> Tous les forums > Forum Sécurité
 Ccomment supprimer virus TROJAN.GENERIC.1133786Sujet résolu
Ajouter un message à la discussion
Page : [1] 
Page 1 sur 1
stique1
  Posté le 28/05/2009 @ 13:34 
Aller en bas de la page 
Petit astucien

Bonjour j'ai un gros virus, pourriez vous m'aider a l'enlever

merci d'avance pour votre aide.

Voila le rapport :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:33:56, on 28/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\aih\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\aih\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Barre d'outils &Crawler - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\aih\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDB42931-5074-4E04-B7EE-9304483E6855}: NameServer = 193.95.93.77,193.95.66.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1c9cfecb22d8dc0) (gupdate1c9cfecb22d8dc0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdj_device - - C:\Windows\system32\lxdjcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 8026 bytes

Publicité
nardino
 Posté le 28/05/2009 à 14:02 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonjour.

Quels sont les signes qui te laissent croire à une infection ?

@+

stique1
 Posté le 28/05/2009 à 17:05 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

c'est mon spyware terminator qui m'a dit qu'il était la ce virus,

http://www.spywareterminator.com/fr/item/124575/details.html

j'ai rien demandé a mon pc

merci

nardino
 Posté le 28/05/2009 à 17:29 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonjour,

As-tu fait un scan avec Antivir ?

@+

stique1
 Posté le 28/05/2009 à 18:24 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

voila le rapport anitivir :

Avira AntiVir Personal
Report file date: jeudi 28 mai 2009 15:40

Scanning for 1431723 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-AIH

Version information:
BUILD.DAT : 8.2.0.353 17048 Bytes 15/05/2009 12:02:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 26/11/2008 08:08:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 08:36:48
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 09:09:24
ANTIVIR2.VDF : 7.1.4.0 2336768 Bytes 20/05/2009 08:16:07
ANTIVIR3.VDF : 7.1.4.30 275968 Bytes 28/05/2009 08:16:08
Engineversion : 8.2.0.180
AEVDF.DLL : 8.1.1.1 106868 Bytes 04/05/2009 07:40:41
AESCRIPT.DLL : 8.1.2.0 389497 Bytes 16/05/2009 08:58:32
AESCN.DLL : 8.1.2.3 127347 Bytes 16/05/2009 08:58:31
AERDL.DLL : 8.1.1.3 438645 Bytes 06/11/2008 08:13:52
AEPACK.DLL : 8.1.3.18 401783 Bytes 28/05/2009 08:16:11
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 08:41:10
AEHEUR.DLL : 8.1.0.129 1761655 Bytes 16/05/2009 08:58:30
AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 08:41:04
AEGEN.DLL : 8.1.1.44 348532 Bytes 16/05/2009 08:58:26
AEEMU.DLL : 8.1.0.9 393588 Bytes 22/10/2008 15:23:30
AECORE.DLL : 8.1.6.12 180599 Bytes 28/05/2009 08:16:09
AEBB.DLL : 8.1.0.3 53618 Bytes 22/10/2008 15:23:24
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.3 155688 Bytes 21/04/2009 08:08:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: C:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: jeudi 28 mai 2009 15:40

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ieuser.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'CToolbar.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'Mise-a-jour-LiveSearch.exe' - '1' Module(s) have been scanned
Scan process 'Notification-LiveSearch.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'SpywareTerminatorShield.Exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'WDBtnMgrUI.exe' - '1' Module(s) have been scanned
Scan process 'lxdjamon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WDBtnMgrSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sp_rsser.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'IoctlSvc.exe' - '1' Module(s) have been scanned
Scan process 'NBService.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'lxdjcoms.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
61 processes with 61 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
[INFO] Please restart the search with Administrator rights

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '37' files ).


Starting the file scan:

Begin scan in 'C:\' <HDD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!


End of the scan: jeudi 28 mai 2009 16:21
Used time: 41:08 Minute(s)

The scan has been done completely.

22509 Scanning directories
577921 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
577919 Files not concerned
4464 Archives were scanned
6 Warnings
0 Notes

nardino
 Posté le 28/05/2009 à 19:10 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonsoir.

Tu ne peux pas le supprimer avec Spyware Terminator ?

As-tu le nom et l'arborescence exacte du fichier ?

Le rapport Antivir est clean.

@+

stique1
 Posté le 29/05/2009 à 10:31 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Non désolé je n'ai pas le nom

merci

nardino
 Posté le 29/05/2009 à 11:04 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonjour

Spyware Terminator doit bien établir un rapport.

Postes-le moi pour y trouver les indications.

@+

stique1
 Posté le 29/05/2009 à 11:29 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Logfile of Spyware Terminator v2.5.6.316 (db:3.005.027.000)
Scan Time: 28/05/2009 10:00:19 length: 1265 s
Platform: VISTA (6.0.0.6001)
User: Admin
Boot Mode: Normal
Scan type: Full_Spyware_Scan
Scanned Objects: 87572 (Critical:1)
Filter: No System items, No Safe items, No Invalid items

Running Processes
nvvsvc.exe [NVIDIA Corporation] : C:\Windows\system32\nvvsvc.exe
SLsvc.exe [Microsoft Corporation] : C:\Windows\system32\SLsvc.exe
rundll32.exe [Microsoft Corporation] : C:\Windows\system32\rundll32.exe
AppleMobileDeviceService.exe [Apple Inc.] : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
lxdjcoms.exe [ ] : C:\Windows\system32\lxdjcoms.exe
GoogleUpdate.exe [Google Inc.] : C:\Program Files\Google\Update\GoogleUpdate.exe
NBService.exe [Nero AG] : C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
IoctlSvc.exe [Prolific Technology Inc.] : C:\Windows\system32\IoctlSvc.exe
WDBtnMgrSvc.exe [WDC] : C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
rundll32.exe [Microsoft Corporation] : C:\Windows\system32\rundll32.exe
lxdjamon.exe : C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
WDBtnMgrUI.exe [WDC] : C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
msnmsgr.exe [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
Notification-LiveSearch.exe [Microsoft Corporation] : C:\Users\aih\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
Mise-a-jour-LiveSearch.exe [Microsoft Corporation] : C:\Users\aih\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
iPodService.exe [Apple Inc.] : C:\Program Files\iPod\bin\iPodService.exe
wlcomm.exe [Microsoft Corporation] : C:\Program Files\Windows Live\Contacts\wlcomm.exe

Internet Settings
R - HKCU\Software\Microsoft\Internet Explorer\Main, Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://www.msn.com/
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - [RealPlayer] : C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
02 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - [Packard Bell] : C:\Program Files\Google\Google_BAE\BAE.dll

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, msnmsgr : [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msnmsgr.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, lxdjamon : : C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AppleSyncNotifier : [Apple Inc.] : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, WD Drive Manager : [WDC] : C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Adobe Reader Speed Launcher : [Adobe Systems Incorporated] : C:\Program Files\ADOBE\READER 8.0\READER\READER_SL.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs : [Google] : C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll

Shell Extensions
CLSID_PreviewMime - {92dbad9f-5025-49b0-9078-2d78f935e341} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
CLSID_PreviewEmail - {b9815375-5d7f-4ce2-9245-c9d4da436930} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
CLSID_PreviewHtml - {f8b8412b-dea3-4130-b36c-5e8be73106ac} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
Shell Message Handler - {5FA29220-36A1-40f9-89C6-F4B384B7642E} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
Microsoft Office Outlook - {00020d75-0000-0000-c000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\MLSHEXT.DLL
Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - [Microsoft Corporation] : C:\Windows\MSAgent\agentpsh.dll
CompressedFolder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder Context Menu - {b8cdcb65-b1bf-4b42-9428-1dfdb7ee92af} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Compressed (zipped) Folder DropHandler - {ed9d80b9-d157-457b-9192-0e7280313bf0} - [Microsoft Corporation] : C:\Windows\system32\zipfldr.dll
Windows Photo Gallery Viewer Video Verbs - {E598560B-28D5-46aa-A14A-8A3BEA34B576} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoViewer.dll
&Windows Media Player - {0a4286ea-e355-44fb-8086-af3df7645bd9} - [Microsoft Corporation] : C:\Program Files\Windows Media Player\wmpband.dll
- {BB6B2374-3D79-41DB-87F4-896C91846510} - [Microsoft Corporation] : C:\Windows\system32\emdmgmt.dll
Windows Photo Gallery Viewer Autoplay Handler - {9D687A4C-1404-41ef-A089-883B6FBECDE6} - [Microsoft Corporation] : C:\Windows\system32\rundll32.exe
Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - [Microsoft Corporation] : C:\Windows\system32\audiodev.dll
PhotoAcqDropTarget - {00f20eb5-8fd6-4d9d-b75e-36801766c8f1} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoAcq.dll
Windows Photo Gallery Viewer Image Verbs - {FFE2A43C-56B9-4bf5-9A79-CC6D4285608A} - [Microsoft Corporation] : C:\Program Files\Windows Photo Gallery\PhotoViewer.dll
Tablet PC Input Panel - {15D633E2-AD00-465b-9EC7-F56B7CDF8E27} - [Microsoft Corporation] : C:\Program Files\Common Files\microsoft shared\ink\TipBand.dll
Windows gadget DropTarget - {6b9228da-9c15-419e-856c-19e768a13bdc} - [Microsoft Corporation] : C:\Program Files\Windows Sidebar\sbdrop.dll
NeroCoverEdLiveIcons Class - {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} - [Nero AG] : C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
Dossiers Web - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} - [Microsoft Corporation] : C:\Program Files\Common Files\microsoft shared\Web Folders\MSONSEXT.DLL
Outlook File Icon Extension - {0006F045-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\Program Files\Microsoft Office\OFFICE11\OLKFSTUB.DLL
CLSID_WLMCMimeFilter - {0563DB41-F538-4B37-A92D-4659049B7766} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll
- {06A2568A-CED6-4187-BB20-400B8C02BE5A} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
Windows Live Photo Gallery Viewer Autoplay Shim - {00F33137-EE26-412F-8D71-F84E4C2C6625} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Autoplay Drop Target - {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} - [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
Windows Live Photo Gallery Editor Drop Target - {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} - [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
Windows Live Photo Gallery Viewer Drop Target - {00F374B7-B390-4884-B372-2FC349F2172B} - [Microsoft Corporation] : C:\Program Files\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE
Windows Live Photo Gallery Viewer Shim - {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Editor Shim - {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
Windows Live Photo Gallery Viewer Autoplay Shim - {00F30F90-3E96-453B-AFCD-D71989ECC2C7} - [Microsoft Corporation] : C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
iTunes - {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} - [Apple Inc.] : C:\Program Files\iTunes\iTunesMiniPlayer.dll
RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Program Files\Real\RealPlayer\rpshell.dll

Protocol Handler
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll
MHTML Asynchronous Pluggable Protocol Handler - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - [Microsoft Corporation] : C:\Windows\system32\inetcomm.dll
Microsoft Infotech Storage Protocol for IE 4.0 - {0A9007C0-4076-11D3-8789-0000F8105754} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
- {828030A1-22C1-4009-854F-8E305202313F} - [Microsoft Corporation] : C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll
Windows Live Mail HTML Asynchronous Pluggable Protocol Handler - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - [Microsoft Corporation] : C:\Program Files\Windows Live\Mail\mailcomm.dll

Services
23 - [Apple Inc.] : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\bowser.sys
23 - [Microsoft Corporation] : C:\Windows\system32\Drivers\dfsc.sys
23 - [GEAR Software Inc.] : C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23 - [Realtek Semiconductor Corp.] : C:\Windows\system32\drivers\RTKVHDA.sys
23 - [Apple Inc.] : C:\Program Files\iPod\bin\iPodService.exe
23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\msiscsi.sys
23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\mrxsmb10.sys
23 - [Microsoft Corporation] : C:\Windows\system32\DRIVERS\mssmbios.sys
23 - [Nero AG] : C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
23 - [NVIDIA Corporation] : C:\Windows\system32\DRIVERS\nvmfdx32.sys
23 - [NVIDIA Corporation] : C:\Windows\system32\DRIVERS\nvlddmkm.sys
23 - [NVIDIA Corporation] : C:\Windows\system32\drivers\nvraid.sys
23 - [NVIDIA Corporation] : C:\Windows\system32\drivers\nvrd32.sys
23 - [NVIDIA Corporation] : C:\Windows\system32\drivers\nvstor32.sys
23 - [NVIDIA Corporation] : C:\Windows\system32\nvvsvc.exe
23 - [Philips Applied Technologies] : C:\Windows\system32\DRIVERS\phaudlwr.sys
23 - [Prolific Technology Inc.] : C:\Windows\system32\IoctlSvc.exe
23 - [Microsoft Corporation] : C:\Windows\system32\drivers\rdpencdd.sys
23 - [Microsoft Corporation] : C:\Windows\system32\SLsvc.exe
23 - : C:\Windows\system32\drivers\SPC530.sys
23 - : C:\Windows\system32\drivers\SPC530m.sys
23 - [Crawler.com] : C:\Windows\system32\drivers\sp_rsdrv2.sys
23 - [WDC] : C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

Threat Files
<Trojan.Generic.1133786> : C:\Users\aih\AppData\Roaming\Microsoft\Live Search\Suppression-Live-Search.exe

Advanced Files Report
%SYSDIR%\nvvsvc.exe [NVIDIA Corporation] [NVIDIA Driver Helper Service, Version 177.79] MD5=444E6939C6A8E010EFB3B9C771772C9C SIZE=196608
%SYSDIR%\RtkAPO.dll [Realtek Semiconductor Corp.] [Realtek(r) LFX/GFX DSP component] MD5=3ECFFF6C69A056B0BEAD2CD7F96F9961 SIZE=1766912
%SYSDIR%\SLsvc.exe [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=0BA91E1358AD25236863039BB2609A2E SIZE=2623488
%SYSDIR%\rundll32.exe [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=4B555106290BD117334E9A08761C035A SIZE=44544
%SYSDIR%\NVSVC.DLL [NVIDIA Corporation] [NVIDIA Driver Helper Service, Version 177.79] MD5=C0ADA8B3ADCF7057437DBFA4C0917C3F SIZE=608800
%SYSDIR%\nvapi.dll [NVIDIA Corporation] [NVIDIA Windows drivers] MD5=61109AF660EEA4D03BC7CF3D51880E27 SIZE=483328
%COMMONFILES%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [Apple Inc.] [Apple Mobile Device Service] MD5=367592EFCA7FF8B4CE11AB6B0744E1E2 SIZE=132424
%SYSDIR%\lxdjcoms.exe [Printer Communication System] MD5=76B255EC66E5A60BDA711637088EC49C SIZE=537520
%PROGRAMFILES%\Google\Update\GoogleUpdate.exe [Google Inc.] [Google Update] MD5=626A24ED1228580B9518C01930936DF9 SIZE=133104
%PROGRAMFILES%\Google\Update\1.2.145.5\goopdate.dll [Google Inc.] [Google Update] MD5=625B4E355A33134AE59AAF0A12DB75EA SIZE=669168
%PROGRAMFILES%\Nero\Nero8\Nero BackItUp\NBService.exe [Nero AG] [Nero BackItUp] MD5=C5052FB77AA42ED440F9F6B4E37145A9 SIZE=869672
%PROGRAMFILES%\Nero\Nero8\Nero BackItUp\NB.dll [Nero AG] [Nero BackItUp] MD5=C5F6DF715B407D2560DDCFEF8A3ED5A8 SIZE=1021224
%PROGRAMFILES%\Nero\Nero8\Nero BackItUp\NeroAPIGlueLayerUnicode.dll [Nero AG] [NeroAPIGlueLayerUnicode] MD5=7071F2A6F17BBB208AB611FFBE5BC3FF SIZE=140584
%PROGRAMFILES%\Nero\Nero8\Nero BackItUp\LBFC.dll [Nero AG] [Nero BackItUp] MD5=A3E29F73CE5945081CFE41051B545B16 SIZE=410920
%PROGRAMFILES%\Nero\Nero8\Nero BackItUp\NBHDMgr.dll [Nero AG] [Nero BackItUp] MD5=CAF772EED3B61CB87609679ACDAAA22D SIZE=570664
%SYSDIR%\IoctlSvc.exe [Prolific Technology Inc.] [IoctlSvc Application] MD5=875E4E0661F3A5994DF9E5E3A0A4F96B SIZE=81920
%SYSDIR%\xrwcscd.dll [Xerox Corporation] [WorkCentre/Pro] MD5=0DE9ACF3287002C3D982CA80BE2289A5 SIZE=96768
%SYSDIR%\xrwc4ppb.dll [Xerox] [Xerox WorkCentre/Pro] MD5=28804418C0109F94CC700050678CA437 SIZE=83456
%PROGRAMFILES%\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [WDC] [WD Drive Manager] MD5=B1391D35758DA0F5475304E29A1E048F SIZE=102400
%PROGRAMFILES%\Real\RealPlayer\rpchromebrowserrecordhelper.dll MD5=1F1B0276FFB14D6014F4CFFCC6EE6F31 SIZE=8704
%SYSDIR%\nvd3dum.dll [NVIDIA Corporation] [NVIDIA Windows Vista WDDM driver] MD5=0D1EE3DED98F32238B18352885460F26 SIZE=5955584
%PROGRAMFILES%\Nero\Nero8\Nero BackItUp\NBShell.dll [Nero AG] [Nero BackItUp] MD5=59F1588005DE7D57CE7A859002C10863 SIZE=255272
%PROGRAMFILES%\Lexmark 1400 Series\App4R.Monitor.Core.dll MD5=F307EAF14451365E48734098C5764867 SIZE=40960
%PROGRAMFILES%\Lexmark 1400 Series\App4R.Monitor.Common.dll MD5=AA74803043E430CD69E8DDF2DBE99C3F SIZE=28672
%PROGRAMFILES%\Lexmark 1400 Series\App4R.DevMons.MCMDevMon.dll MD5=4276F8F4BB9C033DDE9D584E7B89BE59 SIZE=57344
%PROGRAMFILES%\Lexmark 1400 Series\App4R.DevMons.NetworkCardDevMon.dll [NetworkCardDevMon] MD5=C7093A310B2DD6CFB0436938711BA409 SIZE=20480
%PROGRAMFILES%\Lexmark 1400 Series\App4R.DevMons.ScanDevMon.dll MD5=A8EFD009143C7AB1731235524B54341D SIZE=20480
%PROGRAMFILES%\Lexmark 1400 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll MD5=82696F34A604B65B4102CA96DA153EF1 SIZE=11776
%PROGRAMFILES%\iTunes\iTunesHelper.Resources\fr.lproj\iTunesHelperLocalized.DLL [Apple Inc.] [iTunes] MD5=77088EEC890C4E5E2EA74499042632D3 SIZE=44032
%PROGRAMFILES%\iTunes\iTunesHelper.Resources\iTunesHelper.DLL [Apple Inc.] [iTunes] MD5=C040F264D19CBA0F70B97F1F21C4521C SIZE=42496
%PROGRAMFILES%\QuickTime\QTSystem\QuickTime.qts [Apple Inc.] [QuickTime] MD5=1F95F072D1384B6C0F9245318D35B6A5 SIZE=13197312
%COMMONFILES%\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll [Apple Inc.] [iTunesMobileDevice] MD5=72BA53F115812F5EC63B64D926903918 SIZE=1265664
%PROGRAMFILES%\Google\Google Desktop Search\GoogleDesktopResources_fr.dll [Google] [Google Desktop] MD5=A58A9D9B54B9E26D71454AA85C2DCBA8 SIZE=572416
%PROGRAMFILES%\Google\Google Desktop Search\GoogleDesktopAPI2.dll [Google] [Google Desktop] MD5=C0ABD19C5099DCD807715C1C6CD920E1 SIZE=498688
%PROGRAMFILES%\Google\Google Desktop Search\GoogleDesktopCommon.dll [Google] [Google Desktop] MD5=01BC94B2FC09A0CAFA5970FD6A97D57D SIZE=200192
%APPDATA%\Microsoft\Live Search\Notification-LiveSearch.exe [Microsoft Corporation] [LiveSearch] MD5=B0CF42ED486274C69B23C33351436269 SIZE=143360
%APPDATA%\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe [Microsoft Corporation] [LiveSearch] MD5=A67C3C0E89890195FB7AD070AB137BD6 SIZE=125440
%PROGRAMFILES%\iPod\bin\iPodService.exe [Apple Inc.] [iTunes] MD5=F055C1760ABFA52B159985E551EA0EDC SIZE=656168
%PROGRAMFILES%\iPod\bin\iPodService.Resources\fr.lproj\iPodServiceLocalized.DLL [Apple Inc.] [iTunes] MD5=EC0D779248C77BF105B890F23605E27A SIZE=43520
%PROGRAMFILES%\iPod\bin\iPodService.Resources\iPodService.DLL [Apple Inc.] [iTunes] MD5=E55891FE7FD0A97EAFFE80FCC43BBA55 SIZE=42496
%PROGRAMFILES%\Windows Live\Contacts\wlcomm.exe [Microsoft Corporation] [Windows Live Communications Platform] MD5=654480EA67078C7B4C6C8BA871B07D5D SIZE=27512
%PROGRAMFILES%\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll [RealPlayer] MD5=A064EA1055857ACF09FFBE02E33CDC3D SIZE=192512
%PROGRAMFILES%\Real\RealPlayer\lang\rpbrp_fr.dll [RealNetworks, Inc.] [RealPlayer] MD5=72C79769FC2F0C1A3027F8C8C35C0C4C SIZE=167936
%SYSDIR%\Macromed\Flash\NPSWF32.dll [Adobe Systems, Inc.] [Shockwave Flash] MD5=9BDD20A1787CC41C9F8D9B1272345B5E SIZE=3771296
%SYSDIR%\inetcomm.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=D9D2BD831C93EAA7CE7BEC712ED2081E SIZE=738304
%PROGRAMFILES%\Microsoft Office\OFFICE11\MLSHEXT.DLL [Microsoft Corporation] [Microsoft Office Outlook] MD5=E79956F4AEC40921F1766C76F015C7AD SIZE=33152
%WINDIR%\MSAgent\agentpsh.dll [Microsoft Corporation] [Microsoft Agent Property Sheet Handler] MD5=F0B6186AEB591642784D6FFDC2D625BC SIZE=30720
%SYSDIR%\zipfldr.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=F41857E440A9DF3FD5A543C8B2A53048 SIZE=342016
%PROGRAMFILES%\Windows Photo Gallery\PhotoViewer.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=2AAD5D8541ABFD8EC8877773291250AC SIZE=2314240
%PROGRAMFILES%\Windows Media Player\wmpband.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=E7369CA015162EF4F9E207897EF7DED8 SIZE=99328
%SYSDIR%\emdmgmt.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=70B1A86DF0C8EAD17D2BC332EDAE2C7C SIZE=565248
%SYSDIR%\audiodev.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=67C30FAFA58BD7E02A9DA8BE28512934 SIZE=244224
%PROGRAMFILES%\Windows Photo Gallery\PhotoAcq.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=B5D79B4F81DAA75BBB3DD9F481ADF41B SIZE=1030144
%COMMONFILES%\microsoft shared\ink\TipBand.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=A8F2BB769FA35F9C2867746B671EB662 SIZE=114688
%PROGRAMFILES%\Windows Sidebar\sbdrop.dll [Microsoft Corporation] [Système d'exploitation Microsoft® Windows®] MD5=A74701976D6D75099B9FCA993685C452 SIZE=66048
%PROGRAMFILES%\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll [Nero AG] [Cover Designer] MD5=3BB0E9C6DB4AA1FBAAFF1AE08FB2BC7A SIZE=2106664
%COMMONFILES%\microsoft shared\Web Folders\MSONSEXT.DLL [Microsoft Corporation] [SharePoint Portal Server] MD5=32E82A0C6D4272407DC8547354EFA42B SIZE=1293008
%PROGRAMFILES%\Microsoft Office\OFFICE11\OLKFSTUB.DLL [Microsoft Corporation] [Microsoft Office Outlook] MD5=C027689A05E6B67018DF7614A27C6894 SIZE=236416
%PROGRAMFILES%\Windows Live\Mail\mailcomm.dll [Microsoft Corporation] [Windows Live Mail] MD5=59A5278FE5651900DBD5762E604E7545 SIZE=791392
%PROGRAMFILES%\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Microsoft Corporation] [Windows Live® Photo Gallery] MD5=3B52BE4CAC867A0A7E402AB00712D2D0 SIZE=231304
%PROGRAMFILES%\Windows Live\Photo Gallery\PhotoViewerShim.dll [Microsoft Corporation] [Windows Live® Photo Gallery] MD5=38E8F4ADC13A4634E6EB73AA384B793A SIZE=43912
%PROGRAMFILES%\WINDOWS LIVE\PHOTO GALLERY\WLXPHOTOGALLERY.EXE [Microsoft Corporation] [Galerie de photos Windows Live®] MD5=3828EF719165933C7D090B871A7522BC SIZE=139144
%PROGRAMFILES%\iTunes\iTunesMiniPlayer.dll [Apple Inc.] [iTunes] MD5=841EEAEC5B580F92B110CAACC36C3F4C SIZE=147240
%PROGRAMFILES%\Real\RealPlayer\rpshell.dll [RealNetworks, Inc.] [RealPlayer] MD5=E56ADA1922D173913EF98470FC4788DF SIZE=63016
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\svchost.exe -k LocalSystemNetworkRestricted
%SYSDIR%\svchost.exe -k LocalServiceNetworkRestricted
%SYSDIR%\svchost.exe -k LocalServiceNoNetwork
%SYSDIR%\DRIVERS\bowser.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=74B442B2BE1260B7588C136177CEAC66 SIZE=69632
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\svchost.exe -k DcomLaunch
%SYSDIR%\Drivers\dfsc.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=9E635AE5E8AD93E2B5989E2E23679F97 SIZE=75264
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\DRIVERS\GEARAspiWDM.sys [GEAR Software Inc.] [CD DVD Filter] MD5=F2F431D1573EE632975C524418655B84 SIZE=23400
%SYSDIR%\drivers\RTKVHDA.sys [Realtek Semiconductor Corp.] [Realtek(r) High Definition Audio Function Driver] MD5=04BEF1C4AA990E0D5851C7532FC8642C SIZE=1655464
%SYSDIR%\DRIVERS\msiscsi.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=F247EEC28317F6C739C16DE420097301 SIZE=181304
%SYSDIR%\lxdjcoms.exe -service
%SYSDIR%\DRIVERS\mrxsmb10.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=0A986B34F1678A2697574D7B1664E2DD SIZE=212480
%SYSDIR%\DRIVERS\mssmbios.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=E384487CB84BE41D09711C30CA79646C SIZE=31288
%SYSDIR%\DRIVERS\nvmfdx32.sys [NVIDIA Corporation] [NVIDIA Networking Driver] MD5=D668632606D1CEBF0B6EC64C1DF7ED6F SIZE=1040544
%SYSDIR%\DRIVERS\nvlddmkm.sys [NVIDIA Corporation] [NVIDIA Compatible Windows Vista Kernel Mode Driver, Version 177.79] MD5=4FF7BF82A418809950828619BB661BF8 SIZE=7281056
%SYSDIR%\drivers\nvraid.sys [NVIDIA Corporation] [NVIDIA nForce(TM) RAID Driver] MD5=2EDF9E7751554B42CBB60116DE727101 SIZE=102968
%SYSDIR%\drivers\nvrd32.sys [NVIDIA Corporation] [NVIDIA nForce(TM) RAID Driver] MD5=CA4CCEFF1D43F48A289536451FD39D04 SIZE=131616
%SYSDIR%\drivers\nvstor32.sys [NVIDIA Corporation] [NVIDIA nForce(TM) SATA Driver] MD5=F2D7CCD75132F19119108E07A4FD0A12 SIZE=110624
%SYSDIR%\DRIVERS\phaudlwr.sys [Philips Applied Technologies] [Philips USB Audio Processing] MD5=427E58B9357FBA0FDCEC08F3930A7325 SIZE=88704
%SYSDIR%\svchost.exe -k NetworkServiceNetworkRestricted
%SYSDIR%\drivers\rdpencdd.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=9D91FE5286F748862ECFFA05F8A0710C SIZE=6144
%SYSDIR%\svchost.exe -k rpcss
%SYSDIR%\drivers\SPC530.sys [ST-VIBU STV Camera Driver] MD5=437198C0D349B0E0D4305D3081C5E912 SIZE=486912
%SYSDIR%\drivers\SPC530m.sys [ST-VIBU STV Camera Driver] MD5=92E0CE241498B483404A957E709329CC SIZE=7680
%SYSDIR%\drivers\sp_rsdrv2.sys [Crawler.com] [Spyware Terminator] MD5=8831252BCF05FCFB5ABD116A22E552D8 SIZE=142592
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\svchost.exe -k WerSvcGroup
%SYSDIR%\svchost.exe -k secsvcs
%SYSDIR%\SearchIndexer.exe \Embedding
%SYSDIR%\mscoree.dll [Microsoft Corporation] [Microsoft® .NET Framework] MD5=C99248B969A799B771F484CD68BCB96E SIZE=282112
%PROGRAMFILES%\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll [Microsoft Corporation] [Windows Live Messenger Protocol Handler Module] MD5=4BE65CE9440542F617CDA4ECF8867FBF SIZE=62304
%COMMONFILES%\Microsoft Shared\Information Retrieval\msitss.dll [Microsoft Corporation] [Microsoft(R) Infotech Information Storage System Library] MD5=BBFF7F0AC61F8A29241BC00B3785CCB0 SIZE=230760

End of Report

Publicité
nardino
 Posté le 29/05/2009 à 14:43 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonjour.

Faux positif possible.

Sur ce site : VirusTotal fais analyser le, fichier suivant et poste le rapport

C:\Users\aih\AppData\Roaming\Microsoft\Live Search\Suppression-Live-Search.exe

Télécharge Toolbar-S&D de Eric_71

Sur ton bureau, impératif.

**Recherche**

Double clique sur le fichier ToolBar SD.exe, avec élévation des privilèges sous Vista.

Coche la case "Je suis d'accord...ci-dessus", accepter la création du répertoire par Oui, puis Suivant et Quitter
Une icône sera crée sur le bureau ToolBar SD

Sous Vista, faire un clic droit et Exécuter en tant qu'administrateur (Elévation des privilèges.), puis Continuer.
Dans la fenêtre DOS bleue, Tape F, puis Entrer.
Ensuite tape 1 et Entrer.
Le système va redémarrer et le scan prendra quelques minutes.
Une fois terminé un rapport TB.txt va s'ouvrir.
Tu cliques dessus et tu fais :
CTRL+A pour tout sélectionner
CTRL+C pour tout mettre dans le presse-papier
Tu ouvres une réponse sur le forum et tu fais :
CTRL+V pour coller le rapport dans cette réponse.
Tu fermes le rapport sur ton bureau et tu attends les résultats de l'analyse.
Ce rapport sera enregistré à la racine du système : C:\TB.txt

@+

stique1
 Posté le 29/05/2009 à 16:06 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : aih ( Administrator )
BOOT : Normal boot
Antivirus : Spyware Terminator 2.5.6.316 (Activated)
C:\ (Local Disk) - NTFS - Total:584 Go (Free:438 Go)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( 29/05/2009|14:05 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Barre d'outils Crawler
C:\Users\aih\AppData\Roaming\MICROS~1\Windows\Cookies\aih@dnl.crawler[1].txt
C:\Program Files\Crawler
C:\Program Files\Crawler\Download
C:\Program Files\Crawler\Toolbar
C:\Program Files\Crawler\Toolbar\adrkeys.dat
C:\Program Files\Crawler\Toolbar\Cache
C:\Program Files\Crawler\Toolbar\COMMON_FF.dat
C:\Program Files\Crawler\Toolbar\confirm.dat
C:\Program Files\Crawler\Toolbar\ctbcomm.dll
C:\Program Files\Crawler\Toolbar\ctbr.dll
C:\Program Files\Crawler\Toolbar\CTConf.dat
C:\Program Files\Crawler\Toolbar\CTipsDef.dll
C:\Program Files\Crawler\Toolbar\CToolbar.exe
C:\Program Files\Crawler\Toolbar\CUpdate.exe
C:\Program Files\Crawler\Toolbar\firefox
C:\Program Files\Crawler\Toolbar\Languages
C:\Program Files\Crawler\Toolbar\lookfor.dat
C:\Program Files\Crawler\Toolbar\majorse.dat
C:\Program Files\Crawler\Toolbar\rootmenu.dat
C:\Program Files\Crawler\Toolbar\services.dat
C:\Program Files\Crawler\Toolbar\STWSGLanguageAct
C:\Program Files\Crawler\Toolbar\STWSG_FF.dat
C:\Program Files\Crawler\Toolbar\TBR5LanguageAct
C:\Program Files\Crawler\Toolbar\Update
C:\Program Files\Crawler\Toolbar\WebSecurityGuard.dll
C:\Program Files\Crawler\Toolbar\WSGData
C:\Program Files\Crawler\Toolbar\Cache\COMMON
C:\Program Files\Crawler\Toolbar\Cache\STWSG
C:\Program Files\Crawler\Toolbar\Cache\COMMON\CLEANUP_BMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\CLEANUP_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\CLEANUP_MENU.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\DIRLIST_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\DIRLIST_MENU.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\ECARDS_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\ECARDS_MENU.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\EMAIL_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\GAMES_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\GAMES_MENU.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\SHOP_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\SPELL_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\TRAVEL_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\WAYBACK_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\WP_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\COMMON\YP_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\STWSG\STBUTTON_BMP.dat
C:\Program Files\Crawler\Toolbar\Cache\STWSG\STBUTTON_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\STWSG\STBUTTON_MENU.dat
C:\Program Files\Crawler\Toolbar\Cache\STWSG\WSGBUTTON_BMP.dat
C:\Program Files\Crawler\Toolbar\Cache\STWSG\WSGBUTTON_CHBMP.dat
C:\Program Files\Crawler\Toolbar\Cache\STWSG\WSGBUTTON_MENU.dat
C:\Program Files\Crawler\Toolbar\firefox\chrome
C:\Program Files\Crawler\Toolbar\firefox\chrome.manifest
C:\Program Files\Crawler\Toolbar\firefox\components
C:\Program Files\Crawler\Toolbar\firefox\install.ini
C:\Program Files\Crawler\Toolbar\firefox\install.rdf
C:\Program Files\Crawler\Toolbar\firefox\stwsg_ff.ini
C:\Program Files\Crawler\Toolbar\firefox\chrome\common.jar
C:\Program Files\Crawler\Toolbar\firefox\chrome\stwsg.jar
C:\Program Files\Crawler\Toolbar\firefox\components\xcomm.dll
C:\Program Files\Crawler\Toolbar\firefox\components\xplugin.xpt
C:\Program Files\Crawler\Toolbar\firefox\components\xshared.dll
C:\Program Files\Crawler\Toolbar\firefox\components\xshared.xpt
C:\Program Files\Crawler\Toolbar\firefox\components\xsupport.dll
C:\Program Files\Crawler\Toolbar\firefox\components\xsupport.xpt
C:\Program Files\Crawler\Toolbar\firefox\components\xwsg.dll
C:\Program Files\Crawler\Toolbar\Languages\STWSG_CS.cab
C:\Program Files\Crawler\Toolbar\Languages\STWSG_DE.cab
C:\Program Files\Crawler\Toolbar\Languages\STWSG_EN.cab
C:\Program Files\Crawler\Toolbar\Languages\STWSG_ES.cab
C:\Program Files\Crawler\Toolbar\Languages\STWSG_FF.cab
C:\Program Files\Crawler\Toolbar\Languages\STWSG_FR.cab
C:\Program Files\Crawler\Toolbar\Languages\STWSG_IT.cab
C:\Program Files\Crawler\Toolbar\Languages\STWSG_NL.cab
C:\Program Files\Crawler\Toolbar\Languages\STWSG_PT-BR.cab
C:\Program Files\Crawler\Toolbar\Languages\STWSG_PT.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_CS.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_DE.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_EN.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_ES.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_FR.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_IT.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_NL.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_PL.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_PT-BR.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_PT.cab
C:\Program Files\Crawler\Toolbar\Languages\TBR5_RU.cab
C:\Program Files\Crawler\Toolbar\STWSGLanguageAct\info.ini
C:\Program Files\Crawler\Toolbar\STWSGLanguageAct\language.ini
C:\Program Files\Crawler\Toolbar\TBR5LanguageAct\info.ini
C:\Program Files\Crawler\Toolbar\TBR5LanguageAct\language.ini
C:\Program Files\Crawler\Toolbar\Update\domains.cab
C:\Program Files\Crawler\Toolbar\WSGData\domains
C:\Program Files\Crawler\Toolbar\WSGData\g_S-1-5-21-2043509144-1570293383-492697164-1000.dat
C:\Program Files\Crawler\Toolbar\WSGData\p_S-1-5-21-2043509144-1570293383-492697164-1000.dat
C:\Program Files\Crawler\Toolbar\WSGData\wfilter.dat
C:\Program Files\Crawler\Toolbar\WSGData\w_S-1-5-21-2043509144-1570293383-492697164-1000.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_000.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_000_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_001.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_001_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_002.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_002_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_003.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_003_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_004.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_004_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_005.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_005_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_006.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_006_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_007.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_007_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_008.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_008_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_009.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_009_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_010.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_010_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_011.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_011_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_012.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_012_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_013.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_013_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_014.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_014_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_015.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_015_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_016.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_016_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_017.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_017_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_018.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_018_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_019.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_019_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_020.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_020_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_021.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_021_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_022.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_022_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_023.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_023_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_024.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_024_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_025.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_025_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_026.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_026_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_027.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_027_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_028.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_028_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_029.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_029_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_030.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_030_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_031.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_031_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_032.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\domains_032_diff.dat
C:\Program Files\Crawler\Toolbar\WSGData\domains\index.dat
C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.google.com"
"Start Page"="http://fr.msn.com/"
"Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 30/01/2009|12:24 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 30/01/2009|14:55 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 30/01/2009|16:32 - Option : [2]
4 - "C:\ToolBar SD\TB_4.txt" - 30/01/2009|16:33 - Option : [1]
5 - "C:\ToolBar SD\TB_5.txt" - 29/05/2009|14:06 - Option : [1]

-----------\\ Fin du rapport a 14:06:04,46

nardino
 Posté le 29/05/2009 à 16:39 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonjour,


**Désinfection**

  • Relance Toolbar-S&D en double-cliquant sur le raccourci.
  • Tape sur "2" puis valide en appuyant sur "Entrée".
  • Ne ferme pas la fenêtre lors de la suppression.
  • Un nouveau rapport sera généré, poste son contenu ici.


NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.


**Désinstallation de ToolbarS&D**

Dans le menu Windows, Tous les programmes Toolbar S&D, tu cliques sur Désinstaller Toolbar S&D.
Valide par OK et OK sur les deux popups qui suivent.
Supprime le dossier C:\Toolbar SD et le fichier C:\TB.txt

Donne des nouvelles de tes problèmes et au besoin poste un nouveau rapport Hijackthis.

@+

stique1
 Posté le 29/05/2009 à 16:44 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1
X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : aih ( Administrator )
BOOT : Normal boot
Antivirus : Spyware Terminator 2.5.6.316 (Activated)
C:\ (Local Disk) - NTFS - Total:584 Go (Free:438 Go)
E:\ (USB)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [2] ( 29/05/2009|14:43 )

[ UAC => 1 ]

-----------\\ SUPPRESSION

Supprime! - C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Barre d'outils Crawler
Supprime! - C:\Users\aih\AppData\Roaming\MICROS~1\Windows\Cookies\aih@dnl.crawler[1].txt
Supprime! - C:\Program Files\Crawler\Download
Supprime! - C:\Program Files\Crawler\Toolbar
Supprime! - C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
Supprime! - C:\Program Files\Crawler

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\Windows\\system32\\blank.htm"
"Search Page"="http://www.google.com"
"Start Page"="http://fr.msn.com/"
"Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341"
"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"


--------------------\\ Recherche d'autres infections


Aucune autre infection trouvée !

[ UAC => 1 ]


1 - "C:\ToolBar SD\TB_1.txt" - 30/01/2009|12:24 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - 30/01/2009|14:55 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - 30/01/2009|16:32 - Option : [2]
4 - "C:\ToolBar SD\TB_4.txt" - 30/01/2009|16:33 - Option : [1]
5 - "C:\ToolBar SD\TB_5.txt" - 29/05/2009|14:06 - Option : [1]
6 - "C:\ToolBar SD\TB_6.txt" - 29/05/2009|14:44 - Option : [2]

-----------\\ Fin du rapport a 14:44:06,89

stique1
 Posté le 29/05/2009 à 16:50 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:50:14, on 29/05/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Lexmark 1400 Series\lxdjamon.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\aih\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\aih\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: Outil de notification Live Search.lnk = C:\Users\aih\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CDB42931-5074-4E04-B7EE-9304483E6855}: NameServer = 193.95.93.77,193.95.66.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Service Google Update (gupdate1c9cfecb22d8dc0) (gupdate1c9cfecb22d8dc0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxdj_device - - C:\Windows\system32\lxdjcoms.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 7466 bytes

Merci pour ton aide

nardino
 Posté le 29/05/2009 à 17:00 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonjour

Tu as oublié ceci :

Sur ce site : VirusTotal fais analyser le, fichier suivant et poste le rapport

C:\Users\aih\AppData\Roaming\Microsoft\Live Search\Suppression-Live-Search.exe

Fais-le, s'i lte plait.

@+

stique1
 Posté le 29/05/2009 à 17:04 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

salut il n'y a pas : Suppression-Live-Search.exe

voila ce qu'il ya :

mise a jour ou notification

nardino
 Posté le 29/05/2009 à 18:05 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Re,

Bizarre.

Pour Toolbar il faut le relancer avec élévation des privilèges car il ne semble pas avoir travaillé correctement.

Fais un clic-droit sur le raccourci et choisis :
"Exécuter en tant qu'administrateur"

Poste le nouveau rapport.

Avec toujours un log Hijackthis pour contrôle.

@+

Publicité
stique1
 Posté le 01/06/2009 à 12:46 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Bonjour Nardino j'éspére que t'as passé un bon weekend

Donc voila le rapport :

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft® Windows Vista™ Édition Familiale Premium ( v6.0.6001 ) Service Pack 1

X86-based PC ( Multiprocessor Free : Intel(R) Core(TM)2 Quad CPU Q6700 @ 2.66GHz )

BIOS : Phoenix - AwardBIOS v6.00PG

USER : aih ( Administrator )

BOOT : Normal boot

Antivirus : Spyware Terminator 2.5.6.316 (Activated)

C:\ (Local Disk) - NTFS - Total:584 Go (Free:439 Go)

E:\ (USB)

F:\ (USB)

G:\ (USB)

H:\ (USB)

I:\ (CD or DVD) - CDFS - Total:0 Go (Free:0 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )

Option : [1] ( 01/06/2009|10:42 )

[ UAC => 1 ]

-----------\\ Recherche de Fichiers / Dossiers ...

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Local Page"="C:\\Windows\\system32\\blank.htm"

"Search Page"="http://www.google.com"

"Start Page"="http://fr.msn.com/"

"Search Bar"="http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341"

"Url"="http://go.microsoft.com/fwlink/?LinkId=75720"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.msn.com/"

--------------------\\ Recherche d'autres infections

Aucune autre infection trouvée !

[ UAC => 1 ]

1 - "C:\ToolBar SD\TB_1.txt" - 01/06/2009|10:43 - Option : [1]

-----------\\ Fin du rapport a 10:43:05,25

et voila l'autre rapport :

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:47:08, on 01/06/2009

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18226)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\rundll32.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Lexmark 1400 Series\lxdjamon.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Users\aih\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

C:\Windows\System32\mobsync.exe

C:\Users\aih\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://format.packardbell.com/cgi-bin/redirect/?country=FR&range=AD&phase=8&key=IESTART

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [lxdjamon] "C:\Program Files\Lexmark 1400 Series\lxdjamon.exe"

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

O4 - Startup: Outil de notification Live Search.lnk = C:\Users\aih\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - cmdmapping - (no file) (HKCU)

O13 - Gopher Prefix:

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab

O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/VistaMSNPUpldfr-fr.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{CDB42931-5074-4E04-B7EE-9304483E6855}: NameServer = 193.95.93.77,193.95.66.10

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.7.801.7324 (GoogleDesktopManager-010708-104812) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Service Google Update (gupdate1c9cfecb22d8dc0) (gupdate1c9cfecb22d8dc0) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxdj_device - - C:\Windows\system32\lxdjcoms.exe

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe

O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--

End of file - 7514 bytes

voila et merci encore pour ton aide

nardino
 Posté le 01/06/2009 à 13:01 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonjour

Deux scories à nettoyer.
Lance Hijackthis par Do a system scan only, sans autre application lancée.
Coche les lignes suivantes :

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60341
R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - (no file)


Clique sur Fix checked et referme le programme.

Ne pas oublier l'élévation des privilèges sous Vista.
(Clic droit sur l'icône Hijackthis, puis sur Exécuter en tant qu'administrateur dans le menu déroulant.)

Si tu n'as plus de problèmes tu peux passer la question en résolu.

@+

stique1
 Posté le 01/06/2009 à 16:02 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

Merci pour tout nardino à la prochaine,

enfin j'éspére pas

Page : [1] 
Page 1 sur 1

Vous devez être connecté pour participer à la discussion.
Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !
Recevoir PC Astuces par e-mail


La Lettre quotidienne +226 000 inscrits
Avec l'actu, des logiciels, des applis, des astuces, des bons plans, ...

Les bonnes affaires
Une fois par semaine, un récap des meilleurs offres.

Les fonds d'écran
De jolies photos pour personnaliser votre bureau. Une fois par semaine.

Les nouveaux Bons Plans
Des notifications pour ne pas rater les bons plans publiés sur le site.

Les bons plans du moment PC Astuces

Tous les Bons Plans
13,99 €Clé USB Sandisk Ultra 64 Go à double connectique USB 3.1 Type A et C à 13,99 €
Valable jusqu'au 06 Mai

Amazon fait une promotion sur la clé USB Sandisk Ultra 64 Go à double connectique USB 3.1 Type A et C qui passe à 13,99 € alors qu'on la trouve ailleurs à plus de 25 €. Cette clé USB  dispose d'un connecteur réversible USB Type C et d'un connecteur classique de type A. Grâce à elle, transférez en toute simplicité et rapidement (jusqu'à 150 Mo/s) vos fichiers entre vos smartphones, tablettes et ordinateurs. 


> Voir l'offre
79,49 €Kit de 16 Go (2 x 8 Go) de mémoire DDR4 Corsair Vengeance LPX 3200 MHz à 79,49 €
Valable jusqu'au 06 Mai

Amazon fait une promotion sur le kit de 16 Go (2x8 Go) de mémoire DDR4 Corsair Vengeance LPX 3200 MHz CL16 qui passe à 79,49 € livrée gratuitement. Avec la remontée des prix de la mémoire, on le trouve ailleurs à plus de 100 €.


> Voir l'offre
21,75 €Lampe de chevet / de table Aukey tactile à 21,75 € avec le code YWQSS2F8
Valable jusqu'au 06 Mai

Amazon fait une promotion sur la lampe de chevet / de table Aukey tactile qui passe à 21,75 € avec le code YWQSS2F8. Touchez la surface supérieure pour allumer/éteindre ou maintenez appuyé pour graduer progressivement la luminosité jusqu'à obtenir le niveau souhaité.  La lampe s'allumera la fois suivante avec le dernier niveau de luminosité réglé.


> Voir l'offre

Sujets relatifs
trojan.generic impossible a supprimer via bitdefen
Kis:Virus HEUR Trojan-downloader.win32.generic
Virus: Trojan.Generic.1454305 (Moteur A)
Virus?Trojan? Impossible a supprimer ....
supprimer Virus win32:Trojan-gen. {Other}
virus heur.trojan.generic sur mon ordi ? c quoi ?
Ne peux supprimer virus generic.virtumonde
virus ou trojan generic.botget.0f705c9f
trojan / virus impossibles à supprimer :o(
méthode ultime pour supprimer virus, trojan, spywa
Plus de sujets relatifs à Ccomment supprimer virus TROJAN.GENERIC.1133786
 > Tous les forums > Forum Sécurité