Sujet Précédent Sujet Suivant

Spyware

Résolu
helies -  
 layman -
bonsoir à tout le monde
moi c'est yo
j'ai un spyware...
fond d'écran noir avec le mesage suivant :
Warning!
Your computer might be infected with spyware or adware !!!
Strange homepage, popups, loss of important data and unstable functioning are the sure signs that you are infected.
Spyware removers overview - compare, test and choose. Click here for more
merci de m'aider, je débute mais je me suis déjà renseigner sur le forum...
@+

Your computer is still vulnerable to new attacks
A voir également:

14 réponses

Réponse 1 / 14
balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
 
salut
telecharge
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
tu le decompresse tu double clik dessus et tu choisi l option 1
cela vas generer un rapport donne nous le
*******
redemarre en sans echec

relance le et choisi cette fois l option 2 et repond oui a tous
redemarre et donne le nouveau rapport
*******

redemarre
et vérifie ceci:
Démarrer > panneau de configuration > affichage
clic sur l'onglet bureau
clic sur personnalisation du bureau
clic sur l'onglet Web
supprime tout ce qui se trouve ici, sauf "Ma page d'acceuil" qui doit rester DECOCHE
une fois fait, ca doit etre comme sur cette image:
http://get.yourfile.net/ie52977.gif

puis remet un fond d'écran

et completer a la fin par hijack
fait ceci
HijackThis (ici) http://www.florensac-chasse-trap.com/ section virus/logiciel de securite
section virus demo animée sur la meme page

telecharge le et met le dans son propre dossier ex/c :hj

clik sur do a systeme scan et save a logfile
et copier coller le rapport
0
helies
 
merci de ta réponse
voici :

SmitFraudFix v1.91

Rapport fait à 23:56:11,96 le 24/10/2005
Executé à partir de C:\Documents and Settings\Lionel\Mes documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS

C:\WINDOWS\warnhp.html PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32

C:\WINDOWS\system32\hp????.tmp PRESENT !
C:\WINDOWS\system32\ld????.tmp PRESENT !
C:\WINDOWS\system32\mscornet.exe PRESENT !
C:\WINDOWS\system32\mssearchnet.exe PRESENT !
C:\WINDOWS\system32\msvol.tlb PRESENT !
C:\WINDOWS\system32\ncompat.tlb PRESENT !
C:\WINDOWS\system32\nvctrl.exe PRESENT !
C:\WINDOWS\system32\oleext.dll PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Lionel\Application Data

C:\Documents and Settings\Lionel\Application Data\Install.dat PRESENT !
C:\Documents and Settings\Lionel\Application Data\PSGuard.com PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Documents and Settings\Lionel\Bureau


»»»»»»»»»»»»»»»»»»»»»»»» Recherche C:\Program Files

C:\Program Files\P.S.Guard\ PRESENT!

»»»»»»»»»»»»»»»»»»»»»»»» Recherche présence de clés corrompues

HKLM\SOFTWARE\PSGuard.com Présent !

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
0
helies
 
SmitFraudFix v1.91

Rapport fait à 0:11:27,70 le 25/10/2005
Executé à partir de C:\Documents and Settings\Lionel\Mes documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600]

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

C:\WINDOWS\warnhp.html supprimé
Problème suppression C:\WINDOWS\system32\hp????.tmp
C:\WINDOWS\system32\intell32.exe supprimé
C:\WINDOWS\system32\ld????.tmp supprimé
C:\WINDOWS\system32\mscornet.exe supprimé
C:\WINDOWS\system32\mssearchnet.exe supprimé
C:\WINDOWS\system32\ncompat.tlb supprimé
C:\WINDOWS\system32\nvctrl.exe supprimé
C:\WINDOWS\system32\oleext.dll supprimé



»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

Nettoyage terminé.

»»»»»»»»»»»»»»»»»»»»»»»» Fin du rapport
0
Réponse 2 / 14
balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
 
il faut faire le hijack
0
layman Messages postés 5 Statut Membre
 
c'est plus helies c'est layman
en attente
yo
0
Réponse 3 / 14
layman Messages postés 5 Statut Membre
 
hello balltrap
as-tu eu mon hj ?
il est en cours d'envoi..ça traine, non ?
...
en tout cas merci, je n'ai plus l'écran noir
yo
0
Réponse 4 / 14
layman Messages postés 5 Statut Membre
 
hello balltrap
voici hj

Logfile of HijackThis v1.99.1
Scan saved at 00:56:02, on 25/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\mrbookmakerfrMPP\MPPoker.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Lionel\Mes documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tiscali.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.casinojems.com/update/update.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HomepageBHO - {3bf1f86f-b1a8-489b-8d8b-43781d51411f} - C:\WINDOWS\system32\hp5AAE.tmp
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Wyfssp] C:\Program Files\Nxvyc\Ckbatzg.exe
O4 - HKLM\..\Run: [WinampAgent] D:\WINAMP\winampa.exe
O4 - HKLM\..\Run: [satmat] C:\WINDOWS\satmat.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Macro Protection Subsystems] msmacr32.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LiveChatut] C:\Documents and Settings\Lionel\Bureau\LiveChatut.exe
O4 - HKLM\..\Run: [itrmhphtbwz] C:\WINDOWS\System32\brlwac.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Microsoft Macro Protection Subsystems] msmacr32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\microsoft office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - C:\Program Files\mrbookmakerfrMPP\MPPoker.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.fr/
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O18 - Protocol: bw+0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

merci
yo
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
 
salut
desoler pas present cette semaine lol
refait un hijack stp
0
Réponse 6 / 14
layman
 
salut
moi ausi depuis 3 jours, pb avec apérateur free
je te file mon hj
merci
Logfile of HijackThis v1.99.1
Scan saved at 21:49:24, on 28/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\WINAMP\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\INCRED~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\mrbookmakerfrMPP\MPPoker.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Lionel\Mes documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tiscali.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] D:\WINAMP\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LiveChatut] C:\Documents and Settings\Lionel\Bureau\LiveChatut.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunServices: [Microsoft Macro Protection Subsystems] msmacr32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\microsoft office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - C:\Program Files\mrbookmakerfrMPP\MPPoker.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.fr/
O18 - Protocol: bw+0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
@+
0
Réponse 7 / 14
balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
 
salut

****************************************************************
► imprime ceci pour ne rien oublier et tous faire
tous faire dans l ordre imperativement
****************************************************************
► tous da bord telecharge ces programmes si tu ne les a pas et met les a jour mais ne les utilise pas encore et verifie que tu as les bonnes version c est imperatif

ad-aware (1)version 1.06

(ici) http://www.florensac-chasse-trap.com/ section virus
voir demo
http://pageperso.aol.fr/balltrap34/adwseflash.zip
***
spybot (2)version 1.4

(ici) http://www.florensac-chasse-trap.com/ section virus
voir demo
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
***
et aussi ceci
CleanUp40.exe(3)

voir demo
http://pageperso.aol.fr/balltrap34/democleanup.htm
***
a2(4)

http://www.emsisoft.net/fr/
penser a le metre a jour avant de scanner le pc
***

****************************************************************

assure toi de ceci

Affiche tous les fichiers et dossiers :
cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.

Et appliquer
****************************************************************
vide tes fichiers temps et tempory internet file sur tous les utilisateur

utilise ceci pour le faire
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe

****************************************************************
relance hijack coche ces lignes et ensuite clik sur fix
O4 - HKLM\..\Run: [AQ3HelperStartUp] C:\PROGRA~1\AQUATI~1\AQ3HEL~1.EXE /partner AQ3
O4 - HKLM\..\Run: [AdTools Service] C:\Program Files\AdTools Service\AdTools.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [Microsoft Macro Protection Subsystems] msmacr32.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Fichiers communs\GMT\GMT.exe

****************************************************************

****************************************************************
redemarre en mode sans echec

mode sans echec pour cela tu tapote la touche f8
des le debut de l allumage du pc sans t arreter
une fenetre vas souvrir tute deplace avec les fleches du clavier sur demarreren mode sans echec
une fois sur le bureau il ni auras pas toutes les couleurs et autres c est normal.si f8 ne marche pas utilise la touche f5
****************************************************************
recherche et suppr ceci
C:\PROGRA~1\AQUATI~1<==le dossier
C:\Program Files\AdTools Service<==le dossier
msmacr32.exe

****************************************************************

****************************************************************
►passe adaware et vire tous se qu il trouve
****************************************************************
►passe spy boot et vire tous se qu il trouvent
****************************************************************
►passe a2
****************************************************************
tu vide ta poubelle et tu redemarre en mode normal et refait un hijack

et precise ou en sont tes soucis

--
0
Réponse 8 / 14
Utilisateur anonyme
 
et ceci egalement
C:\Program Files\Fichiers communs\GMT <---supprime si present, en meme temps que les autres

a+
0
Réponse 9 / 14
layman
 
salut à tous

je n'ai pas trouvé :
C:\PROGRA~1\AQUATI~1
msmacr32.exe
C:\Program Files\Fichiers communs\GMT

j'ai supprimé :
C:\Program Files\Ad Tools Service

il me rest comme souci un message d'erreur au début (registry data not fund) et un pb avec NORTON (fichiers cCommon...) je pense que c'est un pb de windows (faut-il réinstaller XP ?)
sinon c'est impec...

voici HJ:
Logfile of HijackThis v1.99.1
Scan saved at 14:25:26, on 29/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\WINAMP\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\INCRED~1\INCRED~1\bin\IMApp.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Documents and Settings\Lionel\Mes documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.tiscali.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: SecurityToolbar - {736b5468-bdad-41be-92d0-22ae2ddf7bcb} - C:\Program Files\Security Toolbar\Security Toolbar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinampAgent] D:\WINAMP\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LiveChatut] C:\Documents and Settings\Lionel\Bureau\LiveChatut.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\INCRED~1\bin\IncMail.exe /c
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Startup: Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = D:\microsoft office\Office10\OSA.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: MrB Poker - {1DAA624F-A7AB-4b31-97A4-67205FF6963C} - C:\Program Files\mrbookmakerfrMPP\MPPoker.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.fr/
O18 - Protocol: bw+0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {7FF1BF90-7AAB-4169-93E8-7E8BFF6C6420} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

merci,yo
@+
0
Réponse 10 / 14
balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
 
met nous exactement les message d erreur que tu as
0
layman
 
salut balltrap !
sympa ta photo...
à l'ouverture, j'ai une petite fenêtre qui s'ouvre:
erreur
registry data not found
je click ok, c'est tout
c'est peut-être en rapport avec le second souci :
à priori avec norton qd je le lance il y a :
windows n'arrive pas à configurer ccCommon, je cite :

The feature you are trying to use is on a
network resource that is unavailable

click OK to try again, or rnter an alternate path to a
folder containing the installation package
'ccCommon.MSI' in thebox below

Use Source:
C:\DOCUME~1\Lionel\LOCALS~1\Temp\

puis une autre fenêtre :
ccCommon
The path
'C:\DOCUME~1\Lionel\LOCALS~1\Temp\ccCommon.MSI'
cannot be found. Verify that you have access to this
location and try again, or try to find the installation package
'ccCommon.MSI' in a folder from which you can install the
product ccCommon.

sur "rechercher" je n'ai pas russi à localiser ce fichier
ni en réinstallant norton...

as-tu une idée...?
désolé de t'embêter avec ce détail...
(en supprimant les fichiers Temp, j'ai peut-être supprimé ccCommon!!!)

merci
yo
@+
0
Réponse 11 / 14
balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
 
relance hijack
clik sur open the misck tools section

coche les deux case a cote de generate startuplist et clik dessus
et donne le rapport
0
Réponse 12 / 14
layman
 
salut
que du travail !!!
moi je n'y comprend rien...
voici le précieux!
StartupList report, 29/10/2005, 17:49:08
StartupList version: 1.52.2
Started from : C:\Documents and Settings\Lionel\Mes documents\hijackthis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\WINAMP\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INCRED~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\PROGRA~1\INCRED~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Lionel\Mes documents\hijackthis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Lionel\Menu Démarrer\Programmes\Démarrage]
Registration-InstantCopy.lnk = C:\Program Files\Pinnacle\Shared Files\InstantCDDVD\Pixie\RegTool.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
Microsoft Office.lnk = D:\microsoft office\Office10\OSA.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\SYSTEM32\Userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
WinampAgent = D:\WINAMP\winampa.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
PinnacleDriverCheck = C:\WINDOWS\System32\PSDrvCheck.exe
PCMService = "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
Omnipage = C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
LogitechVideoTray = C:\Program Files\Logitech\Video\LogiTray.exe
LogitechVideoRepair = C:\Program Files\Logitech\Video\ISStart.exe
LiveChatut = C:\Documents and Settings\Lionel\Bureau\LiveChatut.exe
Dit = Dit.exe
Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd
CHotkey = mHotkey.exe
ccApp = "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
Zone Labs Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
IncrediMail = C:\PROGRA~1\INCRED~1\INCRED~1\bin\IncMail.exe /c
LDM = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=
SCRNSAVE.EXE=C:\WINDOWS\AQUATI~1.SCR
drivers=

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=c:\windows\sexyho~1.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Regedit.exe has no CompanyName property! It is either missing or named something else.
- Regedit.exe has no OriginalFilename property! It is either missing or named something else.
- Regedit.exe has no FileDescription property! It is either missing or named something else.

Registry check failed!

--------------------------------------------------

Enumerating Browser Helper Objects:

NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Analyser mon ordinateur - Lionel.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Office Update Installation Engine]
InProcServer32 = C:\WINDOWS\opuc.dll
CODEBASE = http://office.microsoft.com/officeupdate/content/opuc.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37938.3564930556

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\System32\nwprovau.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: C:\WINDOWS\system32\mswsock.dll
Protocol #26: C:\WINDOWS\system32\mswsock.dll
Protocol #27: C:\WINDOWS\system32\mswsock.dll
Protocol #28: C:\WINDOWS\system32\mswsock.dll
Protocol #29: C:\WINDOWS\system32\mswsock.dll
Protocol #30: C:\WINDOWS\system32\mswsock.dll
Protocol #31: C:\WINDOWS\system32\mswsock.dll
Protocol #32: C:\WINDOWS\system32\mswsock.dll
Protocol #33: C:\WINDOWS\system32\mswsock.dll
Protocol #34: C:\WINDOWS\system32\mswsock.dll
Protocol #35: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Service d'application d'assistance IPv6: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Pilote ACPI Microsoft: System32\DRIVERS\ACPI.sys (system)
General Purpose USB Driver (adildr.sys): System32\Drivers\adildr.sys (autostart)
USB ADSL WAN Adapter: System32\DRIVERS\adiusbaw.sys (manual start)
Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start)
Environnement de prise en charge de réseau AFD: \SystemRoot\System32\drivers\afd.sys (system)
Filtre de bus AGP Intel: System32\DRIVERS\agp440.sys (system)
Avertissement: %SystemRoot%\system32\svchost.exe -k LocalService (disabled)
Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start)
Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
Protocole client ARP 1394: System32\DRIVERS\arp1394.sys (manual start)
ASAPIW2K: System32\Drivers\ASAPIW2K.sys (manual start)
Service d'état ASP.NET: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
Pilote de média asynchrone RAS: System32\DRIVERS\asyncmac.sys (manual start)
Contrôleur de disque dur IDE/ESDI standard: System32\DRIVERS\atapi.sys (system)
Protocole client ATM ARP: System32\DRIVERS\atmarpc.sys (manual start)
Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Pilote audio Stub: System32\DRIVERS\audstub.sys (manual start)
Service de transfert intelligent en arrière-plan: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
MEDION (7134) WDM Video Capture: System32\DRIVERS\Cap7134.sys (manual start)
Client de licence CA: C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe (manual start)
Serveur de licence CA: C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe (manual start)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Network Proxy: "C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe" (autostart)
Symantec Password Validation: "C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Settings Manager: "C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe" (autostart)
Pilote de CD-ROM: System32\DRIVERS\cdrom.sys (system)
Service d'indexation: %SystemRoot%\system32\cisvc.exe (manual start)
Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (disabled)
C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start)
Application système COM+: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Client DHCP: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Pilote de disque: System32\DRIVERS\disk.sys (system)
Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start)
Client DNS: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start)
Pilote de la carte EtherLink XL 90XB/C 3Com: System32\DRIVERS\el90xbc5.sys (manual start)
Service de rapport d'erreurs: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Journal des événements: %SystemRoot%\system32\services.exe (autostart)
Système d'événements de COM+: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Pilote de contrôleur de lecteur de disquettes: System32\DRIVERS\fdc.sys (manual start)
VIA Rhine Family Fast Ethernet Adapter Driver Service: System32\DRIVERS\fetnd5b.sys (manual start)
Pilote de lecteur de disquettes: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Pilote du Gestionnaire de volume: System32\DRIVERS\ftdisk.sys (system)
Énumérateur de port jeu: System32\DRIVERS\gameenum.sys (manual start)
Classificateur de paquets générique: System32\DRIVERS\msgpc.sys (manual start)
Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Pilote de classe HID Microsoft: System32\DRIVERS\hidusb.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
Pilote pour clavier i8042 et souris sur port PS/2: System32\DRIVERS\i8042prt.sys (system)
Pilote de filtre de gravure CD: System32\DRIVERS\imapi.sys (system)
Service COM de gravage de CD IMAPI: C:\WINDOWS\System32\imapi.exe (manual start)
Pilote de processeur Intel: System32\DRIVERS\intelppm.sys (system)
Creatix V.9X DSP Data Fax Modem: System32\DRIVERS\ctxs51.sys (manual start)
Pilote du pare-feu Windows IPv6: system32\drivers\ip6fw.sys (manual start)
Pilote de filtre de trafic IP: System32\DRIVERS\ipfltdrv.sys (manual start)
Pilote de tunnelage IP dans IP: System32\DRIVERS\ipinip.sys (manual start)
Traducteur d'adresses réseau IP: System32\DRIVERS\ipnat.sys (manual start)
Pilote IPSEC: System32\DRIVERS\ipsec.sys (system)
Service énumérateur IR: System32\DRIVERS\irenum.sys (manual start)
Pilote de bus Plug-and-Play ISA/EISA: System32\DRIVERS\isapnp.sys (system)
Pilote de la classe Clavier: System32\DRIVERS\kbdclass.sys (system)
Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start)
Serveur: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Assistance TCP/IP NetBIOS: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Event Log Watch: C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe (autostart)
Machine Debug Manager: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
Affichage des messages: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled)
Partage de Bureau à distance NetMeeting: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Pilote de la classe Souris: System32\DRIVERS\mouclass.sys (system)
Redirecteur client WebDav: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: system32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start)
Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start)
Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start)
Pilote BIOS de gestion de systèmes Microsoft: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Pilote UART MIDI MPU-401 Microsoft: system32\drivers\msmpu401.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
naecd: \??\C:\DOCUME~1\Lionel\LOCALS~1\Temp\naecd.sys (manual start)
Service Norton AntiVirus Auto-Protect: "C:\Program Files\Norton AntiVirus\navapsvc.exe" (autostart)
NAVENG: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20051026.007\NAVENG.Sys (manual start)
NAVEX15: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20051026.007\NavEx15.Sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Pilote TAPI NDIS d'accès distant: System32\DRIVERS\ndistapi.sys (manual start)
NDIS mode utilisateur E/S Protocole: System32\DRIVERS\ndisuio.sys (manual start)
Pilote réseau étendu NDIS d'accès distant: System32\DRIVERS\ndiswan.sys (manual start)
Interface NetBIOS: System32\DRIVERS\netbios.sys (system)
NetBIOS sur TCP/IP: System32\DRIVERS\netbt.sys (system)
DDE réseau: %SystemRoot%\system32\netdde.exe (disabled)
DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (disabled)
Ouverture de session réseau: %SystemRoot%\system32\lsass.exe (manual start)
Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Pilote réseau 1394: System32\DRIVERS\nic1394.sys (manual start)
NLA (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Norton AntiVirus Firewall Monitor Service: "C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe" (autostart)
Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\system32\lsass.exe (manual start)
Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
NVIDIA Display Driver Service: %SystemRoot%\system32\nvsvc32.exe (autostart)
Pilote de filtre de trafic IPX: System32\DRIVERS\nwlnkflt.sys (manual start)
Pilote de transfert de trafic IPX: System32\DRIVERS\nwlnkfwd.sys (manual start)
Protocole de transport compatible NWLink IPX/SPX/NetBIOS: System32\DRIVERS\nwlnkipx.sys (autostart)
NetBIOS NWLink: System32\DRIVERS\nwlnknb.sys (autostart)
Protocole NWLink SPX/SPXII: System32\DRIVERS\nwlnkspx.sys (autostart)
Contrôleur hôte compatible IEE 1394 VIA OHCI: System32\DRIVERS\ohci1394.sys (system)
Office Source Engine: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" (manual start)
Pilote de port parallèle: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
MEDION TV-TUNER 7134 MK2/3: System32\DRIVERS\PhTVTune.sys (manual start)
Plug-and-Play: %SystemRoot%\system32\services.exe (autostart)
Services IPSEC: %SystemRoot%\System32\lsass.exe (autostart)
Miniport réseau étendu (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Pilote processeur: System32\DRIVERS\processr.sys (system)
StarForce Protection Environment Driver v6: \SystemRoot\System32\drivers\prodrv06.sys (system)
StarForce Protection Helper Driver v2: System32\drivers\prohlp02.sys (system)
StarForce Protection Synchronization Driver v1: System32\drivers\prosync1.sys (system)
Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart)
Pilote de liaison parallèle directe: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: system32\DRIVERS\PxHelp20.sys (system)
Logitech QuickCam Messenger: system32\DRIVERS\LVCM.sys (manual start)
Pilote de connexion automatique d'accès distant: System32\DRIVERS\rasacd.sys (system)
Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Miniport réseau étendu (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Gestionnaire de connexions d'accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Pilote PPPOE d'accès à distance: System32\DRIVERS\raspppoe.sys (manual start)
Parallèle direct: System32\DRIVERS\raspti.sys (manual start)
Rdbss: system32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start)
Pilote de filtre de lecture digitale de CD audio: System32\DRIVERS\redbook.sys (system)
Routage et accès distant: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Localisateur d'appels de procédure distante (RPC): %SystemRoot%\system32\locator.exe (manual start)
Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
SaiH0109: System32\DRIVERS\SaiH0109.sys (manual start)
SaiU0109: System32\DRIVERS\SaiU0109.sys (manual start)
Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart)
SAVRT: \??\C:\Program Files\Norton AntiVirus\SAVRT.SYS (manual start)
SAVRTPEL: \??\C:\Program Files\Norton AntiVirus\SAVRTPEL.SYS (system)
SAVScan: "C:\Program Files\Norton AntiVirus\SAVScan.exe" (manual start)
ScriptBlocking Service: C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (autostart)
Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start)
Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Pilote de filtre Serenum: System32\DRIVERS\serenum.sys (manual start)
Pilote de port série: System32\DRIVERS\serial.sys (system)
StarForce Protection Helper Driver: System32\drivers\sfhlp01.sys (system)
Lecteur de disquettes haute densité: System32\DRIVERS\sfloppy.sys (manual start)
Pare-feu Windows / Partage de connexion Internet: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Symantec Network Drivers Service: "C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe" (autostart)
SPBBCDrv: \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys (system)
Symantec SPBBCSvc: "C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe" (autostart)
Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start)
Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart)
Pilote de filtre de restauration système: System32\DRIVERS\sr.sys (system)
Service de restauration système: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
Service de découvertes SSDP: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Acquisition d'image Windows (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Pilote de bus logiciel: System32\DRIVERS\swenum.sys (manual start)
Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{34B3CDFE-F200-4F75-B1C2-6960E0EAAE1B} (manual start)
Symantec Core LC: C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\IDS-DI~1\20050901.036\symidsco.sys (manual start)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
SymWMI Service: C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe (autostart)
Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start)
Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start)
Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Pilote du protocole TCP/IP: System32\DRIVERS\tcpip.sys (system)
Pilote du protocole IPv6 Microsoft: system32\DRIVERS\tcpip6.sys (system)
Pilote de périphérique terminal: System32\DRIVERS\termdd.sys (system)
Services Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Pilote de carte miniport Tun Microsoft: system32\DRIVERS\tunmp.sys (manual start)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Pilote de mise à jour microcode: System32\DRIVERS\update.sys (manual start)
Hôte de périphérique universel Plug-and-Play: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Onduleur: %SystemRoot%\System32\ups.exe (manual start)
Pilote USB audio (WDM): system32\drivers\usbaudio.sys (manual start)
Pilote parent générique USB Microsoft: System32\DRIVERS\usbccgp.sys (manual start)
Pilote miniport de contrôleur hôte amélioré USB 2.0 Microsoft: System32\DRIVERS\usbehci.sys (manual start)
Concentrateur USB2: System32\DRIVERS\usbhub.sys (manual start)
Classe d'imprimantes USB Microsoft: System32\DRIVERS\usbprint.sys (manual start)
Pilote de scanneur USB: System32\DRIVERS\usbscan.sys (manual start)
Pilote de stockage de masse USB: System32\DRIVERS\USBSTOR.SYS (manual start)
Pilote miniport de contrôleur hôte universel USB Microsoft: System32\DRIVERS\usbuhci.sys (manual start)
Carte vidéo VGA.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Filter: System32\DRIVERS\viaagp1.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start)
Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Pilote ARP IP d'accès distant: System32\DRIVERS\wanarp.sys (manual start)
Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Carte de performance WMI: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Centre de sécurité: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
X10 Device Network Service: C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (manual start)
%DESCRIPTION%: System32\Drivers\x10uif.sys (manual start)
Service d'approvisionnement réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll
UPnPMonitor: C:\WINDOWS\system32\upnpui.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 39 478 bytes
Report generated in 0,172 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

@+
yo
0
Réponse 13 / 14
balltrap34 Messages postés 16241 Statut Contributeur sécurité 332
 
ton anti virus fonctionne t il bien
0
Réponse 14 / 14
layman
 
désolé, j'étais parti faire qq courses
oui à priori, il fonctionne bien
0