infection virus cheval de troie Win 32 Résolu

Question

Bonjour,

Pouvez vous m'aider à me débarrasser de ce virus Win 32:Jifas.CM (Trj)

Je suis embêté car le serveur de la zone antivrus AVAST n'est pas actif et Malware bytes ne peut pas fonctionner non plus.

Voici le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:43, on 27/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\DOCUME~1\m\LOCALS~1\Temp\settdebugx.exe
C:\Program Files\Softissimo\Lexibase Collins FE\exe\l-express.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\DOCUME~1\m\LOCALS~1\Temp\wscsvc32.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll
O3 - Toolbar: WalterShop - {9ec204df-0e48-4c32-816e-2e928a4fd9c2} - mscoree.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [settdebugx.exe] C:\DOCUME~1\m\LOCALS~1\Temp\settdebugx.exe
O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: L-Express.lnk = C:\Program Files\Softissimo\Lexibase Collins FE\exe\l-express.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_5_1_0.cab
O18 - Protocol: bw+0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Service Google Update (gupdate1ca4ab8c6f6215c) (gupdate1ca4ab8c6f6215c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

moment de grace · Answer

bonjour


Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent(car il est detecté a tort comme infection) 

&#9654; Télécharge et installe List&Kill'em et enregistre le sur ton bureau 
http://sd-1.archive-host.com/membres/up/829108531491024/List_Killem_Install.exe 

double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation 

coche la case "creer une icone sur le bureau" 

une fois terminée , clic sur "terminer" et le programme se lancer seul 

choisis la langue puis choisis l'option 1 = Mode Recherche 

&#9654; laisse travailler l'outil 

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué. 

un rapport du nom de catchme apparait sur ton bureau , ignore-le,ne le poste pas , mais ne le supprime pas pour l instant, le scan n'est pas fini. 

&#9654; Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED" 

tu peux supprimer le rapport catchme.log de ton bureau maintenant.

lepsis · Answer

Voici le rapport

Par contre je n'ai pas réussi à l'éxecuter en tant qu'administrateur


List'em by g3n-h@ckm@n 1.1.6.1 

Thx to Chiquitine29.....& CCM team 

User : m (Administrateurs) # D
Update on 24/12/2009 by g3n-h@ckm@n ::::: 20:30 
Start at: 20:43:31 | 27/12/2009
Contact : g3n-h@ckm@n sur CCM

              Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Malware Defense 1.0 [ Enabled | (!) Outdated ]
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | (!) Outdated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 186,3 Go (89,04 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running 

C:\WINDOWS\System32\smss.exe 456
C:\WINDOWS\system32\csrss.exe 512
C:\WINDOWS\system32\winlogon.exe 536
C:\WINDOWS\system32\services.exe 584
C:\WINDOWS\system32\lsass.exe 596
C:\WINDOWS\system32
vsvc32.exe 760
C:\WINDOWS\system32\svchost.exe 800
C:\WINDOWS\system32\svchost.exe 884
C:\WINDOWS\System32\svchost.exe 992
C:\WINDOWS\system32\svchost.exe 1096
C:\WINDOWS\system32\svchost.exe 1296
C:\WINDOWS\Explorer.EXE 1344
C:\WINDOWS\system32\spoolsv.exe 1704
C:\WINDOWS\system32\svchost.exe 496
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe 1528
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 880
C:\Program Files\Bonjour\mDNSResponder.exe 1440
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe 1652
c:\APPS\Powercinema\Kernel\TV\CLSched.exe 1780
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe 1876
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe 1904
c:\APPS\HIDSERVICE\HIDSERVICE.exe 1912
C:\Program Files\Java\jre6\bin\jqs.exe 148
C:\WINDOWS\system32\HPZipm12.exe 140
C:\WINDOWS\system32\svchost.exe 336
C:\Apps\Powercinema\PCMService.exe 2136
C:\apps\ABoard\ABoard.exe 2152
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe 2176
C:\Program Files\Java\jre6\bin\jusched.exe 2196
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe 2212
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe 2220
C:\Program Files\QuickTime\QTTask.exe 2256
C:\Program Files\iTunes\iTunesHelper.exe 2264
C:\apps\ABoard\AOSD.exe 2380
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2460
C:\WINDOWS\system32\ctfmon.exe 2492
C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe 2600
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 2632
C:\DOCUME~1\m\LOCALS~1\Temp\settdebugx.exe 2720
C:\Program Files\Softissimo\Lexibase Collins FE\exe\l-express.exe 2840
C:\Program Files\Logitech\SetPoint\SetPoint.exe 3656
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE 2124
C:\Program Files\OpenOffice.org 3\program\soffice.exe 2504
C:\Program Files\OpenOffice.org 3\program\soffice.bin 2980
C:\DOCUME~1\m\LOCALS~1\Temp\wscsvc32.exe 2056
C:\WINDOWS\system32\dlcccoms.exe 2108
C:\Program Files\iPod\bin\iPodService.exe 2608
C:\WINDOWS\System32\alg.exe 2752
C:\WINDOWS\system32\wbem\wmiapsrv.exe 2892
C:\WINDOWS\system32\NOTEPAD.EXE 636
C:\Program Files\Microsoft Office\Office\WINWORD.EXE 1400
C:\Program Files\List_Kill'em\List_Kill'em.exe 2956
C:\WINDOWS\system32\cmd.exe 3952
C:\Program Files\Internet Explorer\Iexplore.exe 3624
C:\Program Files\Internet Explorer\Iexplore.exe 2644
C:\WINDOWS\system32\wbem\wmiprvse.exe 2472
C:\Documents and Settings\m\Local Settings\Temp\1C.tmp\pv.exe 1004

======================
Keys "Run" 
======================
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS	REG_SZ         	"C:\Program Files\Messenger\msmsgs.exe" /background
swg	REG_SZ         	"C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
ctfmon.exe	REG_SZ         	C:\WINDOWS\system32\ctfmon.exe
Le Petit Robert Hyperappel	REG_SZ         	C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
LDM	REG_SZ         	C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
settdebugx.exe	REG_SZ         	C:\DOCUME~1\m\LOCALS~1\Temp\settdebugx.exe
Malware Defense	REG_SZ         	"C:\Program Files\Malware Defense\mdefense.exe" -noscan

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
IMJPMIG8.1	REG_SZ         	"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 
PHIME2002ASync	REG_SZ         	C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC 
PHIME2002A	REG_SZ         	C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName 
Raccourci vers la page des propriétés de High Definition Audio	REG_SZ         	HDAudPropShortcut.exe 
SoundMan	REG_SZ         	SOUNDMAN.EXE 
Alcmtr	REG_SZ         	ALCMTR.EXE 
PCMService	REG_SZ         	"c:\Apps\Powercinema\PCMService.exe" 
ACTIVBOARD	REG_SZ         	c:\apps\ABoard\ABoard.exe 
StartCCC	REG_SZ         	"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun 
Logitech Hardware Abstraction Layer	REG_SZ         	KHALMNPR.EXE 
TkBellExe	REG_SZ         	"C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot 
Kernel and Hardware Abstraction Layer	REG_SZ         	KHALMNPR.EXE 
SunJavaUpdateSched	REG_SZ         	"C:\Program Files\Java\jre6\bin\jusched.exe" 
SearchSettings	REG_SZ         	C:\Program Files\pdfforge Toolbar\SearchSettings.exe 
F5D7050v3	REG_SZ         	C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe 
dlccmon.exe	REG_SZ         	"C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe" 
nwiz	REG_SZ         	nwiz.exe /install 
NvMediaCenter	REG_SZ         	RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 
NvCplDaemon	REG_SZ         	RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 
QuickTime Task	REG_SZ         	"C:\Program Files\QuickTime\QTTask.exe" -atboottime 
iTunesHelper	REG_SZ         	"C:\Program Files\iTunes\iTunesHelper.exe" 
Adobe Reader Speed Launcher	REG_SZ         	"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" 
DLCCCATS	REG_SZ         	rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16 
avgnt	REG_SZ         	"C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min 
avast!	REG_SZ         	C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe 
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]

=====================
Other Keys
=====================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] 
dontdisplaylastusername	REG_DWORD      	0 (0x0) 
legalnoticecaption	REG_SZ         	 
legalnoticetext	REG_SZ         	 
shutdownwithoutlogon	REG_DWORD      	1 (0x1) 
undockwithoutlogon	REG_DWORD      	1 (0x1) 

===============
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
NoDriveTypeAutoRun	REG_DWORD      	145 (0x91) 

===============
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] 
HonorAutoRunSetting	REG_DWORD      	1 (0x1) 
NoCDBurning	REG_DWORD      	0 (0x0) 

=============== 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS	REG_SZ         	

===============
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\AtiExtEvent]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\crypt32chain]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cryptnet]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\cscdll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\dimsntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\LBTWlgn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\ScCertProp]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\Schedule]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\sclgntfy]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\SensLogn]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify	ermsrv]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\wlballoon]

===============
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
{AEB6717E-7E19-11d0-97EE-00C04FD91972}	REG_SZ         	 

===============
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%ProgramFiles%\AOL 9.0\aol.exe	REG_SZ         	%ProgramFiles%\AOL 9.0\aol.exe:*:Enabled:AOL
%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe	REG_SZ         	%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe:*:Enabled:SPLINTER CELL PANDORA
%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe	REG_SZ         	%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe:*:Enabled:PANDORA
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\APPS\Inventime\my.exe	REG_SZ         	C:\APPS\Inventime\my.exe:*:Enabled:INVENTIME
C:\Program Files\AOL 9.0\waol.exe	REG_SZ         	C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
C:\Documents and Settings\m\Local Settings\Temp\7zS2A.tmp\SymNRT.exe	REG_SZ         	C:\Documents and Settings\m\Local Settings\Temp\7zS2A.tmp\SymNRT.exe:*:Enabled:Norton Removal Tool
%windir%\Network Diagnostic\xpnetdiag.exe	REG_SZ         	%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe	REG_SZ         	C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger
C:\Program Files\Mozilla Firefox\firefox.exe	REG_SZ         	C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox
C:\Program Files\eMule\emule.exe	REG_SZ         	C:\Program Files\eMule\emule.exe:*:Enabled:eMule
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe	REG_SZ         	C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe	REG_SZ         	C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe
C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe	REG_SZ         	C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe
C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe	REG_SZ         	C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe
C:\Program Files\HP\Digital Imaging\bin\hposid01.exe	REG_SZ         	C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe	REG_SZ         	C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe	REG_SZ         	C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe	REG_SZ         	C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe	REG_SZ         	C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe
C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe	REG_SZ         	C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe	REG_SZ         	C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe
C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe	REG_SZ         	C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe
C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe	REG_SZ         	C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe	REG_SZ         	C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe
C:\Program Files\ma-config.com\maconfservice.exe	REG_SZ         	C:\Program Files\ma-config.com\maconfservice.exe:LocalSubNet:Enabled:maconfservice
C:\Program Files\adslTV\adsltv.exe	REG_SZ         	C:\Program Files\adslTV\adsltv.exe:*:Enabled:adsltv
C:\Program Files\Bonjour\mDNSResponder.exe	REG_SZ         	C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Program Files\iTunes\iTunes.exe	REG_SZ         	C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe	REG_SZ         	%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Program Files\AOL 9.0\waol.exe	REG_SZ         	C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
%windir%\Network Diagnostic\xpnetdiag.exe	REG_SZ         	%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe	REG_SZ         	C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger

=============== 
BHO :
======
[<NO NAME>	REG_SZ         	]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

================
Internet Explorer :
================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	http://www.durable.com/recherche

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	REG_SZ         	https://www.google.com/?gws_rd=ssl

========
Services
========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services] 

Ndisuio : 0x3 
EapHost : 0x3 
SharedAccess : 0x2 
wuauserv : 0x2 

=========
 
=======
Drive :
=======

D‚fragmenteur de disque Windows
Copyright (c) 2001 Microsoft Corp. et Executive Software International Inc.

¤¤¤¤¤¤¤¤¤¤ Files/folders :

C:\Documents and Settings\All Users\Application Data\sysReserve.ini  
C:\Program Files\Malware Defense  
C:\Program Files\pdfforge Toolbar\SearchSettings.dll  
C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe  
C:\WINDOWS\system32\krl32mainweq.dll  
C:\WINDOWS\System32\SET4C.tmp  
C:\WINDOWS\System32\SET58.tmp  
C:\Documents and Settings\m\Application Data\Search Settings  
C:\Documents and Settings\m\LOCAL Settings\Temp\settdebugx.exe  
C:\Documents and Settings\m\LOCAL Settings\Temp\wscsvc32.exe  
 
¤¤¤¤¤¤¤¤¤¤ Keys : 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Malware Defense"  
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar "{B922D405-6D13-4A2B-AE89-08A030DA4402}"  
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"  
"HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings"  
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe"  
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe"  
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}"  
"HKLM\Software\Search Settings"  
HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}  
HKCU\Software\AppDataLow\Software\pdfforge  
HKCU\SOFTWARE\fcn  
HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}  
HKLM\Software\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}  
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97  
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F  
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39  
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F  
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6  
HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19  
HKLM\Software\pdfforge  

================
Other infections
================


Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR 
kernel: MBR read successfully

==========
Programs
==========

Abbyy FineReader 6.0 Sprint
Adobe
adslTV
Alwil Software
AOL 9.0
Apple Software Update
ATI Technologies
Avira
Belkin
Bonjour
CCleaner
CDex_150
ComPlus Applications
CyberLink
Dell Photo AIO Printer 924
DivX
Dl_cats
emagic
eMule
Fichiers communs
Free Audio Pack
Google
Hewlett-Packard
HP
InstallShield Installation Information
Internet Explorer
iPod
iTunes
Jasc Software Inc
Java
JRE
Le Robert
Learn2.com
List_Kill'em
Logitech
ma-config.com
Malware Defense
Malwarebytes' Anti-Malware
Messenger
Microsoft CAPICOM 2.1.0.2
microsoft frontpage
Microsoft Office
Movie Maker
Mozilla Firefox
MSBuild
MSN
MSN Gaming Zone
MSXML 4.0
MUSICMATCH
Navilog1
NetMeeting
NOS
Online Services
OpenOffice.org 3
Outlook Express
PDFCreator
pdfforge Toolbar
QuickTime
QuickTime(2)
Real
Reference Assemblies
Services en ligne
Softissimo
Sonic
Sonic Foundry
Sonic Foundry Setup
SpywareBlaster
Trend Micro
Uninstall Information
Viewpoint
WalterShop.com
Waves
Windows Media Connect 2
Windows Media Player
Windows NT
WindowsUpdate
WinRAR
xerox

============
Lecteur C:
============

947206d29297eca0d061b227af
APPS
ATI
ATI Technologies
BOOT.BAK
BOOT.INI
Bootfont.bin
cleannavi.txt
cmdcons
cmldr
col6596
Config.Msi
DIVTOOLS
dlcc.log
dlccscan.log
Documents and Settings
DRIVERS
DWNLOG.TXT
fixnavi.txt
hiberfil.sys
hpfr3420.xml
hpfr3425.log
IO.SYS
IPH.PH
Kill'em
List'em.txt
MCDLOG.TXT
MSDOS.SYS
MYInventimeSetup.log
NTDETECT.COM
NTLDR
NVIDIA
pagefile.sys
PNP
Program Files
RECYCLER
rsit
System Volume Information
temp
UPDFLOP.TAG
WINDOWS
 
¤¤¤¤¤¤¤¤¤¤ Cracks | Keygens | Serials 
 
C:\Program Files\AOL 9.0\Patchw32.dll 
C:\Program Files\CyberLink\Shared Files\CLML_NTService\Install.exe 
 
 
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

moment de grace · Answer

ok


&#9654; Relance List&Kill'em avec le raccourci sur ton bureau , 

mais cette fois-ci : 

&#9654; choisis l'option 2 = Mode Suppression 

laisse travailler l'outil. 

en fin de scan un rapport s'ouvre 

&#9654; colle le contenu dans ta reponse


puis

• Télécharge Random's System Information Tool (RSIT) de Random/Random. 

http://images.malwareremoval.com/random/RSIT.exe 

• Enregistre le sur ton Bureau. 

• Double clique sur RSIT.exe pour lancer l'outil. 

• Clique sur "Continue" à l'écran Disclaimer. 

• Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) 

et tu devras accepter la licence. 

• Une fois le scan terminé, deux rapports vont apparaître : poste les dans deux messages séparés stp

Les rapports se trouvent à cet endroit: 
C:\rsit\info.txt 
C:\rsit\log.txt

lepsis · Answer

Voici le rapport Kill'em

Kill'em by g3n-h@ckm@n 1.1.6.1 
 
User : m (Administrateurs) # D
Update on 24/12/2009 by g3n-h@ckm@n ::::: 20:30 
Start at: 21:30:50 | 27/12/2009
Contact : g3n-h@ckm@n sur CCM

              Intel(R) Pentium(R) 4 CPU 3.06GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled
AV : Malware Defense 1.0 [ Enabled | (!) Outdated ]
AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | (!) Outdated ]

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 186,3 Go (89,03 Go free) [HDD] | NTFS
D:\ -> Disque CD-ROM
E:\ -> Disque amovible
F:\ -> Disque amovible
G:\ -> Disque amovible
H:\ -> Disque amovible
 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Processes running
 
C:\WINDOWS\System32\smss.exe 456
C:\WINDOWS\system32\csrss.exe 512
C:\WINDOWS\system32\winlogon.exe 536
C:\WINDOWS\system32\services.exe 584
C:\WINDOWS\system32\lsass.exe 596
C:\WINDOWS\system32
vsvc32.exe 760
C:\WINDOWS\system32\svchost.exe 800
C:\WINDOWS\system32\svchost.exe 884
C:\WINDOWS\System32\svchost.exe 992
C:\WINDOWS\system32\svchost.exe 1096
C:\WINDOWS\system32\svchost.exe 1296
C:\WINDOWS\Explorer.EXE 1344
C:\WINDOWS\system32\spoolsv.exe 1704
C:\WINDOWS\system32\svchost.exe 496
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe 1528
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 880
C:\Program Files\Bonjour\mDNSResponder.exe 1440
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe 1652
c:\APPS\Powercinema\Kernel\TV\CLSched.exe 1780
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe 1876
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe 1904
c:\APPS\HIDSERVICE\HIDSERVICE.exe 1912
C:\Program Files\Java\jre6\bin\jqs.exe 148
C:\WINDOWS\system32\HPZipm12.exe 140
C:\WINDOWS\system32\svchost.exe 336
C:\Apps\Powercinema\PCMService.exe 2136
C:\apps\ABoard\ABoard.exe 2152
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe 2176
C:\Program Files\Java\jre6\bin\jusched.exe 2196
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe 2212
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe 2220
C:\Program Files\QuickTime\QTTask.exe 2256
C:\Program Files\iTunes\iTunesHelper.exe 2264
C:\apps\ABoard\AOSD.exe 2380
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2460
C:\WINDOWS\system32\ctfmon.exe 2492
C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe 2600
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe 2632
C:\DOCUME~1\m\LOCALS~1\Temp\settdebugx.exe 2720
C:\Program Files\Softissimo\Lexibase Collins FE\exe\l-express.exe 2840
C:\Program Files\Logitech\SetPoint\SetPoint.exe 3656
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE 2124
C:\Program Files\OpenOffice.org 3\program\soffice.exe 2504
C:\Program Files\OpenOffice.org 3\program\soffice.bin 2980
C:\DOCUME~1\m\LOCALS~1\Temp\wscsvc32.exe 2056
C:\WINDOWS\system32\dlcccoms.exe 2108
C:\Program Files\iPod\bin\iPodService.exe 2608
C:\WINDOWS\System32\alg.exe 2752
C:\WINDOWS\system32\wbem\wmiapsrv.exe 2892
C:\Program Files\Microsoft Office\Office\WINWORD.EXE 1400
C:\Program Files\List_Kill'em\List_Kill'em.exe 2956
C:\WINDOWS\system32\cmd.exe 3952
C:\WINDOWS\system32
otepad.exe 3532
C:\Program Files\List_Kill'em\List_Kill'em.exe 2068
C:\WINDOWS\system32\cmd.exe 3928
C:\WINDOWS\system32\wbem\wmiprvse.exe 3348
C:\Program Files\Internet Explorer\Iexplore.exe 516
C:\Program Files\Internet Explorer\Iexplore.exe 1004
C:\Documents and Settings\m\Local Settings\Temp\2F.tmp\pv.exe 588
 
Detections : 
========== 
 

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

"C:\Documents and Settings\All Users\Application Data\sysReserve.ini"  
"C:\Program Files\Malware Defense"  
"C:\Program Files\pdfforge Toolbar\SearchSettings.dll"  
"C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe"  
"C:\WINDOWS\system32\krl32mainweq.dll"  
C:\WINDOWS\System32\SET4C.tmp  
C:\WINDOWS\System32\SET58.tmp  
"C:\Documents and Settings\m\Application Data\Search Settings"  
C:\Documents and Settings\m\LOCAL Settings\Temp\settdebugx.exe  
C:\Documents and Settings\m\LOCAL Settings\Temp\wscsvc32.exe  
 
 
¤¤¤¤¤¤¤¤¤¤ Files/folders deleted : 
  
Quarantine : 

bwUnin-7.2.0.137-8876480SL.exe.Kill'em
krl32mainweq.dll.Kill'em
Malware Defense.Kill'em
SearchSettings.dll.Kill'em
SET4C.tmp.Kill'em
SET58.tmp.Kill'em
settdebugx.exe.Kill'em
sysReserve.ini.Kill'em
wscsvc32.exe.Kill'em

==============
host file OK !
==============

========
Registry
========
Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402}  
Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}  
Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings  
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Install.exe  
Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Setup.exe  
Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}  
Deleted : HKLM\Software\Search Settings  
Deleted : HKCR\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}  
Deleted : HKCU\Software\AppDataLow\Software\pdfforge  
Deleted : HKCU\SOFTWARE\fcn  
Deleted : HKLM\Software\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\76DA9915C36F3D742951F63351CF5C97  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\9B0B0584E80456A4FB98DA3973B1EB3F  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\A89F1E0FE544529429C8BF82FE74CE39  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\C9667115F6A9CE340B31B63B680FF26F  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\EFB70E89C3D6D354596520DE424F89D6  
Deleted : HKLM\software\microsoft\windows\currentversion\installer\userdata\S-1-5-18\Components\F49A213B5069AC348994D03F81B56C19  
Deleted : HKLM\Software\pdfforge  

============
Disk Cleaned
============
 
================
Prefetch cleaned 
================
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

lepsis · Answer

Voici le rapport Hijackthis

lepsis · Answer

Voici le rapport hijackjthis

Logfile of random's system information tool 1.06 (written by random/random)
Run by m at 2009-12-27 21:50:29
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 91 GB (48%) free of 191 GB
Total RAM: 1023 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:31, on 27/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\DOCUME~1\m\LOCALS~1\Temp\settdebugx.exe
C:\Program Files\Softissimo\Lexibase Collins FE\exe\l-express.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\DOCUME~1\m\LOCALS~1\Temp\wscsvc32.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\List_Kill'em\List_Kill'em.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32
otepad.exe
C:\WINDOWS\system32
otepad.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\m\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\m.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WalterShop - {9ec204df-0e48-4c32-816e-2e928a4fd9c2} - mscoree.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [settdebugx.exe] C:\DOCUME~1\m\LOCALS~1\Temp\settdebugx.exe
O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: L-Express.lnk = C:\Program Files\Softissimo\Lexibase Collins FE\exe\l-express.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_5_1_0.cab
O18 - Protocol: bw+0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Service Google Update (gupdate1ca4ab8c6f6215c) (gupdate1ca4ab8c6f6215c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

lepsis · Answer

Voici le rapport C:sit\info.txt 


info.txt logfile of random's system information tool 1.05 2008-12-25 21:27:36

======Uninstall list======

-->"c:\apps\skype\phone\unins000.exe"
-->"C:\Program Files\Fichiers communs\aolshare\Coach\AolCInUn.exe" -lang="fr-fr"
-->C:\PROGRA~1\FICHIE~1\AOL\ACS\AcsUninstall.exe /c
-->C:\Program Files\Fichiers communs\AOL\Screensaver\uninst_ygpss.exe
-->C:\Program Files\Fichiers communs\aolshare\Aolunins_fr.exe
-->C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
-->C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
-->C:\WINDOWS\system32\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\Setup.exe"  -uninstall
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5AFA4872-16B2-419E-ADCA-8E96E739115D}\setup.exe" -l0x40c 
-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0A32C786-85DE-48F8-9E54-848B3E34A90C}\setup.exe" -l0x40c  -removeonly
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A90000000001}
Archiveur WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ATI - Software Uninstall Utility-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x444e 
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
Catalyst Control Center - Branding-->MsiExec.exe /I{FA3A247D-437A-455E-A88F-7EB6E5F9E799}
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Correctif pour Lecteur Windows Media 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Désinstaller Le Petit Robert de la langue française-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Le Robert\Le Petit Robert\Uninst.isu"
Free Mp3 Wma Converter V 1.7.3-->"C:\Program Files\Free Audio Pack\unins000.exe"
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
hp psc 1200 series-->MsiExec.exe /X{C900EF06-2E76-49C7-8DB0-41F629B21DC5}
hp psc 1200 series-->rundll32 hpzcon07.dll,VendorJettison hp psc 1200 series
Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Lexibase Collins Français-Anglais-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA0DA2B3-77BD-4083-B0CD-4BCAF13FA0AD}\setup.exe" -l0x40c 
Logic Audio Platinum 5.2-->C:\PROGRA~1\emagic\LOGIC5~1\UNWISE.EXE C:\PROGRA~1\emagic\LOGIC5~1\INSTALL.LOG
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\SETUP.exe" -l0x9 UNINSTALL -removeonly
Logitech SetPoint-->C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe -runfromtemp -l0x040c -removeonly
Macromedia Shockwave Player-->MsiExec.exe /X{7D1D6A24-65D4-454C-8815-4F08A5FFF12C}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}
Microsoft .NET Framework 3.0 Service Pack 1-->MsiExec.exe /I{2BA00471-0328-3743-93BD-FA813353A783}
Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}
Microsoft .NET Framework 3.5-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exe
Microsoft .NET Framework 3.5-->MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Small Business-->MsiExec.exe /I{0003040C-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Module linguistique Microsoft .NET Framework 3.5 - fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe
Mozilla Firefox (3.0.4)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Navilog1 3.7.0-->"C:\Program Files\Navilog1\unins000.exe"
Neuf - Kit de connexion-->C:\Program Files\Neuf\Kit\uninstall.exe
OCR Software by I.R.I.S 7.0-->C:\Program Files\HP\Digital Imaging\OCR\hpzscr01.exe -datfile hpqbud11.dat
OpenOffice.org 3.0-->MsiExec.exe /I{6860B340-530D-46B3-91F8-1AE1F70F7C33}
Packard Bell Toolbar 1.0-->"C:\Program Files\Dynamic Toolbar\unins000.exe"
Photo et imagerie HP 2.0 - All-in-One Pilote-->MsiExec.exe /X{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}
Photo et imagerie HP 2.0 - All-in-One-->MsiExec.exe /X{9867A917-5D17-40DE-83BA-BEA5293194B1}
Photo et imagerie HP 2.0 - hp psc 1200 series-->C:\Program Files\HP\Digital Imaging\{7C8BB31C-E09E-4c7d-BBF1-45E33B467FE1}\Setup\hpzscr01.exe -datfile hposcr02.dat -forcereboot
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sonic MyDVD-->MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow!-->MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"
Waves Audio Processors 3.2-->C:\PROGRA~1\Waves\waves32\UNWISE.EXE C:\PROGRA~1\Waves\waves32\WAVES3.2.LOG
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Language Pack 1.0-->"C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"

======Security center information======

AV: avast! antivirus 4.8.1296 [VPS 081225-0]

System event log

Computer Name: D
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Pml Driver HPZ12.

Record Number: 50469
Source Name: Service Control Manager
Time Written: 20081207182539.000000+060
Event Type: Informations
User: D\m

Computer Name: D
Event Code: 7036
Message: Le service Pml Driver HPZ12 est entré dans l'état : arrêté.

Record Number: 50468
Source Name: Service Control Manager
Time Written: 20081207182539.000000+060
Event Type: Informations
User: 

Computer Name: D
Event Code: 7036
Message: Le service Pml Driver HPZ12 est entré dans l'état : en cours d'exécution.

Record Number: 50467
Source Name: Service Control Manager
Time Written: 20081207182539.000000+060
Event Type: Informations
User: 

Computer Name: D
Event Code: 7035
Message: Un contrôle Démarrer a correctement été envoyé au service Pml Driver HPZ12.

Record Number: 50466
Source Name: Service Control Manager
Time Written: 20081207182539.000000+060
Event Type: Informations
User: D\m

Computer Name: D
Event Code: 7036
Message: Le service Pml Driver HPZ12 est entré dans l'état : arrêté.

Record Number: 50465
Source Name: Service Control Manager
Time Written: 20081207182539.000000+060
Event Type: Informations
User: 

Application event log

Computer Name: D
Event Code: 1025
Message: Produit : Microsoft .NET Framework 1.1. Le fichier C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll est actuellement utilisé par le processus de nom 'SL11A.tmp' et d'identificateur '3208'.

Record Number: 50
Source Name: MsiInstaller
Time Written: 20081006225401.000000+120
Event Type: Informations
User: D\m

Computer Name: D
Event Code: 1025
Message: Produit : Microsoft .NET Framework 1.1. Le fichier C:\WINDOWS\system32\mscoree.dll est actuellement utilisé par le processus de nom 'SL11A.tmp' et d'identificateur '3208'.

Record Number: 49
Source Name: MsiInstaller
Time Written: 20081006225401.000000+120
Event Type: Informations
User: D\m

Computer Name: D
Event Code: 1025
Message: Produit : Microsoft .NET Framework 1.1. Le fichier C:\WINDOWS\system32\mscoree.dll est actuellement utilisé par le processus de nom 'msiexec' et d'identificateur '3500'.

Record Number: 48
Source Name: MsiInstaller
Time Written: 20081006225401.000000+120
Event Type: Informations
User: D\m

Computer Name: D
Event Code: 11707
Message: Product: MSXML 4.0 SP2 (KB936181) -- Installation completed successfully.

Record Number: 47
Source Name: MsiInstaller
Time Written: 20081006225151.000000+120
Event Type: Informations
User: D\m

Computer Name: D
Event Code: 11707
Message: Product: Google Toolbar for Internet Explorer -- Installation completed successfully.

Record Number: 46
Source Name: MsiInstaller
Time Written: 20081006192547.000000+120
Event Type: Informations
User: D\m

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\ATI Technologies\ATI Control Panel;C:\PROGRA~1\FICHIE~1\SONICS~1\;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 4 Stepping 1, GenuineIntel
"PROCESSOR_REVISION"=0401
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP

-----------------EOF-----------------

lepsis · Answer

Voici le rapport C:sit\log.txt

Logfile of random's system information tool 1.06 (written by random/random)
Run by m at 2009-12-27 21:55:27
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 91 GB (48%) free of 191 GB
Total RAM: 1023 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:55:29, on 27/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\DOCUME~1\m\LOCALS~1\Temp\settdebugx.exe
C:\Program Files\Softissimo\Lexibase Collins FE\exe\l-express.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\DOCUME~1\m\LOCALS~1\Temp\wscsvc32.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Documents and Settings\m\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\m.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: (no name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WalterShop - {9ec204df-0e48-4c32-816e-2e928a4fd9c2} - mscoree.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [settdebugx.exe] C:\DOCUME~1\m\LOCALS~1\Temp\settdebugx.exe
O4 - HKCU\..\Run: [Malware Defense] "C:\Program Files\Malware Defense\mdefense.exe" -noscan
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: L-Express.lnk = C:\Program Files\Softissimo\Lexibase Collins FE\exe\l-express.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_5_1_0.cab
O18 - Protocol: bw+0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Service Google Update (gupdate1ca4ab8c6f6215c) (gupdate1ca4ab8c6f6215c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

moment de grace · Answer

ok

Téléchargez MalwareByte's Anti-Malware

http://www.malwarebytes.org/mbam/program/mbam-setup.exe
 
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation. 
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet
. Cliques sur Rechercher
. Le scan démarre. 
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés. 
. Cliques sur Ok pour poursuivre.
. Si des malwares ont été détectés, clique sur  Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine. 
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. 
. Rends toi dans l'onglet rapport/log 
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous 
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller 


Si tu as besoin d'aide regarde ces tutoriels : 
 Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
 http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam

lepsis · Answer

Bonjour,

J'ai un petit souci, malwarebytes ne s'ouvre pas. Avez vous des suggestions pour résoudre ce problème ?

moment de grace · Answer

ok

supprimes le et retelecharges le en le renommant MDG.exe avant de l'enregistrer sur pc

ensuite suivre la procédue du post 9

lepsis · Answer

Je n'arrive toujours pas à ouvrir malwarebytes. Y a t il d'autres solutions ?

moment de grace · Answer

• Téléchargez FindyKill sur le Bureau. 

http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe 

Mirroir : 

http://findykill.changelog.fr/Setup.exe 

• Double-cliquez sur FindyKill présent sur le Bureau. 

• Choisissez l'option 1 (Recherche). 

• Laissez travailler l'outil. 

• Ensuite postez le rapport FindyKill.txt qui apparaîtra (si vous avez créé un sujet sur un forum pour vous faire aider). 

• Note : Le rapport FindyKill.txt est sauvegardé à la racine du disque (C:\FindyKill.txt). 

(CTRL+A pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller)

lepsis · Answer

Voici le rapport




############################## | FindyKill V5.022 |

# User : m (Administrateurs) # D
# Update on 24/12/2009 by Chiquitine29
# Start at: 13:14:29 | 28/12/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

#               Intel(R) Pentium(R) 4 CPU 3.06GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : Malware Defense 1.0 [ Enabled | (!) Outdated ]
# AV : AntiVir Desktop 9.0.1.32 [ (!) Disabled | (!) Outdated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 186,3 Go (88,63 Go free) [HDD] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque amovible
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Softissimo\Lexibase Collins FE\exe\l-express.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | C: |


################## | C:\WINDOWS |


################## | C:\WINDOWS\system32 |


################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\m\Application Data |

################## | Temporary Internet Files |


################## | Registre / Clés infectieuses |


################## | Etat / Services / Informations |

# Affichage des fichiers cachés : OK
 
# Mode sans echec : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) 
# EapHost -> Start = 3 ( Good = 2 | Bad = 4 ) 
# Ip6Fw -> Start = 3 ( Good = 2 | Bad = 4 ) 
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) 
# (!) wscsvc -> Start = 4 ( Good = 2 | Bad = 4 )  


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # FindyKill V5.022 ! |

moment de grace · Answer

Attention, avant de commencer, lit attentivement la procédure, et imprime la 

Télécharge ComboFix de sUBs sur ton Bureau : 
http://download.bleepingcomputer.com/sUBs/ComboFix.exe 

/!\ Déconnecte-toi du net et DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\ 

---> Double-clique sur ComboFix.exe 
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter 

SURTOUT INSTALLES LA CONSOLE DE RECUPERATION 

---> Mets-le en langue française F 
Tape sur la touche 1 (Yes) pour démarrer le scan. 

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC 

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire. 

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu 

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\ 

Note : Le rapport se trouve également là : C:\ComboFix.txt

lepsis · Answer

Je n'arrive pas à ouvrir combofix non plus !

moment de grace · Answer

essaies en mode sans echec


https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

moment de grace · Answer

si ca coince encore fais ceci


 faire un clic droit sur ce lien : 

http://www.geekstogo.com/forum/files/file/197-combofix-by-subs/ 

Pour Internet Explorer 

- Choisi Enregistrer la cible sous ... 

Pour Firefox 

- Choisi Enregistrer la cible du lien sous... 


- Choisi le bureau comme lieu d'enregistrement 

- Donne lui ce nom bibite.exe clique sur Enregistrer 


puis la procédure combofix indiquée plus haut

lepsis · Answer

Voici le rapport

ComboFix 09-12-27.03 - m 28/12/2009  15:31:20.1.1 - x86
Microsoft Windows XP Édition familiale  5.1.2600.3.1252.33.1036.18.1023.624 [GMT 1:00]
Lancé depuis: c:\documents and settings\m\Bureau\b.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\LOG.TXT
c:ecycler\S-1-5-21-2297231968-1282169397-4035018328-1003
c:\windows\system32\drivers\H8SRTptmpuiudjo.sys
c:\windows\system32\H8SRTeyxmyncybw.dat
c:\windows\system32\H8SRTobrvrvknba.dll
c:\windows\system32\H8SRTwrqppyobut.dll
c:\windows\system32\krl32mainweq.dll
c:\windows\system32\srcr.dat

.
(((((((((((((((((((((((((((((((((((((((   Pilotes/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_H8SRTd.sys
-------\Legacy_H8SRTd.sys


(((((((((((((((((((((((((((((   Fichiers créés du 2009-11-28 au 2009-12-28  ))))))))))))))))))))))))))))))))))))
.

2009-12-28 12:14 . 2009-12-28 12:16	--------	d-----w-	C:\FindyKill
2009-12-28 10:18 . 2009-12-03 15:14	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-28 10:18 . 2009-12-28 10:18	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2009-12-28 10:18 . 2009-12-03 15:13	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2009-12-28 03:30 . 2009-12-28 03:30	--------	d-----w-	c:\documents and settings\LocalService\Bureau
2009-12-28 03:19 . 2009-12-28 13:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\Lavasoft
2009-12-27 20:30 . 2009-12-27 20:30	--------	d-----w-	C:\Kill'em
2009-12-27 19:42 . 2009-12-27 19:42	--------	d-----w-	c:\program files\List_Kill'em
2009-12-27 18:14 . 2009-11-24 23:48	23120	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2009-12-27 18:14 . 2009-11-24 23:49	48560	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2009-12-27 18:14 . 2009-11-24 23:47	27408	----a-w-	c:\windows\system32\drivers\aavmker4.sys
2009-12-27 18:14 . 2009-11-24 23:51	93424	----a-w-	c:\windows\system32\drivers\aswmon.sys
2009-12-27 18:14 . 2009-11-24 23:50	94160	----a-w-	c:\windows\system32\drivers\aswmon2.sys
2009-12-27 18:14 . 2009-11-24 23:50	114768	----a-w-	c:\windows\system32\drivers\aswSP.sys
2009-12-27 18:14 . 2009-11-24 23:50	20560	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2009-12-27 18:14 . 2009-11-24 23:47	97480	----a-w-	c:\windows\system32\AvastSS.scr
2009-12-27 18:14 . 2009-11-24 23:54	1280480	----a-w-	c:\windows\system32\aswBoot.exe
2009-12-27 17:59 . 2009-03-30 08:32	96104	----a-w-	c:\windows\system32\drivers\avipbb.sys
2009-12-27 17:59 . 2009-02-13 10:28	22360	----a-w-	c:\windows\system32\drivers\avgntmgr.sys
2009-12-27 17:59 . 2009-02-13 10:17	45416	----a-w-	c:\windows\system32\drivers\avgntdd.sys
2009-12-27 17:59 . 2009-12-27 17:59	--------	d-----w-	c:\documents and settings\All Users\Application Data\Avira
2009-12-05 18:14 . 2009-12-09 02:48	--------	d-----w-	c:\documents and settings\m\Application Data\dvdcss
2009-12-05 17:45 . 2009-12-28 13:34	--------	d-----w-	c:\documents and settings\m\Application Data\vlc

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 13:05 . 2009-03-23 15:45	--------	d-----w-	c:\program files\Dl_cats
2009-12-28 12:25 . 2008-12-20 19:46	--------	d-----w-	c:\program files\Bonjour
2009-12-28 04:53 . 2008-12-22 21:55	--------	d-----w-	c:\program files\eMule
2009-12-28 02:56 . 2008-10-08 13:54	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-28 02:47 . 2008-10-08 18:40	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2009-12-27 20:30 . 2009-02-10 16:32	--------	d-----w-	c:\program files\pdfforge Toolbar
2009-12-16 18:10 . 2009-11-16 15:39	79488	----a-w-	c:\documents and settings\m\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-15 23:22 . 2008-10-20 16:03	1	----a-w-	c:\documents and settings\m\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-12-13 00:48 . 2004-08-16 15:41	84766	----a-w-	c:\windows\system32\perfc00C.dat
2009-12-13 00:48 . 2004-08-16 15:41	510742	----a-w-	c:\windows\system32\perfh00C.dat
2009-12-05 17:44 . 2009-06-28 00:13	--------	d-----w-	c:\program files\adslTV
2009-12-01 23:46 . 2009-02-22 18:09	--------	d-----w-	c:\program files\CDex_150
2009-11-25 10:19 . 2009-09-03 14:16	56816	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2009-10-29 07:42 . 2004-08-16 15:41	916480	----a-w-	c:\windows\system32\wininet.dll
2009-10-21 05:39 . 2004-08-16 15:41	75776	----a-w-	c:\windows\system32\strmfilt.dll
2009-10-21 05:39 . 2004-08-16 15:40	25088	----a-w-	c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 21:00	265728	----a-w-	c:\windows\system32\drivers\http.sys
2009-10-13 10:33 . 2004-08-16 15:40	271360	----a-w-	c:\windows\system32\oakley.dll
2009-10-12 13:39 . 2004-08-16 15:41	150528	----a-w-	c:\windows\system32astls.dll
2009-10-12 13:39 . 2004-08-16 15:40	79872	----a-w-	c:\windows\system32aschap.dll
.

(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9ec204df-0e48-4c32-816e-2e928a4fd9c2}"= "mscoree.dll" [2008-07-25 282112]

[HKEY_CLASSES_ROOT\clsid\{9ec204df-0e48-4c32-816e-2e928a4fd9c2}]
[HKEY_CLASSES_ROOT\IEToolbar.Toolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-05 68856]
"Le Petit Robert Hyperappel"="c:\program files\Le Robert\Le Petit Robert\prhyper.exe" [2001-10-11 22560]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-10-17 32768]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"Raccourci vers la page des propriétés de High Definition Audio"="HDAudPropShortcut.exe" [2004-03-17 61952]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-01-28 110740]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OBealsched.exe" [2008-10-06 180269]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-25 136600]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256]
"F5D7050v3"="c:\program files\Belkin\F5D7050v3\Belkinwcui.exe" [2007-10-30 1654784]
"dlccmon.exe"="c:\program files\Dell Photo AIO Printer 924\dlccmon.exe" [2005-07-22 425984]
"nwiz"="nwiz.exe" [2009-04-30 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"DLCCCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-06-07 69632]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\m\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\m\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\m\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
L-Express.lnk - c:\program files\Softissimo\Lexibase Collins FE\exe\l-express.exe [2008-10-17 49152]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-10-17 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-10-17 805392]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

c:\documents and settings\m\Menu D‚marrer\Programmes\D‚marrage\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-9-12 384000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon
otify\LBTWlgn]
2008-05-02 01:42	72208	----a-w-	c:\program files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2005-03-22 19:05	339968	----a-w-	c:\ati technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSP24]
2004-10-21 13:59	2588672	----a-w-	c:\windows\system32\Dsp24Set.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\AOL 9.0\aol.exe"=
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\logo_ubi.exe"=
"%ProgramFiles%\UBISOFT\Splinter Cell Pandora Tomorrow\pandora.exe"=
"%windir%\system32\sessmgr.exe"=
"c:\APPS\Inventime\my.exe"=
"c:\Program Files\AOL 9.0\waol.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"=
"c:\Program Files\Mozilla Firefox\firefox.exe"=
"c:\Program Files\eMule\emule.exe"=
"c:\Program Files\adslTV\adsltv.exe"=
"c:\Program Files\Bonjour\mDNSResponder.exe"=
"c:\Program Files\iTunes\iTunes.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27/12/2009 19:14 114768]
R2 AntiVirSchedulerService;Avira AntiVir Planificateur;c:\program files\Avira\AntiVir Desktop\sched.exe [27/12/2009 18:59 108289]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27/12/2009 19:14 20560]
R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [06/10/2008 10:23 799744]
R3 DSP24_MK;Service for DSP24/MKII Driver (EWDM);c:\windows\system32\drivers\d24.sys [16/10/2008 23:53 28480]
R3 ICM2_01;Service for DSP24 Audio Driver (EWDM);c:\windows\system32\drivers\D24Wdm.sys [16/10/2008 23:54 22944]
S2 gupdate1ca4ab8c6f6215c;Service Google Update (gupdate1ca4ab8c6f6215c);c:\program files\Google\Update\GoogleUpdate.exe [11/10/2009 22:21 133104]
S3 DSP24_VL;Service for DSP24 Value Driver (EWDM);c:\windows\system32\drivers\d24.sys [16/10/2008 23:53 28480]
S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [29/05/2009 16:13 234864]
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q={searchTerms}
uDefault_Search_URL = hxxp://www.durable.com/recherche
mStart Page = hxxp://www.durable.com/recherche
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.durable.com/recherche
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\m\Application Data\Mozilla\Firefox\Profiles\745ufm29.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=
FF - plugin: c:\program files\Google\Update\1.2.183.13
pGoogleOneClick8.dll
FF - plugin: c:\program files\ma-config.com
phardwaredetection.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
p-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins
pqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins
pqtplugin8.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology
pViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
BHO-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
HKCU-Run-Malware Defense - c:\program files\Malware Defense\mdefense.exe
HKLM-Run-SoundMan - SOUNDMAN.EXE
Notify-AtiExtEvent - (no file)
AddRemove-eMule - c:\program files\eMule\Uninstall.exe
AddRemove-SpywareBlaster_is1 - c:\program files\SpywareBlaster\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 15:40
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
  DLCCCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  Le Petit Robert Hyperappel = c:\program files\Le Robert\Le Petit Robert\prhyper.exe??????????????????????????????????????????????????????????????????????????????????????????????????????????\??? /??\??????????????????????|? ??\???A??|x???]??|????????\??????|Z????????????,K???????????? 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MysqlInventime]
"ImagePath"="c:\apps\INVENT~1\mysql\bin\mysqld-nt --defaults-file=c:\apps\Inventime\mysql\my.ini MysqlInventime"
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,2d,66,f3,47,31,26,40,85,46,8d,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ce,2d,66,f3,47,31,26,40,85,46,8d,\
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'winlogon.exe'(536)
c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll
c:\program files\fichiers communs\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(3600)
c:\docume~1\m\LOCALS~1\Temp\IadHide5.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32
vsvc32.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\FICHIE~1\AOL\ACS\AOLacsd.exe
c:\program files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\ABoard\AOSD.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\windows\system32\RUNDLL32.EXE
c:\apps\HIDSERVICE\HIDSERVICE.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dlcccoms.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2009-12-28  15:43:30 - La machine a redémarré
ComboFix-quarantined-files.txt  2009-12-28 14:43

Avant-CF: 95 585 116 160 octets libres
Après-CF: 95 623 405 568 octets libres

- - End Of File - - 54D0CC33B66E8011967B3B9FFF41E0A4

moment de grace · Answer

ok

dans cet ordre

1)
! Déconnecte toi et ferme toutes application en cours (navigateur compris ) . 

• Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc... 

• Double clique sur setup.exe présent sur ton bureau pour lancer l’outil. 

• Au menu principal choisis l'option " F " pour français et tape sur [entrée] . 

• Au second menu choisis l'option 2 (suppression) et tape sur [entrée] 

• Le pc va redémarrer automatiquement ... 

&#9654; le programme va travailler, ne touche à rien ... , ton bureau ne sera pas accessible c est normal ! 

&#9658; Poste le rapport qui apparaît à la fin ( le rapport est sauvegardé aussi sous C:\FindyKill.txt) 

 Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide

...

2)
refaire le post 9

ca devrait marcher apres tout ca

lepsis · Answer

ok, je vais faire ce que vous avez dit dans le post 20. Entre temps, j'ai lançé malwarebytes, qui marche maintenant. J'ai fait une analyse complète. Et, j'ai supprimé les 2 éléments infectés, je ne sais pas si j'ai bien fait.

Voici, le rapport Malwarebytes:


Malwarebytes' Anti-Malware 1.42
Version de la base de données: 3289
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

28/12/2009 16:21:40
mbam-log-2009-12-28 (16-21-31).txt

Type de recherche: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|H:\|)
Eléments examinés: 151526
Temps écoulé: 26 minute(s), 15 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Kill'em\Quarantine\wscsvc32.exe.Kill'em (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\H8SRTptmpuiudjo.sys.vir (Malware.Packer) -> No action taken.

lepsis · Answer

Juste pour info, à chaque démarrage ou redémarrage, au moment d'arriver sur l'écran bureau, je reçois le message d'erreur suivant:
Composant introuvable
Cette application n'a pas pu démarrer car cclib.dll est introuvable. La réinstallation de cette application peut corriger ce problème.




Voici le rapport Findykill




############################## | FindyKill V5.022 |

# User : m (Administrateurs) # D
# Update on 24/12/2009 by Chiquitine29
# Start at: 16:46:56 | 28/12/2009
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com

#               Intel(R) Pentium(R) 4 CPU 3.06GHz
# Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1368 [VPS 091227-1] 4.8.1368 [ Enabled | Updated ]

# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 186,3 Go (89,08 Go free) [HDD] # NTFS
# D:\ # Disque CD-ROM
# E:\ # Disque amovible
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Avira\AntiVir Desktop\avwsc.exe

################## | C: |


################## | C:\WINDOWS |

Supprimé ! C:\WINDOWS\Prefetch\WINUPGRO.EXE-17681AA8.pf  

################## | C:\WINDOWS\system32 |


################## | C:\WINDOWS\system32\drivers |


################## | C:\Documents and Settings\m\Application Data |


################## | Autres suppressions ... |

################## | Temporary Internet Files |


################## | Registre / Clés infectieuses | 


################## | Etat / Services / Informations |

# Mode sans echec : OK


# Affichage des fichiers cachés : OK

# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 ) 
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 ) 
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 ) 
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 ) 
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 ) 

################## | PEH ... |


################## | Cracks / Keygens / Serials |


################## | ! Fin du rapport # FindyKill V5.022 ! |

moment de grace · Answer

tu me l'as fait dans le désordre...

fais moi un nouveau RSIT et postes le rapport log stp

lepsis · Answer

Voici le rapport

Logfile of random's system information tool 1.06 (written by random/random)
Run by m at 2009-12-28 17:46:00
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 91 GB (48%) free of 191 GB
Total RAM: 1023 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:46:06, on 28/12/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Apps\Powercinema\PCMService.exe
C:\apps\ABoard\ABoard.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\pdfforge Toolbar\SearchSettings.exe
C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Softissimo\Lexibase Collins FE\exe\l-express.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Fichiers communs\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Documents and Settings\m\Bureau\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\m.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.durable.com/recherche
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.durable.com/recherche
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: WalterShop - {9ec204df-0e48-4c32-816e-2e928a4fd9c2} - mscoree.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [PCMService] "c:\Apps\Powercinema\PCMService.exe"
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
O4 - HKLM\..\Run: [dlccmon.exe] "C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: L-Express.lnk = C:\Program Files\Softissimo\Lexibase Collins FE\exe\l-express.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.ma-config.com/activex/MaConfig_3_5_1_0.cab
O18 - Protocol: bw+0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Avira AntiVir Planificateur (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: dlcc_device - Unknown owner - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Service Google Update (gupdate1ca4ab8c6f6215c) (gupdate1ca4ab8c6f6215c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: MysqlInventime - Unknown owner - C:\Apps\INVENT~1\mysql\bin\mysqld-nt.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

moment de grace · Answer

comment va le pc ?

encore une cochonnerie...

Téléchargez et enregistrez le fichier d installation sur le bureau
http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe


Double cliquez sur le fichier d'installation de AD-Remover, le programme s'installera automatiquement. 
Sous Vista : clic droit sur AD-Remover et sélectionner "Exécuter en tant qu'administrateur"
Au menu principal choisir Option L Lancer le nettoyage et tapez sur [entrée] .
Laissez travailler l'outil et ne touchez à rien ... 
Postez le rapport  qui apparait à la fin.

( le rapport est sauvegardé aussi sous C:\Ad-report.log )

(CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

Note :Process.exe est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

lepsis · Answer

Le pc semble aller un peu mieux quand même !

Voici le rapport

.
======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 26.12.2009 à 20:47
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 18:00:29, 28/12/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™  Service Pack 3 v5.1.2600
Nom du PC: D | Utilisateur actuel: m

Bonnes fêtes de fin d'année à vous tous :)
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

C:\Program Files\pdfforge Toolbar 
C:\Program Files\Viewpoint 
C:\DOCUME~1\m\APPLIC~1\pdfforge 
C:\DOCUME~1\m\APPLIC~1\Search Settings 
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint 
C:\WINDOWS\System32\config\systemprofile\Application Data\pdfforge 
C:\WINDOWS\System32\config\systemprofile\Application Data\Search Settings 
C:\Windows\Installer\fc8bb1.msi   

(!) -- Fichiers temporaires supprimés.
 
.
HKCU\software\appdatalow\software\pdfforge
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\{E312764E-7706-43F1-8DAB-FCDD2B1E416D} 
HKCU\software\Search Settings
HKLM\software\classes\AxMetaStream.MetaStreamCtl
HKLM\software\classes\AxMetaStream.MetaStreamCtl.1
HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary
HKLM\software\classes\AxMetaStream.MetaStreamCtlSecondary.1
HKLM\Software\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\software\MetaStream
HKLM\Software\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
HKLM\Software\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SearchSettings 
HKLM\software\PandoBar
HKLM\software\Viewpoint
HKU\.default\software\pdfforge
HKU\.default\software\Search Settings
.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.0.16 [fr] *
.
 Nom du profil: 745ufm29.default (m)
.
(m, prefs.js) Browser.download.lastDir, C:\Documents and Settings\m\Bureau
(m, prefs.js) Browser.search.defaultenginename, Google
(m, prefs.js) Browser.search.defaulturl, hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
(m, prefs.js) Browser.search.selectedEngine, Google
(m, prefs.js) Browser.startup.homepage, hxxp://www.google.com
(m, prefs.js) Extensions.enabledItems, illimitux@illimitux.net:3.5,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.16
(m, prefs.js) Keyword.URL, hxxp://www.durable.com/result?cx=partner-pub-7902900401080901%3Azbljezwsgul&cof=FORID%3A10&ie=UTF-8&q=
. 
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Do404Search: 01000000
Local Page: C:\WINDOWS\system32\blank.htm
Show_ToolBar: yes
Start Page: hxxp://fr.msn.com/
Use Custom Search URL: 1 (0x1)
Enable Browser Extensions: yes
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Search bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Delete_Temp_Files_On_Exit: yes
Local Page: C:\WINDOWS\system32\blank.htm
Start Page: hxxp://fr.msn.com/
Search bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
3784 Octet(s) - C:\Ad-Report-CLEAN[1].log 
.
2 Fichier(s) - C:\DOCUME~1\m\LOCALS~1\Temp 
3 Fichier(s) - C:\WINDOWS\Temp 
0 Fichier(s) - C:\WINDOWS\Prefetch 
.
18 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
77 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE 
.
Fin à: 18:04:56 | 28/12/2009 - CLEAN[1]
.
============== E.O.F ==============
.

moment de grace · Answer

ok

1)
Cherches et cliques sur C:\Program Files\Trend Micro\HijackThis\m.exe   
Au menu principal, choisir do a scan only, puis cocher la case devant les lignes suivantes à corriger et cliquer en bas sur Fix Checked

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe     
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"     
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe     
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe     
O18 - Protocol: bw+0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw+0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw-0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw-0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw00 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw00s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw10 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw10s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw20 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw20s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw30 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw30s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw40 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw40s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw50 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw50s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw60 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw60s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw70 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw70s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw80 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw80s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw90 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bw90s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwa0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwb0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwb0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwc0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwc0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwd0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwd0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwe0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwe0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwf0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwf0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwg0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwg0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwh0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwh0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwi0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwi0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwj0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwj0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwk0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwk0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwl0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwl0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwm0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwm0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwn0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwn0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwo0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwo0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwp0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwp0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwq0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwq0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwr0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwr0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bws0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bws0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwt0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwt0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwu0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwu0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwv0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwv0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bww0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bww0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwx0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwx0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwy0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwy0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwz0 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: bwz0s - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
O18 - Protocol: offline-8876480 - {D9FCC52B-29E2-4D65-B9C6-F5A9068CF6C7} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll     
C:\Program Files\pdfforge Toolbar\SearchSettings.exe     
O3 - Toolbar: WalterShop - {9ec204df-0e48-4c32-816e-2e928a4fd9c2} - mscoree.dll (file missing) 
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32     
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC     
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName     
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot     
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install     
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime     
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"     
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"     
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe     
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')     
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')     
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE     
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe     

..................................

2)
deux antivirus, conflit et ralentissements

pour désinstaller avast

https://www.commentcamarche.net/telecharger/securite/22859-utilitaire-de-desinstallation-de-avast/

....................

3)
IMPORTANT 

purger la Restauration systeme XP

http://www.bibou0007.com/windows-xp-f101/purger-la-restauration-du-systeme-sous-windows-xp-t151.htm

....................

4)
Télécharge ToolsCleaner2sur ton Bureau. 
https://www.commentcamarche.net/telecharger/securite/22061-toolscleaner/

* Double-clique (clic droit "en tant qu'administrateur" pour Vista) sur ToolsCleaner2.exe pour le lancer. 
* Clique sur Recherche et laisse le scan agir. 
* Clique sur Suppression pour finaliser. 
* Tu peux, si tu le souhaites, te servir des Options Facultatives. 
* Clique sur Quitter pour obtenir le rapport. 
* Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

moment de grace · Answer

lu
1)  pas grave laisses ainsi

4) essaies ceci

Télécharge OTC de Old Timer. 

http://www.geekstogo.com/forum/files/file/403-otc-oldtimers-clean-it/ 


Clique droit sur OTCleanIt et choisis Exécuter en tant qu'administrateur. 
Clique sur le bouton "CleanUp!" . 
Sélectionne Oui lorsque la demande " processus de nettoyage?" s'affiche. 
Si tu es invité à redémarrer le PC au cours de l'assainissement, sélectionne Oui. 
L'outil va se supprimer lui-même une fois la fin de l'opération. 
Sinon supprime le manuellement.

le dernier point


desinstaller antivir

https://www.commentcamarche.net/faq/7367-desinstaller-proprement-liens-et-astuces#antivir

et la communauté d'helpeur s'accorde pour préférer de loin Antivir à Avast

lepsis · Answer

ok, merci
y-a-t-il autre chose à faire ?

moment de grace · Answer

mettre ce sujet en résolu et être prudent...

lepsis · Answer

ok, merci beaucoup pour votre aide et patience !

Infection virus cheval de troie Win 32

31 réponses

Discussions similaires

Newsletters