes
    Created: 01/11/2007 22:33
    Modified: 08/07/2002 00:14
    Company: HMS http://hp.vector.co.jp/authors/VA012897/
    ----------

    ************************************************************
    15:46:30: ----- ADDITIONAL CHECKS -----
    Hidden or inaccessible Services entry: [msqpdxserv.sys]
    ImagePath: \systemroot\system32\drivers\msqpdxvtsiprcf.sys
    Entry has been scheduled for deletion when the PC is restarted
    \systemroot\system32\drivers\msqpdxvtsiprcf.sys - no action requested on this file
    ----------
    Winlogon registry rootkit checks completed
    ----------
    Heuristic checks for hidden files/drivers completed
    ----------
    Layered Service Provider entries checks completed
    ----------
    Windows Explorer Policies checks completed
    ----------
    Desktop Wallpaper: C:\Users\johnny\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    C:\Users\johnny\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    261265 bytes
    Created: 13/04/2009 20:24
    Modified: 13/04/2009 20:24
    Company: [no info]
    ----------
    Web Desktop Wallpaper: %APPDATA%\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    C:\Users\johnny\AppData\Roaming\Microsoft\Windows Photo Gallery\Papier peint de la Galerie de photos Windows.jpg
    261265 bytes
    Created: 13/04/2009 20:24
    Modified: 13/04/2009 20:24
    Company: [no info]
    ----------
    Checks for rogue DNS NameServers completed
    ----------
    Additional checks completed

    ************************************************************
    15:46:56: Scanning ----- RUNNING PROCESSES -----

    C:\Windows\System32\smss.exe
    64000 bytes
    Created: 10/05/2008 20:01
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    C:\Windows\system32\csrss.exe
    6144 bytes
    Created: 10/05/2008 20:00
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    C:\Windows\system32\wininit.exe
    96768 bytes
    Created: 10/05/2008 20:01
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    C:\Windows\system32\csrss.exe - file already scanned
    --------------------
    C:\Windows\system32\services.exe
    279040 bytes
    Created: 10/05/2008 20:01
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    C:\Windows\system32\lsass.exe
    9728 bytes
    Created: 10/05/2008 20:00
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    C:\Windows\system32\lsm.exe
    229888 bytes
    Created: 10/05/2008 20:02
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    C:\Windows\system32\svchost.exe
    21504 bytes
    Created: 10/05/2008 20:00
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    C:\Windows\system32\winlogon.exe
    314880 bytes
    Created: 10/05/2008 20:01
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    C:\Windows\system32\svchost.exe - file already scanned
    --------------------
    C:\Windows\System32\svchost.exe - file already scanned
    --------------------
    C:\Windows\System32\svchost.exe - file already scanned
    --------------------
    C:\Windows\System32\svchost.exe - file already scanned
    --------------------
    C:\Windows\system32\svchost.exe - file already scanned
    --------------------
    C:\Windows\system32\svchost.exe - file already scanned
    --------------------
    C:\Windows\system32\SLsvc.exe
    2623488 bytes
    Created: 10/05/2008 20:02
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    C:\Windows\system32\svchost.exe - file already scanned
    --------------------
    C:\Windows\system32\svchost.exe - file already scanned
    --------------------
    C:\Windows\system32\Dwm.exe
    81920 bytes
    Created: 10/05/2008 20:01
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    C:\Windows\System32\spoolsv.exe
    125952 bytes
    Created: 10/05/2008 20:00
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    108289 bytes
    Created: 01/05/2009 08:38
    Modified: 01/04/2009 15:46
    Company: Avira GmbH
    --------------------
    C:\Windows\system32\svchost.exe - file already scanned
    --------------------
    C:\Windows\system32\taskeng.exe
    169472 bytes
    Created: 10/05/2008 20:01
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    C:\Windows\system32\taskeng.exe - file already scanned
    --------------------
    C:\Program Files\a-squared Free\a2service.exe - file already scanned
    --------------------
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    185089 bytes
    Created: 01/05/2009 08:38
    Modified: 02/03/2009 13:09
    Company: Avira GmbH
    --------------------
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    144712 bytes
    Created: 05/06/2009 11:48
    Modified: 05/06/2009 11:48
    Company: Apple Inc.
    --------------------
    C:\Program Files\Bonjour\mDNSResponder.exe
    238888 bytes
    Created: 12/12/2008 11:17
    Modified: 12/12/2008 11:17
    Company: Apple Inc.
    --------------------
    C:\Program Files\F-Secure\ExploitShield\fsessrv.exe - file already scanned
    --------------------
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    61440 bytes
    Created: 17/01/2007 11:20
    Modified: 17/01/2007 11:20
    Company: Hewlett-Packard Company
    --------------------
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe - file already scanned
    --------------------
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe - file already scanned
    --------------------
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe - file already scanned
    --------------------
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe - file already scanned
    --------------------
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe - file already scanned
    --------------------
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe - file already scanned
    --------------------
    C:\Windows\system32\PnkBstrA.exe - file already scanned
    --------------------
    C:\Windows\system32\PnkBstrB.exe - file already scanned
    --------------------
    C:\Windows\system32\svchost.exe - file already scanned
    --------------------
    C:\Windows\system32\svchost.exe - file already scanned
    --------------------
    C:\Windows\System32\svchost.exe - file already scanned
    --------------------
    C:\Windows\system32\SearchIndexer.exe
    439808 bytes
    Created: 28/07/2008 19:00
    Modified: 27/05/2008 07:18
    Company: Microsoft Corporation
    --------------------
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe - file already scanned
    --------------------
    C:\Windows\system32\WUDFHost.exe
    142336 bytes
    Created: 10/05/2008 20:01
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe - file already scanned
    --------------------
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe - file already scanned
    --------------------
    C:\Program Files\iTunes\iTunesHelper.exe - file already scanned
    --------------------
    C:\Program Files\F-Secure\ExploitShield\fsesgui.exe - file already scanned
    --------------------
    C:\Program Files\Windows Sidebar\sidebar.exe - file already scanned
    --------------------
    C:\Windows\ehome\ehtray.exe - file already scanned
    --------------------
    C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe - file already scanned
    --------------------
    C:\Windows\ehome\ehmsas.exe
    37376 bytes
    Created: 10/05/2008 20:00
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - file already scanned
    --------------------
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - file already scanned
    --------------------
    C:\Program Files\PDFCreator\PDFCreator.exe
    2641920 bytes
    Created: 11/01/2008 19:04
    Modified: 11/01/2008 19:04
    Company: pdfforge https://www.pdfforge.org/
    --------------------
    C:\Windows\System32\mobsync.exe
    95744 bytes
    Created: 10/05/2008 20:00
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    C:\Program Files\Windows Sidebar\sidebar.exe - file already scanned
    --------------------
    C:\Windows\system32\svchost.exe - file already scanned
    --------------------
    C:\Program Files\iPod\bin\iPodService.exe
    541992 bytes
    Created: 05/06/2009 13:39
    Modified: 05/06/2009 13:39
    Company: Apple Inc.
    --------------------
    C:\Program Files\Mozilla Firefox\firefox.exe
    307704 bytes
    Created: 12/01/2009 19:10
    Modified: 12/06/2009 21:52
    Company: Mozilla Corporation
    --------------------
    C:\Windows\system32\wbem\unsecapp.exe
    37888 bytes
    Created: 10/05/2008 20:00
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    C:\Windows\system32\wbem\wmiprvse.exe
    247296 bytes
    Created: 16/04/2009 20:04
    Modified: 03/03/2009 04:16
    Company: Microsoft Corporation
    --------------------
    C:\Windows\system32\conime.exe
    69120 bytes
    Created: 10/05/2008 20:00
    Modified: 19/01/2008 09:33
    Company: Microsoft Corporation
    --------------------
    C:\Windows\explorer.exe - file already scanned
    --------------------
    C:\Program Files\Trojan Remover\Rmvtrjan.exe
    FileSize: 3015544
    [This is a Trojan Remover component]
    --------------------

    ************************************************************
    15:47:01: Checking HOSTS file
    No malicious entries were found in the HOSTS file

    ************************************************************
    === CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
    Scan completed at: 15:47:01 10 juil. 2009
    Total Scan time: 00:00:58
    -------------------------------------------------------------------------
    One or more files could not be moved or renamed as requested.
    They may be in use by Windows, so Trojan Remover needs
    to restart the system in order to deal with these files.
    10/07/2009 15:47:06: restart commenced
    ************************************************************
    0
  16. Utilisateur anonyme
     
    ils sont toujours là :

    Removing the following registry keys:
    HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys - Ownership taken
    HKLM\SYSTEM\CurrentControlSet\Services\msqpdxserv.sys - already removed (or did not exist)

    on va les fixer avec hijackthis

    pass un log de hijackthis et poste son rapport ici
    0
  17. bleurk Messages postés 115 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:11:20, on 10/07/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\F-Secure\ExploitShield\fsesgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\PDFCreator\PDFCreator.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - (no file)
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [F-Secure ExploitShield] "C:\Program Files\F-Secure\ExploitShield\fsesgui.exe"
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
    O18 - Protocol: bw+0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: offline-8876480 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: F-Secure Exploit Shield Service (ExploitShield) - F-Secure Corporation - C:\Program Files\F-Secure\ExploitShield\fsessrv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    0
  18. bleurk Messages postés 115 Statut Membre
     
    je doit partir , je suis désolé, de retour vers 17h30 merci
    0
  19. Utilisateur anonyme
     
    ok, pas de soucis
    quand tu revient fais ceci :

    télécharge GenProc sur ton bureau :
    http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
    ou ici : http://www.genproc.com/GenProc.exe
    dézippe le dossier, double-clique sur GenProc.bat
    poste le contenu du rapport qui s'ouvre

    Aide en images : http://www.alt-shift-return.org/Info/GenProc-HowTo.html
    poste son rapport ici

    à +
    0
  20. bleurk Messages postés 115 Statut Membre
     
    voila le rapport
    Rapport GenProc 2.602 [1] - 10/07/2009 à 17:45:32
    @ Windows Vista Service Pack 1 - Mode normal
    @ Mozilla Firefox (3.0.11) [Navigateur par défaut]

    GenProc n'a détecté aucune infection caractéristique et suggère de suivre la procédure suivante :

    Poste un rapport Nod32 https://www.eset.com/ (il faut utiliser Internet Explorer)
    - coche toutes les cases à chaque fois, et lorsque c'est terminé, colle le rapport :
    - C:\Program Files\EsetOnlineScanner\log.txt

    ~~~~ INFORMATION COMPLEMENTAIRE ~~~~

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:46:19, on 10/07/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\F-Secure\ExploitShield\fsesgui.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\PDFCreator\PDFCreator.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\conime.exe
    C:\GenProc\outil\johnny_GenProc.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
    O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
    O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - (no file)
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [F-Secure ExploitShield] "C:\Program Files\F-Secure\ExploitShield\fsesgui.exe"
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
    O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
    O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
    O13 - Gopher Prefix:
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
    O18 - Protocol: bw+0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: offline-8876480 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: F-Secure Exploit Shield Service (ExploitShield) - F-Secure Corporation - C:\Program Files\F-Secure\ExploitShield\fsessrv.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
    O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    0
  21. Utilisateur anonyme
     
    déjà on va supprimer le restant de norton de ton pc :

    Pour désinstaller Norton
    http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
    0
  • 1
  • 2
  • 3