Trojan
Résolu/Fermé
bleurk
Messages postés
110
Date d'inscription
vendredi 28 septembre 2007
Statut
Membre
Dernière intervention
1 mai 2012
-
8 juil. 2009 à 19:34
Utilisateur anonyme - 19 juil. 2009 à 10:46
Utilisateur anonyme - 19 juil. 2009 à 10:46
A voir également:
- Trojan
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Csrss.exe trojan - Forum Virus
- Csrss.exe : processus suspect/virus ? - Forum Virus
- Trojan b901 system32 win config 34 ✓ - Forum Virus
- Trojan win32 - Forum Virus
51 réponses
bleurk
Messages postés
110
Date d'inscription
vendredi 28 septembre 2007
Statut
Membre
Dernière intervention
1 mai 2012
11 juil. 2009 à 08:37
11 juil. 2009 à 08:37
bonjour, ça y est c'est fait il n'y a plu de norton
bleurk
Messages postés
110
Date d'inscription
vendredi 28 septembre 2007
Statut
Membre
Dernière intervention
1 mai 2012
11 juil. 2009 à 13:57
11 juil. 2009 à 13:57
ils sont encore la! que faire?
Win32.TDSS.reg: [SBI $2867D4A5] Réglages (Modification du registre, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules\msqpdxserv
Win32.TDSS.reg: [SBI $667311C3] Réglages (Modification du registre, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules\msqpdxl
DoubleClick: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
MediaPlex: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
MediaPlex: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
BlueStreak: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Adviva: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-03-30 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-07-07 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-07 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-06-30 Includes\Malware.sbi (*)
2009-07-07 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-07-07 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-07-07 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-07-07 Includes\Trojans.sbi (*)
2009-07-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2008-12-24 Plugins\TCPIPAddress.dll
Win32.TDSS.reg: [SBI $2867D4A5] Réglages (Modification du registre, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules\msqpdxserv
Win32.TDSS.reg: [SBI $667311C3] Réglages (Modification du registre, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys\modules\msqpdxl
DoubleClick: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
MediaPlex: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
MediaPlex: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
BlueStreak: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Zedo: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Tradedoubler: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
Adviva: Cookie traceur (Firefox: johnny (default)) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-03-30 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-07-07 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-07 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-06-30 Includes\Malware.sbi (*)
2009-07-07 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-07-07 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-07-07 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-07-07 Includes\Trojans.sbi (*)
2009-07-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2008-12-24 Plugins\TCPIPAddress.dll
Utilisateur anonyme
14 juil. 2009 à 18:13
14 juil. 2009 à 18:13
bonsoir,
ton pc est infecté par rootkit.
1.Télécharges ComboFix à partir de ce lien :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Et important, enregistre le sur le bureau.
Avant d'utiliser ComboFix :
► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Si ça ne marche pas, tu vires combofix de sur ton bureau et tu télécharge depuis ce lien jacombo qui est combofix renommé cela permet de contrer certaine infection, tu le mets sur ton bureau et tu suis les explications données dans la procédure de combofix
http://sd-1.archive-host.com/membres/up/89820622056365782/jacombo.exe
2.télécharge Malwarebyte's ici
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
le programme va se mettre automatiquement a jour.
S'il manque le fichier COMCTL32.OCX, vous pourrez le télécharger ici
https://www.malekal.com/tutorial-aboutbuster/
Une fois a jour, le programme va se lancer; click sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des éléments on été trouvés > click sur supprimer la sélection.
si il t´es demandé de redémarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de manière a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
3.Désactivation/Réactivation de la restauration système
Il est nécessaire de désactiver puis réactiver la restauration système pour la purger car les points de restauration peuvent être infectés :
Pour XP : http://www.commentcamarche.net/faq/sujet 5097 virus system volume information
Pour Vista : http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista
poste moi les rapports une fois que tu te reconnectes à la fin de ces operations
bon courage
ton pc est infecté par rootkit.
1.Télécharges ComboFix à partir de ce lien :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
A lire
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
Et important, enregistre le sur le bureau.
Avant d'utiliser ComboFix :
► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.
► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
Une fois fait, sur ton bureau double-clic sur Combofix.exe.
- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.
/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.
- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.
- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)
► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.
► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
Si ça ne marche pas, tu vires combofix de sur ton bureau et tu télécharge depuis ce lien jacombo qui est combofix renommé cela permet de contrer certaine infection, tu le mets sur ton bureau et tu suis les explications données dans la procédure de combofix
http://sd-1.archive-host.com/membres/up/89820622056365782/jacombo.exe
2.télécharge Malwarebyte's ici
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
le programme va se mettre automatiquement a jour.
S'il manque le fichier COMCTL32.OCX, vous pourrez le télécharger ici
https://www.malekal.com/tutorial-aboutbuster/
Une fois a jour, le programme va se lancer; click sur l´onglet paramètre, et coche la case : "Arrêter internet explorer pendant la suppression".
Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".
Puis click sur "rechercher".
Laisse le scanner le pc...
Si des éléments on été trouvés > click sur supprimer la sélection.
si il t´es demandé de redémarrer > click sur "yes".
A la fin un rapport va s´ouvrir; sauvegarde le de manière a le retrouver en vu de le poster sur le forum.
Copie et colle le rapport stp.
PS : les rapport sont aussi rangé dans l onglet rapport/log
3.Désactivation/Réactivation de la restauration système
Il est nécessaire de désactiver puis réactiver la restauration système pour la purger car les points de restauration peuvent être infectés :
Pour XP : http://www.commentcamarche.net/faq/sujet 5097 virus system volume information
Pour Vista : http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista
poste moi les rapports une fois que tu te reconnectes à la fin de ces operations
bon courage
bleurk
Messages postés
110
Date d'inscription
vendredi 28 septembre 2007
Statut
Membre
Dernière intervention
1 mai 2012
17 juil. 2009 à 20:39
17 juil. 2009 à 20:39
ComboFix 09-07-14.08 - johnny 17/07/2009 20:17.1.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.1912 [GMT 2:00]
Running from: c:\users\johnny\Desktop\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1636297552-275803887-4191282785-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3603102019-2234686749-2930555637-500
c:\users\johnny\AppData\Roaming\inst.exe
c:\windows\Installer\48f0b.msi
c:\windows\TEMP\logishrd\LVPrcInj01.dll
D:\resycled
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))
.
2009-07-15 13:29 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 13:29 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 13:29 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 13:29 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-13 08:52 . 2009-07-13 08:52 -------- d-----w- c:\program files\Total Uninstall 5
2009-07-11 17:06 . 2009-07-11 17:21 -------- d-----w- c:\users\Invité.PC-de-johnny
2009-07-11 12:34 . 2009-07-11 16:27 -------- d-----w- c:\progra~2\PC Tools
2009-07-11 11:04 . 2009-07-11 11:04 -------- d-----w- c:\program files\Trend Micro
2009-07-10 16:10 . 2009-07-10 16:10 -------- d-----w- c:\progra~2\NortonInstaller
2009-07-10 15:45 . 2009-07-10 15:45 -------- d-----w- C:\GenProc
2009-07-10 13:01 . 2009-07-10 13:01 -------- d-----w- C:\UAC
2009-07-09 12:51 . 2009-07-09 12:51 -------- d-----w- c:\progra~2\Simply Super Software
2009-07-08 13:31 . 2009-07-06 20:44 937984 ----a-w- c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-08 13:31 . 2009-07-06 20:44 65536 ----a-w- c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-08 13:31 . 2009-07-06 20:44 4722688 ----a-w- c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-08 13:31 . 2009-07-06 20:44 344064 ----a-w- c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-08 13:31 . 2009-07-06 20:44 106496 ----a-w- c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-07-08 13:31 . 2009-07-06 20:44 103424 ----a-w- c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-05 18:05 . 2009-07-05 18:05 -------- d-----w- c:\program files\AusLogics Disk Defrag
2009-07-05 12:57 . 2009-07-05 12:57 -------- d-----w- c:\users\johnny\AppData\Roaming\Auslogics
2009-07-05 12:34 . 2009-07-05 12:34 -------- d-----w- c:\progra~2\F-Secure
2009-07-05 09:35 . 2009-06-30 17:19 106496 ----a-w- c:\users\johnny\AppData\Roaming\Mozilla\Plugins\npcoolirisplugin.dll
2009-07-05 09:14 . 2009-07-05 09:14 -------- d-----w- c:\users\johnny\AppData\Roaming\KC Softwares
2009-07-05 08:52 . 2009-07-05 08:52 -------- d-----w- c:\users\johnny\.VirtualBox
2009-07-05 08:48 . 2009-06-16 17:07 117136 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-07-05 08:47 . 2009-06-16 17:07 41424 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 16:23 . 2007-10-03 20:10 -------- d-----w- c:\users\johnny\AppData\Roaming\uTorrent
2009-07-16 10:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-16 10:27 . 2007-06-27 21:15 -------- d-----w- c:\progra~2\Microsoft Help
2009-07-15 15:00 . 2009-01-23 20:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 11:36 . 2009-01-23 20:06 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-01-23 20:06 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 08:58 . 2008-01-27 11:16 -------- d-----w- c:\progra~2\Martau
2009-07-10 16:14 . 2007-06-27 21:24 -------- d-----w- c:\program files\Symantec
2009-07-10 16:11 . 2007-06-27 21:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-10 13:34 . 2009-04-23 14:10 -------- d-----w- c:\users\johnny\AppData\Roaming\Apple Computer
2009-07-09 12:48 . 2007-10-07 11:58 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-07-06 14:04 . 2007-11-26 19:37 -------- d-----w- c:\program files\DeskSpace
2009-07-06 14:04 . 2007-10-15 11:53 -------- d-----w- c:\progra~2\mpDRM
2009-06-29 19:41 . 2009-04-19 11:03 -------- d-----w- c:\program files\LG PC Suite 2
2009-06-22 12:19 . 2007-06-27 20:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 12:35 . 2009-05-05 16:05 -------- d-----w- c:\progra~2\TrackMania
2009-06-16 17:07 . 2009-06-16 17:07 91280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-06-12 18:11 . 2009-06-12 18:11 -------- d-----w- c:\program files\iTunes
2009-06-12 18:11 . 2009-06-12 18:11 -------- d-----w- c:\program files\iPod
2009-06-12 18:11 . 2009-04-23 14:07 -------- d-----w- c:\program files\Common Files\Apple
2009-06-12 18:10 . 2009-06-12 18:10 -------- d-----w- c:\program files\QuickTime
2009-06-12 18:08 . 2008-06-15 16:36 -------- d-----w- c:\progra~2\Apple
2009-06-05 09:42 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 09:42 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-02 17:28 . 2007-10-13 15:56 -------- d-----w- c:\progra~2\Skyline
2009-06-02 17:28 . 2009-06-02 17:28 -------- d-----w- c:\program files\Skyline
2009-05-25 13:48 . 2007-10-07 11:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-19 12:26 . 2009-05-18 12:27 -------- d-----w- c:\program files\PokerStars
2009-05-15 08:50 . 2007-12-19 22:12 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-15 08:50 . 2007-12-19 22:12 22328 ----a-w- c:\users\johnny\AppData\Roaming\PnkBstrK.sys
2009-05-15 08:50 . 2007-12-19 22:12 22328 ----a-w- c:\users\johnny\AppData\Roaming\PnkBstrK.sys
2009-05-15 08:50 . 2007-12-19 22:12 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-15 08:50 . 2007-12-19 22:12 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-15 08:50 . 2007-12-19 22:12 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2009-05-14 13:20 . 2009-05-17 07:01 2645832 ----a-w- c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\maconfsetup.exe
2009-05-14 12:56 . 2009-05-17 07:01 402800 ----a-w- c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
2009-05-10 06:56 . 2007-06-27 20:30 267656652 ----a-w- c:\windows\DUMP2f78.tmp
2009-05-09 05:50 . 2009-06-10 15:35 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 15:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-01 20:31 . 2007-10-02 14:21 123656 ----a-w- c:\users\johnny\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-30 12:37 . 2009-06-10 17:57 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-10 17:57 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-23 12:43 . 2009-06-10 15:35 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 15:35 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 15:35 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-12 19:52 . 2009-01-12 17:16 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2007-10-09 18:10 . 2007-10-09 18:10 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-08-10 36864]
"msnlivesearch"="c:\program files\Windows Live\MessengerSearchAddon\msgrsrch.exe" [2008-10-04 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-14 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
c:\users\johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-8-10 196608]
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-1-11 2641920]
c:\users\johnny\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5162EBDC-EB52-4525-9173-09C840607D90}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{417F6086-6920-4531-8CF4-7A3689FCED8C}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{01E84E08-165A-4086-B97A-3A10EBF1F9D9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A5917D3D-D7CF-4ED0-8D7D-169E6FDAA32C}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2B632EF2-7214-4167-9682-8B183F3C31E9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"TCP Query User{4AD84DF4-9137-4D74-9FB9-371FE1D1CA58}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{9BF4F3F8-F790-4E1F-BC62-452BE27C3B2D}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{9206C643-84C6-4D1C-A269-36352EAD3BC1}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{07ED3DB4-E4B6-4DA4-AFF6-FBCC971E02EB}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{846315D1-0368-48BC-B5A4-2FF8C1DCC859}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{298B4F32-9134-4817-AF81-FD0226B509FD}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{FF640AF2-5623-4608-8663-6D3222355FC9}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A405207A-8514-425C-9A1E-8E39E781FA55}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{E4220E17-018B-41CE-AEC1-7F97A764C9A8}c:\\users\\johnny\\appdata\\local\\temp\\rar$ex43.190\\setup\\data\\iw3mp.exe"= UDP:c:\users\johnny\appdata\local\temp\rar$ex43.190\setup\data\iw3mp.exe:iw3mp.exe
"UDP Query User{77D7A68E-AF87-4117-9D77-127147023C0A}c:\\users\\johnny\\appdata\\local\\temp\\rar$ex43.190\\setup\\data\\iw3mp.exe"= TCP:c:\users\johnny\appdata\local\temp\rar$ex43.190\setup\data\iw3mp.exe:iw3mp.exe
"TCP Query User{4F23991F-7A77-4F9D-85C0-5E5389159D8E}c:\\program files\\simply tv-radio 2\\str.exe"= UDP:c:\program files\simply tv-radio 2\str.exe:Str
"UDP Query User{E9649933-FEB9-4C00-BC0C-FABBD9D66721}c:\\program files\\simply tv-radio 2\\str.exe"= TCP:c:\program files\simply tv-radio 2\str.exe:Str
"TCP Query User{8F39B91A-82A5-4D34-BABF-79B4436E0180}c:\\program files\\adsltv\\adsltv.exe"= UDP:c:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{567E34F6-3452-4034-8547-2F5B96529EC1}c:\\program files\\adsltv\\adsltv.exe"= TCP:c:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{35801024-4E8A-4066-90DA-171908EE3B10}c:\\program files\\adsltv\\vlc.exe"= UDP:c:\program files\adsltv\vlc.exe:VLC media player
"UDP Query User{740BAE42-9E9D-45C7-B105-D57BD3A4EA21}c:\\program files\\adsltv\\vlc.exe"= TCP:c:\program files\adsltv\vlc.exe:VLC media player
"TCP Query User{B067D3A4-3183-40BD-93D3-8DF8F11B20EF}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{EDA70E63-E001-47D0-825B-1664D483BA2F}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"TCP Query User{5AADA53A-DA0C-4B8B-8C17-2A7C69BFD9A0}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{1B1AA0FF-621F-47CD-92F6-23877D4F00FB}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{C8ADAA61-F140-4FEA-B405-726CAD938B63}c:\\program files\\iepro\\minidm.exe"= UDP:c:\program files\iepro\minidm.exe:MiniDM
"UDP Query User{915977C5-6D84-4B29-8B52-51ACA3C4487E}c:\\program files\\iepro\\minidm.exe"= TCP:c:\program files\iepro\minidm.exe:MiniDM
"{CCADEC88-4ECD-42D3-8CF1-3EABF3A72EE0}"= UDP:990:LocalSubnet:LocalSubnet|IF={003ADBE6-2D4B-47C6-A8C2-4DF94771E13B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{F8349471-D697-49EF-B995-C5DEB54DFD67}"= UDP:990:LocalSubnet:LocalSubnet|IF={003ADBE6-2D4B-47C6-A8C2-4DF94771E13B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{3D3FBD41-FADF-41CF-9FD6-53BE8860D037}"= UDP:990:LocalSubnet:LocalSubnet|IF={003ADBE6-2D4B-47C6-A8C2-4DF94771E13B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{03F43575-6BC7-41F4-8EE4-7EDDCC4D0C39}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{76BCDC95-A1C8-43FE-9C4F-D9EA8E0343EF}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{834B1DFC-D528-44F1-A1AF-0326B3597DD9}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:utorrent
"UDP Query User{DC876C6B-C858-45D2-8672-2B44641AF9A3}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:utorrent
"{B1ED5A79-740E-4DA0-B433-CBB62CCBC012}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{696A12CA-3852-47B0-A80D-37D6ABCD15A4}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{A3E745AC-3C04-4B21-A152-A7DB4DAC424F}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{045DFB61-3038-47DB-BBC8-73615E3CC1EB}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{58421C1E-7353-4DB0-B5AD-A536241E89C8}c:\\program files\\artefacts studio\\petanquedemo\\bin\\releasedemo\\petanque.exe"= UDP:c:\program files\artefacts studio\petanquedemo\bin\releasedemo\petanque.exe:Petanque
"UDP Query User{078C0394-FD5F-4822-AA5B-AB9280377A5A}c:\\program files\\artefacts studio\\petanquedemo\\bin\\releasedemo\\petanque.exe"= TCP:c:\program files\artefacts studio\petanquedemo\bin\releasedemo\petanque.exe:Petanque
"TCP Query User{8F42515D-F1FF-450B-918E-4463971108D6}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{CD472C95-A988-40BE-93FA-6C90BB22ACE1}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{10FA6ACA-3105-46B5-A462-139DFBD4FAF6}c:\\program files\\mswt kart 2004\\msworldtour.exe"= UDP:c:\program files\mswt kart 2004\msworldtour.exe:MSWorldTour
"UDP Query User{46AE1A8A-0341-4B75-BB31-440E060DCF64}c:\\program files\\mswt kart 2004\\msworldtour.exe"= TCP:c:\program files\mswt kart 2004\msworldtour.exe:MSWorldTour
"{1EAFAFDD-669F-4A42-9C4D-C5387C1D8765}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A7852A8B-8591-4D36-B4B9-B31AE2E26535}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{B2CBA4FE-6113-442D-A6AB-DB5611ACFBDD}c:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox
"UDP Query User{BD0EB77F-26E0-4D08-9426-B7D8A73958E6}c:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox
"TCP Query User{8BD66FE2-85E6-4B40-A6ED-8E691CCB6D82}c:\\windows\\system32\\ftp.exe"= UDP:c:\windows\system32\ftp.exe:Logiciel de transfert de fichiers
"UDP Query User{737C5251-8E31-4DFC-9EEE-C76E699DF6B8}c:\\windows\\system32\\ftp.exe"= TCP:c:\windows\system32\ftp.exe:Logiciel de transfert de fichiers
"{AF2B9CA5-2053-46D7-AB3B-8965E8093959}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{0729553E-7BFB-4969-8E93-C1D9F64930B2}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{82BDCC02-A8E2-44EF-87A8-AB63C904824D}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{EE502F00-DA3E-4999-A2E8-D892980EAA3F}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{0667F5D7-5BA5-435A-A9A9-DE4E63BBA58F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{A1386FE0-76A9-47AD-92FF-D3A97E5F76F5}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A8BF65C8-10B7-4A1F-8958-F0947E00A279}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{57D3D91C-B649-4566-899C-5ACDFEACEE34}c:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:c:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{63AAFC8C-4BE2-4A0B-B812-278C8C311F92}c:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:c:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"TCP Query User{AEAD844D-3567-43F9-9CE7-9932C304CC8C}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{CCED0175-B490-43AC-9A65-F33D157DC1C8}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"{7A11CE01-8592-4E58-9A9A-23A6307F5828}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2E73D536-1BD5-4459-ADF8-7B9A40EECCAE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{82F20FBE-4CE2-41BD-874F-E0759DC0928B}"= UDP:c:\users\johnny\AppData\Local\Temp\7zSE9F3.tmp\SymNRT.exe:Norton Removal Tool
"{645D8F0E-8408-4E16-BDF9-411CA8FBF79F}"= TCP:c:\users\johnny\AppData\Local\Temp\7zSE9F3.tmp\SymNRT.exe:Norton Removal Tool
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [01/05/2009 08:38 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [07/10/2007 13:59 1153368]
S2 ExploitShield;F-Secure Exploit Shield Service;"c:\program files\F-Secure\ExploitShield\fsessrv.exe" --> c:\program files\F-Secure\ExploitShield\fsessrv.exe [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\System32\drivers\VBoxNetAdp.sys [16/06/2009 19:07 91280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-F-Secure ExploitShield - c:\program files\F-Secure\ExploitShield\fsesgui.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\www
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/webhp?client=firefox-a&rls=org.mozilla:fr:official&channel=s&hl=fr&btnG=Recherche+Google
FF - component: c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\johnny\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-17 20:23
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\TMP00000002250DB8F94DF7102F 524288 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3603102019-2234686749-2930555637-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0805AF41-ECF3-AF94-76EE-CBA4C8039A52}*]
"oafblccplkocipoihlafglngbbjneh"=hex:6b,61,64,68,68,6a,62,68,66,67,6a,67,62,6b,
68,6a,61,66,63,61,65,6e,00,77
"papbbaefbdagnhigjgannecbcdlamdal"=hex:6b,61,64,68,6b,6a,6d,66,6b,65,66,62,65,
62,6c,70,63,62,69,65,65,62,00,77
[HKEY_USERS\S-1-5-21-3603102019-2234686749-2930555637-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E83FAB4A-1201-6040-6EB2-80F6A1BDC8D2}*]
"aa"=hex:6a,61,6f,61,6f,68,70,65,70,66,66,66,66,70,61,6e,6e,6e,63,6b,00,16
[HKEY_USERS\S-1-5-21-3603102019-2234686749-2930555637-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,2a,35,37,44,38,ef,b4,a5,ca,00,d9,a3,38,e4,eb,6f,e1,cd,7e,8b,fa,b5,
c0,e0,08,27,5f,87,ac,02,33,09,50,77,3f,ca,57,08,d8,45,13,38,dc,1d,7c,f5,f6,\
"??"=hex:4b,00,14,ae,14,32,15,25,7b,dd,b7,94,6c,88,78,50
[HKEY_USERS\S-1-5-21-3603102019-2234686749-2930555637-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:18,d7,5b,22,53,ff,6e,36,5f,3c,c7,90,b8,4c,2d,9f,d6,fb,62,b4,e6,
e9,4b,d2,11,85,0c,42,88,db,49,f5,8b,37,78,ba,ed,56,fd,49,60,74,7a,14,79,b3,\
"rkeysecu"=hex:9b,04,a8,92,08,fb,4f,36,8b,5e,a1,13,bb,bb,01,d1
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(9024)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
.
**************************************************************************
.
Completion time: 2009-07-17 20:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-17 18:29
Pre-Run: 214 732 218 368 octets libres
Post-Run: 214 910 898 176 octets libres
308 --- E O F --- 2009-07-17 07:52
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6001.1.1252.33.1036.18.3070.1912 [GMT 2:00]
Running from: c:\users\johnny\Desktop\ComboFix.exe
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1636297552-275803887-4191282785-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3603102019-2234686749-2930555637-500
c:\users\johnny\AppData\Roaming\inst.exe
c:\windows\Installer\48f0b.msi
c:\windows\TEMP\logishrd\LVPrcInj01.dll
D:\resycled
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games
((((((((((((((((((((((((( Files Created from 2009-06-17 to 2009-07-17 )))))))))))))))))))))))))))))))
.
2009-07-15 13:29 . 2009-06-15 15:24 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-15 13:29 . 2009-06-15 15:20 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-15 13:29 . 2009-06-15 15:20 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-15 13:29 . 2009-06-15 12:52 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-13 08:52 . 2009-07-13 08:52 -------- d-----w- c:\program files\Total Uninstall 5
2009-07-11 17:06 . 2009-07-11 17:21 -------- d-----w- c:\users\Invité.PC-de-johnny
2009-07-11 12:34 . 2009-07-11 16:27 -------- d-----w- c:\progra~2\PC Tools
2009-07-11 11:04 . 2009-07-11 11:04 -------- d-----w- c:\program files\Trend Micro
2009-07-10 16:10 . 2009-07-10 16:10 -------- d-----w- c:\progra~2\NortonInstaller
2009-07-10 15:45 . 2009-07-10 15:45 -------- d-----w- C:\GenProc
2009-07-10 13:01 . 2009-07-10 13:01 -------- d-----w- C:\UAC
2009-07-09 12:51 . 2009-07-09 12:51 -------- d-----w- c:\progra~2\Simply Super Software
2009-07-08 13:31 . 2009-07-06 20:44 937984 ----a-w- c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-08 13:31 . 2009-07-06 20:44 65536 ----a-w- c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-08 13:31 . 2009-07-06 20:44 4722688 ----a-w- c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-08 13:31 . 2009-07-06 20:44 344064 ----a-w- c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-08 13:31 . 2009-07-06 20:44 106496 ----a-w- c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2009-07-08 13:31 . 2009-07-06 20:44 103424 ----a-w- c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-05 18:05 . 2009-07-05 18:05 -------- d-----w- c:\program files\AusLogics Disk Defrag
2009-07-05 12:57 . 2009-07-05 12:57 -------- d-----w- c:\users\johnny\AppData\Roaming\Auslogics
2009-07-05 12:34 . 2009-07-05 12:34 -------- d-----w- c:\progra~2\F-Secure
2009-07-05 09:35 . 2009-06-30 17:19 106496 ----a-w- c:\users\johnny\AppData\Roaming\Mozilla\Plugins\npcoolirisplugin.dll
2009-07-05 09:14 . 2009-07-05 09:14 -------- d-----w- c:\users\johnny\AppData\Roaming\KC Softwares
2009-07-05 08:52 . 2009-07-05 08:52 -------- d-----w- c:\users\johnny\.VirtualBox
2009-07-05 08:48 . 2009-06-16 17:07 117136 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2009-07-05 08:47 . 2009-06-16 17:07 41424 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-17 16:23 . 2007-10-03 20:10 -------- d-----w- c:\users\johnny\AppData\Roaming\uTorrent
2009-07-16 10:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-16 10:27 . 2007-06-27 21:15 -------- d-----w- c:\progra~2\Microsoft Help
2009-07-15 15:00 . 2009-01-23 20:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 11:36 . 2009-01-23 20:06 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2009-01-23 20:06 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 08:58 . 2008-01-27 11:16 -------- d-----w- c:\progra~2\Martau
2009-07-10 16:14 . 2007-06-27 21:24 -------- d-----w- c:\program files\Symantec
2009-07-10 16:11 . 2007-06-27 21:24 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-07-10 13:34 . 2009-04-23 14:10 -------- d-----w- c:\users\johnny\AppData\Roaming\Apple Computer
2009-07-09 12:48 . 2007-10-07 11:58 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2009-07-06 14:04 . 2007-11-26 19:37 -------- d-----w- c:\program files\DeskSpace
2009-07-06 14:04 . 2007-10-15 11:53 -------- d-----w- c:\progra~2\mpDRM
2009-06-29 19:41 . 2009-04-19 11:03 -------- d-----w- c:\program files\LG PC Suite 2
2009-06-22 12:19 . 2007-06-27 20:58 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-21 12:35 . 2009-05-05 16:05 -------- d-----w- c:\progra~2\TrackMania
2009-06-16 17:07 . 2009-06-16 17:07 91280 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2009-06-12 18:11 . 2009-06-12 18:11 -------- d-----w- c:\program files\iTunes
2009-06-12 18:11 . 2009-06-12 18:11 -------- d-----w- c:\program files\iPod
2009-06-12 18:11 . 2009-04-23 14:07 -------- d-----w- c:\program files\Common Files\Apple
2009-06-12 18:10 . 2009-06-12 18:10 -------- d-----w- c:\program files\QuickTime
2009-06-12 18:08 . 2008-06-15 16:36 -------- d-----w- c:\progra~2\Apple
2009-06-05 09:42 . 2009-06-05 09:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 09:42 . 2009-06-05 09:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-02 17:28 . 2007-10-13 15:56 -------- d-----w- c:\progra~2\Skyline
2009-06-02 17:28 . 2009-06-02 17:28 -------- d-----w- c:\program files\Skyline
2009-05-25 13:48 . 2007-10-07 11:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-19 12:26 . 2009-05-18 12:27 -------- d-----w- c:\program files\PokerStars
2009-05-15 08:50 . 2007-12-19 22:12 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-05-15 08:50 . 2007-12-19 22:12 22328 ----a-w- c:\users\johnny\AppData\Roaming\PnkBstrK.sys
2009-05-15 08:50 . 2007-12-19 22:12 22328 ----a-w- c:\users\johnny\AppData\Roaming\PnkBstrK.sys
2009-05-15 08:50 . 2007-12-19 22:12 107832 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-05-15 08:50 . 2007-12-19 22:12 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-05-15 08:50 . 2007-12-19 22:12 2250024 ----a-w- c:\windows\system32\pbsvc.exe
2009-05-14 13:20 . 2009-05-17 07:01 2645832 ----a-w- c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\maconfsetup.exe
2009-05-14 12:56 . 2009-05-17 07:01 402800 ----a-w- c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
2009-05-10 06:56 . 2007-06-27 20:30 267656652 ----a-w- c:\windows\DUMP2f78.tmp
2009-05-09 05:50 . 2009-06-10 15:35 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-10 15:35 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-01 20:31 . 2007-10-02 14:21 123656 ----a-w- c:\users\johnny\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-30 12:37 . 2009-06-10 17:57 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-10 17:57 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-23 12:43 . 2009-06-10 15:35 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-10 15:35 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-10 15:35 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-12 19:52 . 2009-01-12 17:16 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2007-10-09 18:10 . 2007-10-09 18:10 22 --sha-w- c:\windows\SMINST\HPCD.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-08-10 36864]
"msnlivesearch"="c:\program files\Windows Live\MessengerSearchAddon\msgrsrch.exe" [2008-10-04 49152]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-14 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
c:\users\johnny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
c:\progra~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-8-10 196608]
PDFCreator.lnk - c:\program files\PDFCreator\PDFCreator.exe [2008-1-11 2641920]
c:\users\johnny\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{5162EBDC-EB52-4525-9173-09C840607D90}"= UDP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{417F6086-6920-4531-8CF4-7A3689FCED8C}"= TCP:c:\program files\uTorrent\utorrent.exe:µTorrent
"{01E84E08-165A-4086-B97A-3A10EBF1F9D9}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{A5917D3D-D7CF-4ED0-8D7D-169E6FDAA32C}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2B632EF2-7214-4167-9682-8B183F3C31E9}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"TCP Query User{4AD84DF4-9137-4D74-9FB9-371FE1D1CA58}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{9BF4F3F8-F790-4E1F-BC62-452BE27C3B2D}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{9206C643-84C6-4D1C-A269-36352EAD3BC1}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{07ED3DB4-E4B6-4DA4-AFF6-FBCC971E02EB}c:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{846315D1-0368-48BC-B5A4-2FF8C1DCC859}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{298B4F32-9134-4817-AF81-FD0226B509FD}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{FF640AF2-5623-4608-8663-6D3222355FC9}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{A405207A-8514-425C-9A1E-8E39E781FA55}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"TCP Query User{E4220E17-018B-41CE-AEC1-7F97A764C9A8}c:\\users\\johnny\\appdata\\local\\temp\\rar$ex43.190\\setup\\data\\iw3mp.exe"= UDP:c:\users\johnny\appdata\local\temp\rar$ex43.190\setup\data\iw3mp.exe:iw3mp.exe
"UDP Query User{77D7A68E-AF87-4117-9D77-127147023C0A}c:\\users\\johnny\\appdata\\local\\temp\\rar$ex43.190\\setup\\data\\iw3mp.exe"= TCP:c:\users\johnny\appdata\local\temp\rar$ex43.190\setup\data\iw3mp.exe:iw3mp.exe
"TCP Query User{4F23991F-7A77-4F9D-85C0-5E5389159D8E}c:\\program files\\simply tv-radio 2\\str.exe"= UDP:c:\program files\simply tv-radio 2\str.exe:Str
"UDP Query User{E9649933-FEB9-4C00-BC0C-FABBD9D66721}c:\\program files\\simply tv-radio 2\\str.exe"= TCP:c:\program files\simply tv-radio 2\str.exe:Str
"TCP Query User{8F39B91A-82A5-4D34-BABF-79B4436E0180}c:\\program files\\adsltv\\adsltv.exe"= UDP:c:\program files\adsltv\adsltv.exe:adsltv
"UDP Query User{567E34F6-3452-4034-8547-2F5B96529EC1}c:\\program files\\adsltv\\adsltv.exe"= TCP:c:\program files\adsltv\adsltv.exe:adsltv
"TCP Query User{35801024-4E8A-4066-90DA-171908EE3B10}c:\\program files\\adsltv\\vlc.exe"= UDP:c:\program files\adsltv\vlc.exe:VLC media player
"UDP Query User{740BAE42-9E9D-45C7-B105-D57BD3A4EA21}c:\\program files\\adsltv\\vlc.exe"= TCP:c:\program files\adsltv\vlc.exe:VLC media player
"TCP Query User{B067D3A4-3183-40BD-93D3-8DF8F11B20EF}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= UDP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"UDP Query User{EDA70E63-E001-47D0-825B-1664D483BA2F}c:\\program files\\nero\\nero8\\nero showtime\\showtime.exe"= TCP:c:\program files\nero\nero8\nero showtime\showtime.exe:Nero ShowTime
"TCP Query User{5AADA53A-DA0C-4B8B-8C17-2A7C69BFD9A0}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{1B1AA0FF-621F-47CD-92F6-23877D4F00FB}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{C8ADAA61-F140-4FEA-B405-726CAD938B63}c:\\program files\\iepro\\minidm.exe"= UDP:c:\program files\iepro\minidm.exe:MiniDM
"UDP Query User{915977C5-6D84-4B29-8B52-51ACA3C4487E}c:\\program files\\iepro\\minidm.exe"= TCP:c:\program files\iepro\minidm.exe:MiniDM
"{CCADEC88-4ECD-42D3-8CF1-3EABF3A72EE0}"= UDP:990:LocalSubnet:LocalSubnet|IF={003ADBE6-2D4B-47C6-A8C2-4DF94771E13B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{F8349471-D697-49EF-B995-C5DEB54DFD67}"= UDP:990:LocalSubnet:LocalSubnet|IF={003ADBE6-2D4B-47C6-A8C2-4DF94771E13B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{3D3FBD41-FADF-41CF-9FD6-53BE8860D037}"= UDP:990:LocalSubnet:LocalSubnet|IF={003ADBE6-2D4B-47C6-A8C2-4DF94771E13B}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"TCP Query User{03F43575-6BC7-41F4-8EE4-7EDDCC4D0C39}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{76BCDC95-A1C8-43FE-9C4F-D9EA8E0343EF}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{834B1DFC-D528-44F1-A1AF-0326B3597DD9}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:utorrent
"UDP Query User{DC876C6B-C858-45D2-8672-2B44641AF9A3}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:utorrent
"{B1ED5A79-740E-4DA0-B433-CBB62CCBC012}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{696A12CA-3852-47B0-A80D-37D6ABCD15A4}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{A3E745AC-3C04-4B21-A152-A7DB4DAC424F}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{045DFB61-3038-47DB-BBC8-73615E3CC1EB}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{58421C1E-7353-4DB0-B5AD-A536241E89C8}c:\\program files\\artefacts studio\\petanquedemo\\bin\\releasedemo\\petanque.exe"= UDP:c:\program files\artefacts studio\petanquedemo\bin\releasedemo\petanque.exe:Petanque
"UDP Query User{078C0394-FD5F-4822-AA5B-AB9280377A5A}c:\\program files\\artefacts studio\\petanquedemo\\bin\\releasedemo\\petanque.exe"= TCP:c:\program files\artefacts studio\petanquedemo\bin\releasedemo\petanque.exe:Petanque
"TCP Query User{8F42515D-F1FF-450B-918E-4463971108D6}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{CD472C95-A988-40BE-93FA-6C90BB22ACE1}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{10FA6ACA-3105-46B5-A462-139DFBD4FAF6}c:\\program files\\mswt kart 2004\\msworldtour.exe"= UDP:c:\program files\mswt kart 2004\msworldtour.exe:MSWorldTour
"UDP Query User{46AE1A8A-0341-4B75-BB31-440E060DCF64}c:\\program files\\mswt kart 2004\\msworldtour.exe"= TCP:c:\program files\mswt kart 2004\msworldtour.exe:MSWorldTour
"{1EAFAFDD-669F-4A42-9C4D-C5387C1D8765}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{A7852A8B-8591-4D36-B4B9-B31AE2E26535}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{B2CBA4FE-6113-442D-A6AB-DB5611ACFBDD}c:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= UDP:c:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox
"UDP Query User{BD0EB77F-26E0-4D08-9426-B7D8A73958E6}c:\\program files\\mozilla firefox 3 beta 5\\firefox.exe"= TCP:c:\program files\mozilla firefox 3 beta 5\firefox.exe:Firefox
"TCP Query User{8BD66FE2-85E6-4B40-A6ED-8E691CCB6D82}c:\\windows\\system32\\ftp.exe"= UDP:c:\windows\system32\ftp.exe:Logiciel de transfert de fichiers
"UDP Query User{737C5251-8E31-4DFC-9EEE-C76E699DF6B8}c:\\windows\\system32\\ftp.exe"= TCP:c:\windows\system32\ftp.exe:Logiciel de transfert de fichiers
"{AF2B9CA5-2053-46D7-AB3B-8965E8093959}"= UDP:48113:LocalSubnet:LocalSubnet:maconfig_tcp
"{0729553E-7BFB-4969-8E93-C1D9F64930B2}"= TCP:48113:LocalSubnet:LocalSubnet:maconfig_udp
"{82BDCC02-A8E2-44EF-87A8-AB63C904824D}"= UDP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{EE502F00-DA3E-4999-A2E8-D892980EAA3F}"= TCP:c:\program files\ma-config.com\maconfservice.exe:maconfservice
"{0667F5D7-5BA5-435A-A9A9-DE4E63BBA58F}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"{A1386FE0-76A9-47AD-92FF-D3A97E5F76F5}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A8BF65C8-10B7-4A1F-8958-F0947E00A279}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{57D3D91C-B649-4566-899C-5ACDFEACEE34}c:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:c:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{63AAFC8C-4BE2-4A0B-B812-278C8C311F92}c:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:c:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"TCP Query User{AEAD844D-3567-43F9-9CE7-9932C304CC8C}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{CCED0175-B490-43AC-9A65-F33D157DC1C8}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"{7A11CE01-8592-4E58-9A9A-23A6307F5828}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2E73D536-1BD5-4459-ADF8-7B9A40EECCAE}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{82F20FBE-4CE2-41BD-874F-E0759DC0928B}"= UDP:c:\users\johnny\AppData\Local\Temp\7zSE9F3.tmp\SymNRT.exe:Norton Removal Tool
"{645D8F0E-8408-4E16-BDF9-411CA8FBF79F}"= TCP:c:\users\johnny\AppData\Local\Temp\7zSE9F3.tmp\SymNRT.exe:Norton Removal Tool
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [01/05/2009 08:38 108289]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [07/10/2007 13:59 1153368]
S2 ExploitShield;F-Secure Exploit Shield Service;"c:\program files\F-Secure\ExploitShield\fsessrv.exe" --> c:\program files\F-Secure\ExploitShield\fsessrv.exe [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\System32\drivers\VBoxNetAdp.sys [16/06/2009 19:07 91280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-F-Secure ExploitShield - c:\program files\F-Secure\ExploitShield\fsesgui.exe
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/
mWindow Title =
uInternet Settings,ProxyOverride = *.local
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: microsoft.com\www
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/webhp?client=firefox-a&rls=org.mozilla:fr:official&channel=s&hl=fr&btnG=Recherche+Google
FF - component: c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF - plugin: c:\users\johnny\AppData\Roaming\Mozilla\Firefox\Profiles\djgklwtr.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - plugin: c:\users\johnny\AppData\Roaming\Mozilla\plugins\npcoolirisplugin.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-17 20:23
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\windows\TEMP\TMP00000002250DB8F94DF7102F 524288 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-3603102019-2234686749-2930555637-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0805AF41-ECF3-AF94-76EE-CBA4C8039A52}*]
"oafblccplkocipoihlafglngbbjneh"=hex:6b,61,64,68,68,6a,62,68,66,67,6a,67,62,6b,
68,6a,61,66,63,61,65,6e,00,77
"papbbaefbdagnhigjgannecbcdlamdal"=hex:6b,61,64,68,6b,6a,6d,66,6b,65,66,62,65,
62,6c,70,63,62,69,65,65,62,00,77
[HKEY_USERS\S-1-5-21-3603102019-2234686749-2930555637-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E83FAB4A-1201-6040-6EB2-80F6A1BDC8D2}*]
"aa"=hex:6a,61,6f,61,6f,68,70,65,70,66,66,66,66,70,61,6e,6e,6e,63,6b,00,16
[HKEY_USERS\S-1-5-21-3603102019-2234686749-2930555637-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,2a,35,37,44,38,ef,b4,a5,ca,00,d9,a3,38,e4,eb,6f,e1,cd,7e,8b,fa,b5,
c0,e0,08,27,5f,87,ac,02,33,09,50,77,3f,ca,57,08,d8,45,13,38,dc,1d,7c,f5,f6,\
"??"=hex:4b,00,14,ae,14,32,15,25,7b,dd,b7,94,6c,88,78,50
[HKEY_USERS\S-1-5-21-3603102019-2234686749-2930555637-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:18,d7,5b,22,53,ff,6e,36,5f,3c,c7,90,b8,4c,2d,9f,d6,fb,62,b4,e6,
e9,4b,d2,11,85,0c,42,88,db,49,f5,8b,37,78,ba,ed,56,fd,49,60,74,7a,14,79,b3,\
"rkeysecu"=hex:9b,04,a8,92,08,fb,4f,36,8b,5e,a1,13,bb,bb,01,d1
[HKEY_LOCAL_MACHINE\system\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(9024)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\windows\System32\WUDFHost.exe
c:\windows\System32\conime.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
.
**************************************************************************
.
Completion time: 2009-07-17 20:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-17 18:29
Pre-Run: 214 732 218 368 octets libres
Post-Run: 214 910 898 176 octets libres
308 --- E O F --- 2009-07-17 07:52
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Utilisateur anonyme
17 juil. 2009 à 21:08
17 juil. 2009 à 21:08
n'oublie pas la deuxième partie de poste 23 :
http://www.commentcamarche.net/forum/affich 13266950 trojan?page=2#23
http://www.commentcamarche.net/forum/affich 13266950 trojan?page=2#23
bleurk
Messages postés
110
Date d'inscription
vendredi 28 septembre 2007
Statut
Membre
Dernière intervention
1 mai 2012
17 juil. 2009 à 23:06
17 juil. 2009 à 23:06
ok merci, est ce qu'il faut que je télécharge Gmer? ( comme il me le dit)
bleurk
Messages postés
110
Date d'inscription
vendredi 28 septembre 2007
Statut
Membre
Dernière intervention
1 mai 2012
17 juil. 2009 à 23:08
17 juil. 2009 à 23:08
Malwarebytes' Anti-Malware 1.39
Version de la base de données: 2452
Windows 6.0.6001 Service Pack 1
17/07/2009 23:07:59
mbam-log-2009-07-17 (23-07-59).txt
Type de recherche: Examen rapide
Eléments examinés: 100856
Temps écoulé: 3 minute(s), 8 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Version de la base de données: 2452
Windows 6.0.6001 Service Pack 1
17/07/2009 23:07:59
mbam-log-2009-07-17 (23-07-59).txt
Type de recherche: Examen rapide
Eléments examinés: 100856
Temps écoulé: 3 minute(s), 8 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
bleurk
Messages postés
110
Date d'inscription
vendredi 28 septembre 2007
Statut
Membre
Dernière intervention
1 mai 2012
17 juil. 2009 à 23:12
17 juil. 2009 à 23:12
croit tu que je suis encore infecté?
Utilisateur anonyme
18 juil. 2009 à 09:12
18 juil. 2009 à 09:12
bonjour,
pour être sûr qu'il en reste plus rien même dans les points de restauration suis ceci :
supprimer les point s de restauratuin sous vista :
démarrer => clic droit sur Ordinateur => Propriétés.
Ensuite dans le volet de gauche, cliquez sur « protection du système ».
va dans « Points de restauration automatique » et décochez toutes les cases. Une alerte vous informera que tous les points vont être supprimés. Cliquez sur « désactiver ».
Valide par ok et redémarrez ton PC en lançant au démarrage une bonne analyse antivirus avec ton antivirus
Une fois le système sain, répéte l’opération et recoche ton Disque Système (par défaut c’est le C).
N’oublie pas bien sur de créer ensuite immédiatement après être bien sur que ton système est sain, un point de restauration .
Pour cela faites démarrer => Ensuite cliquez sur « Suivant » Tous les Programmes => Accessoires => Outils système => Restauration du système
passe tout simplement un scan de spaybot pour voir s'il trouve ecore quelque chose
puis un log de hijackthis pour voir les processus inutiles, les toolbar...
on va s'en occuper des que tu as fais ces étapes.
pour être sûr qu'il en reste plus rien même dans les points de restauration suis ceci :
supprimer les point s de restauratuin sous vista :
démarrer => clic droit sur Ordinateur => Propriétés.
Ensuite dans le volet de gauche, cliquez sur « protection du système ».
va dans « Points de restauration automatique » et décochez toutes les cases. Une alerte vous informera que tous les points vont être supprimés. Cliquez sur « désactiver ».
Valide par ok et redémarrez ton PC en lançant au démarrage une bonne analyse antivirus avec ton antivirus
Une fois le système sain, répéte l’opération et recoche ton Disque Système (par défaut c’est le C).
N’oublie pas bien sur de créer ensuite immédiatement après être bien sur que ton système est sain, un point de restauration .
Pour cela faites démarrer => Ensuite cliquez sur « Suivant » Tous les Programmes => Accessoires => Outils système => Restauration du système
passe tout simplement un scan de spaybot pour voir s'il trouve ecore quelque chose
puis un log de hijackthis pour voir les processus inutiles, les toolbar...
on va s'en occuper des que tu as fais ces étapes.
bleurk
Messages postés
110
Date d'inscription
vendredi 28 septembre 2007
Statut
Membre
Dernière intervention
1 mai 2012
18 juil. 2009 à 11:17
18 juil. 2009 à 11:17
bonjour,
ok merci bq
ok merci bq
bleurk
Messages postés
110
Date d'inscription
vendredi 28 septembre 2007
Statut
Membre
Dernière intervention
1 mai 2012
18 juil. 2009 à 12:07
18 juil. 2009 à 12:07
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:07:30, on 18/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\johnny\Desktop\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O18 - Protocol: bw+0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Exploit Shield Service (ExploitShield) - Unknown owner - C:\Program Files\F-Secure\ExploitShield\fsessrv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Scan saved at 12:07:30, on 18/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\johnny\Desktop\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O18 - Protocol: bw+0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Exploit Shield Service (ExploitShield) - Unknown owner - C:\Program Files\F-Secure\ExploitShield\fsessrv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Utilisateur anonyme
18 juil. 2009 à 12:34
18 juil. 2009 à 12:34
et le rapport spaybot?de
en attendant je vais découper le log de hijackthis, il y a des bricoles à revoir, à commencer par le restant de norton et les toolbar.
1° Pour désinstaller le restant de Norton : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
Un complément
https://www.01net.com/telecharger/windows/Utilitaire/manipulation_de_fichier/fiches/32585.html
2° Vire les toolbar :
• Télécharge:
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
• !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!
• Double-cliques sur l'.exe pour lancer l'installe et laisses toi guider
• Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
• Choisis l'option 1 ( "recherche") et tapes "entrée" .
• Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité de son contenu dans ta prochaine réponse ...
• ( le rapport est en outre sauvegardé ici -> C:\TB.txt )
• Tuto :
https://sites.google.com/site/toolbarsd/aideenimages toolbarSD
je t'indique ce qui reste à faire après.
en attendant je vais découper le log de hijackthis, il y a des bricoles à revoir, à commencer par le restant de norton et les toolbar.
1° Pour désinstaller le restant de Norton : http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20050414110429924
Un complément
https://www.01net.com/telecharger/windows/Utilitaire/manipulation_de_fichier/fiches/32585.html
2° Vire les toolbar :
• Télécharge:
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
• !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!
• Double-cliques sur l'.exe pour lancer l'installe et laisses toi guider
• Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
• Choisis l'option 1 ( "recherche") et tapes "entrée" .
• Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité de son contenu dans ta prochaine réponse ...
• ( le rapport est en outre sauvegardé ici -> C:\TB.txt )
• Tuto :
https://sites.google.com/site/toolbarsd/aideenimages toolbarSD
je t'indique ce qui reste à faire après.
bleurk
Messages postés
110
Date d'inscription
vendredi 28 septembre 2007
Statut
Membre
Dernière intervention
1 mai 2012
18 juil. 2009 à 13:24
18 juil. 2009 à 13:24
-----------\\ ToolBar S&D 1.2.8 XP/Vista
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : johnny ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:290 Go (Free:198 Go)
D:\ (Local Disk) - NTFS - Total:7 Go (Free:1 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 18/07/2009|13:23 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\Windows\\System32\\blank.htm"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 24/01/2009|17:43 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 25/01/2009|22:50 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 11/07/2009|11:37 - Option : [2]
4 - "C:\ToolBar SD\TB_4.txt" - 18/07/2009|13:24 - Option : [1]
-----------\\ Fin du rapport a 13:24:24,93
Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 5600+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : johnny ( Not Administrator ! )
BOOT : Normal boot
C:\ (Local Disk) - NTFS - Total:290 Go (Free:198 Go)
D:\ (Local Disk) - NTFS - Total:7 Go (Free:1 Go)
E:\ (CD or DVD)
G:\ (USB)
H:\ (USB)
I:\ (USB)
J:\ (USB)
"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 18/07/2009|13:23 )
-----------\\ Recherche de Fichiers / Dossiers ...
-----------\\ [..\Internet Explorer\Main]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Default_search_url"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Url"="https://www.msn.com/fr-fr/actualite/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.msn.com/fr-fr/"
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Local Page"="C:\\Windows\\System32\\blank.htm"
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
1 - "C:\ToolBar SD\TB_1.txt" - 24/01/2009|17:43 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 25/01/2009|22:50 - Option : [2]
3 - "C:\ToolBar SD\TB_3.txt" - 11/07/2009|11:37 - Option : [2]
4 - "C:\ToolBar SD\TB_4.txt" - 18/07/2009|13:24 - Option : [1]
-----------\\ Fin du rapport a 13:24:24,93
bleurk
Messages postés
110
Date d'inscription
vendredi 28 septembre 2007
Statut
Membre
Dernière intervention
1 mai 2012
18 juil. 2009 à 13:32
18 juil. 2009 à 13:32
Félicitations!: Aucun mouchard n'a été trouvé. (Status)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-03-30 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-07-07 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-07 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-06-30 Includes\Malware.sbi (*)
2009-07-07 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-07-07 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-07-07 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-07-07 Includes\Trojans.sbi (*)
2009-07-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2008-12-24 Plugins\TCPIPAddress.dll
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2008-01-28 SDDelFile.exe (1.0.2.4)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-03-30 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-01-26 advcheck.dll (1.6.2.15)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-10-22 Tools.dll (2.1.6.8)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-05-19 Includes\Adware.sbi (*)
2009-06-02 Includes\AdwareC.sbi (*)
2009-01-22 Includes\Cookies.sbi (*)
2009-05-19 Includes\Dialer.sbi (*)
2009-06-02 Includes\DialerC.sbi (*)
2009-01-22 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2009-07-07 Includes\HijackersC.sbi (*)
2009-06-23 Includes\Keyloggers.sbi (*)
2009-07-07 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2009-06-30 Includes\Malware.sbi (*)
2009-07-07 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2009-07-07 Includes\PUPSC.sbi (*)
2009-01-22 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2009-06-02 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-04-07 Includes\Spyware.sbi (*)
2009-07-07 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti
2009-07-07 Includes\Trojans.sbi (*)
2009-07-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2008-12-24 Plugins\TCPIPAddress.dll
bleurk
Messages postés
110
Date d'inscription
vendredi 28 septembre 2007
Statut
Membre
Dernière intervention
1 mai 2012
18 juil. 2009 à 13:33
18 juil. 2009 à 13:33
désinstallation norton effectuer
Utilisateur anonyme
18 juil. 2009 à 14:10
18 juil. 2009 à 14:10
repasse un autre log hijackthis pour que je t'indique les processus qui sont à fixer s'il te plait
bleurk
Messages postés
110
Date d'inscription
vendredi 28 septembre 2007
Statut
Membre
Dernière intervention
1 mai 2012
18 juil. 2009 à 14:51
18 juil. 2009 à 14:51
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:51:19, on 18/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\johnny\Desktop\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O18 - Protocol: bw+0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Exploit Shield Service (ExploitShield) - Unknown owner - C:\Program Files\F-Secure\ExploitShield\fsessrv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Scan saved at 14:51:19, on 18/07/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PDFCreator\PDFCreator.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\johnny\Desktop\Downloads\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\COMMON~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [msnlivesearch] C:\Program Files\Windows Live\MessengerSearchAddon\msgrsrch.exe /Run
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: PDFCreator.lnk = C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O18 - Protocol: bw+0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: offline-8876480 - {2E1C31C2-8A6F-4CE6-AD09-DD880558C06B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skyline - {3A4F9195-65A8-11D5-85C1-0001023952C1} - C:\Program Files\Skyline\TerraExplorer\TerraExplorerX.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: F-Secure Exploit Shield Service (ExploitShield) - Unknown owner - C:\Program Files\F-Secure\ExploitShield\fsessrv.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Unknown owner - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
Utilisateur anonyme
18 juil. 2009 à 16:57
18 juil. 2009 à 16:57
1° google toolbar toujours présent sur ton pc, à suppimer avec le lien que je t'ai laissé pour les toolbar :
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Rappel pour virer les toolbar :
• Télécharge:https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
• !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!
• Double-cliques sur l'.exe pour lancer l'installe et laisses toi guider
• Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
• Choisis l'option 1 ( "recherche") et tapes "entrée" .
• Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité de son contenu dans ta prochaine réponse ...
• ( le rapport est en outre sauvegardé ici -> C:\TB.txt )
• Tuto : https://sites.google.com/site/toolbarsd/aideenimages toolbarSD
2° ces lignes inutiles sont à fixer avec hijackthis :
clique sur hijackthis, do a systeme scan only, coche les lignes indiquées dans la petite case à gauche de chaque ligne, puis fix checked et confirme la surpression.
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
3° programme à supprimer avec ajout surpression de programmes dans le panneau de confiuguration :
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
(source de spam)
4° il y a ceci-ci à revoir, je fais des recherche pour savoir ce que c'est exactement :
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
launcher.exe est une appartenance exécutable à beaucoup d'applications comprenant Webshots- par téléchargeur de bureau Windows, Uinterface Mouselaunch- un fichier et un initiateur d'application, et également une interface de matériel pour des produits de Samsung.
Note : launcher.exe est un programme publicitaire par Intercort Systems. Ce process surveille vos habitudes de furetage et distribue les données de nouveau aux serveurs de l'auteur pour l'analyse. Ceci incite également annoncer des popups
ça prend du temps de vérifier toutes ces lignes, une par une, ouf !!!!
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
Rappel pour virer les toolbar :
• Télécharge:https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2
• !! Déconnectes toi et fermes toute tes applications en cours le temps de la manipe !!
• Double-cliques sur l'.exe pour lancer l'installe et laisses toi guider
• Une fois fait, cliques sur le raccourci créé sur ton bureau pour lancer l'outil .
• Choisis l'option 1 ( "recherche") et tapes "entrée" .
• Une fois le scan finit , un rapport va apparaître, copie/colles l'intégralité de son contenu dans ta prochaine réponse ...
• ( le rapport est en outre sauvegardé ici -> C:\TB.txt )
• Tuto : https://sites.google.com/site/toolbarsd/aideenimages toolbarSD
2° ces lignes inutiles sont à fixer avec hijackthis :
clique sur hijackthis, do a systeme scan only, coche les lignes indiquées dans la petite case à gauche de chaque ligne, puis fix checked et confirme la surpression.
O9 - Extra button: (no name) - {49783ED4-258D-4f9f-BE11-137C18D3E543} - (no file)
3° programme à supprimer avec ajout surpression de programmes dans le panneau de confiuguration :
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
(source de spam)
4° il y a ceci-ci à revoir, je fais des recherche pour savoir ce que c'est exactement :
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
launcher.exe est une appartenance exécutable à beaucoup d'applications comprenant Webshots- par téléchargeur de bureau Windows, Uinterface Mouselaunch- un fichier et un initiateur d'application, et également une interface de matériel pour des produits de Samsung.
Note : launcher.exe est un programme publicitaire par Intercort Systems. Ce process surveille vos habitudes de furetage et distribue les données de nouveau aux serveurs de l'auteur pour l'analyse. Ceci incite également annoncer des popups
ça prend du temps de vérifier toutes ces lignes, une par une, ouf !!!!
bleurk
Messages postés
110
Date d'inscription
vendredi 28 septembre 2007
Statut
Membre
Dernière intervention
1 mai 2012
18 juil. 2009 à 18:17
18 juil. 2009 à 18:17
encore merci pour tous le mal que tu te donne sympa
Utilisateur anonyme
18 juil. 2009 à 18:20
18 juil. 2009 à 18:20
t'inquiette pas, je te suis jusqu'au bout :-)
fais le poste 38 du début à la fin et repasse un log hijackthis pourque je vérifie si tout va bien
j'attends ton rapport pour en finir ;-)
fais le poste 38 du début à la fin et repasse un log hijackthis pourque je vérifie si tout va bien
j'attends ton rapport pour en finir ;-)
