Demande d'aide pour une lecture de hijackthis

Résolu
Gilesix -  
Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour à tous, y a t'il une mae charitable qui peut m'aider a me débarasser de satanés spyware qui me balance des pages de pub et me bloque ma barre de travail ( menu démarrer) Voici le rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 14:54:34, on 19/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\NewTech Infosystems\NTI CD-Maker\Cdmkr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Julie et Guillaume\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ilspkjpc.dll",realset
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1706086c0cd06560c319/netzip/RdxIE601_fr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O18 - Protocol: bw+0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Un ENORME MERCI D AVANCE
Configuration: Windows XP
Internet Explorer 7.0

28 réponses

  • 1
  • 2
  1. rudyrital Messages postés 6233 Statut Membre 131
     
    Tout d'abord Bonjour et bienvenue sur le forum d'entraide COMMENT CA MARCHE

    Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    * Double-clique VundoFix.exe afin de le lancer.
    * Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo
    * Clique sur le bouton Scan for Vundo.
    * Lorsque le scan est complété, clique sur le bouton Remove Vundo
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
    * Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
    * Démarre ton PC à nouveau.
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

    Note Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    0
    1. Gilesix
       
      Tout d'abord,
      un ENORME merci pour cette réponse SUPER rapide, il est vrai que je ne m'y attendais pas!
      Bref,
      voici le rapport de vundo:

      VundoFix V6.3.23

      Checking Java version...

      Java version is 1.4.2.5
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.2
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.4
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.6
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.9
      Old versions of java are exploitable and should be removed.

      Java version is 1.5.0.10

      Scan started at 20:28:19 19/05/2007

      Listing files found while scanning....

      C:\WINDOWS\system32\cpjkpsli.ini
      C:\WINDOWS\system32\gteehtmy.ini
      C:\WINDOWS\system32\ilspkjpc.dll
      C:\WINDOWS\system32\jkkji.dll
      C:\WINDOWS\system32\ymtheetg.dll

      Beginning removal...

      Attempting to delete C:\WINDOWS\system32\cpjkpsli.ini
      C:\WINDOWS\system32\cpjkpsli.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\gteehtmy.ini
      C:\WINDOWS\system32\gteehtmy.ini Has been deleted!

      Attempting to delete C:\WINDOWS\system32\ilspkjpc.dll
      C:\WINDOWS\system32\ilspkjpc.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\jkkji.dll
      C:\WINDOWS\system32\jkkji.dll Has been deleted!

      Attempting to delete C:\WINDOWS\system32\ymtheetg.dll
      C:\WINDOWS\system32\ymtheetg.dll Has been deleted!

      Performing Repairs to the registry.
      Done!

      et voici le nouveau Hijackthis aprés avoir fait le vundo:
      Logfile of HijackThis v1.99.1
      Scan saved at 21:05:50, on 19/05/2007
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16441)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
      C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\MessengerPlus! 3\MsgPlus.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
      C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
      C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
      C:\WINDOWS\retadpu1000272.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Viewpoint\Common\ViewpointService.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\Julie et Guillaume\Bureau\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
      O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
      O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
      O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
      O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
      O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
      O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ilspkjpc.dll",realset
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
      O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
      O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
      O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O11 - Options group: [INTERNATIONAL] International*
      O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
      O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
      O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
      O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
      O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1706086c0cd06560c319/netzip/RdxIE601_fr.cab
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
      O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
      O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
      O18 - Protocol: bw+0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw+0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw-0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw00s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw10s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw20s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw30s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw40s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw50s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw60s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw70s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw80s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bw90s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwa0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwb0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwc0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwd0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwe0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwf0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
      O18 - Protocol: bwg0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwg0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwh0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwi0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwj0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwk0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwl0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwm0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwn0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwo0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwp0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwq0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwr0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bws0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwt0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwu0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwv0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bww0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwx0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwy0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: bwz0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: offline-8876480 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
      O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
      O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
      O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
      O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
      O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
      O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

      Encore un grand merci.
      0
  2. Gilesix
     
    SVP !!!!!!!
    que doi je faire maintenant avec ces 2 rapports ?????
    Merci d'avance
    :-)
    0
  3. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    slt,

    évite de créer d'autre thread (doublon)

    suite a apres hijackthis vundo que faire

    merci.

    Ca n'ira pas plus vite ..
    0
    1. GILESIX
       
      ok ok , pas de problème !!!
      c'est juste que c'est un peu génant toutes ces pubs...Etant nouveau sur ce site, je nai pas l habitude mais ne t'inquiete pas, c'est noté !!
      Donc, quelle est la suite à donner àprés la lecture de ces scans ???
      MERCI
      0
  4. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Désinstalle ta version de Java (Java version is 1.5.0.2 ) elle est vérolé ...

    =====================

    Fais un clic droit sur l'outil HijackThis! - > "Renommer", puis renomme-le en scan.exe par exemple.

    Lance HijackThis! (double clique scan.exe) puis clique Do a system scan and save a logfile, puis poste le rapport ici.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. GILESIX
     
    Déja, merci Séb08 pour ta réponse rapide,
    ensuite, j'ai désinstallé la version de java vérollée, renommé hijack et fait un scan, voici le résultat:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:30:02, on 20/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\retadpu1000272.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Documents and Settings\Julie et Guillaume\Bureau\scan.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\kpeoowuo.dll
    O2 - BHO: (no name) - {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} - C:\WINDOWS\system32\jkkji.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} - C:\WINDOWS\system32\jkhfd.dll
    O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\gebbcax.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ilspkjpc.dll",realset
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
    O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1706086c0cd06560c319/netzip/RdxIE601_fr.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
    O18 - Protocol: bw+0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: gebbcax - C:\WINDOWS\SYSTEM32\gebbcax.dll
    O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: wineij32 - C:\WINDOWS\SYSTEM32\wineij32.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Merci encore.
    0
  7. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    ok bien ...

    Télécharge VundoFix (par Atribune) de ce lien :
    http://www.atribune.org/ccount/click.php?id=4

    * Sauvegarde-le sur ton Bureau.
    * Double-clique VundoFix.exe afin de le lancer
    * Clique sur le bouton Scan for Vundo
    * Lorsque le scan est complété, clique sur le bouton Remove Vundo
    * Une invite te demandera si tu veux supprimer les fichiers, clique YES
    * Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
    * Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo"

    a+

    0
  8. GILESIX
     
    ok, voici le rapport vundo:

    VundoFix V6.3.23

    Checking Java version...

    Java version is 1.4.2.5
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.2
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.4
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Scan started at 20:28:19 19/05/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\cpjkpsli.ini
    C:\WINDOWS\system32\gteehtmy.ini
    C:\WINDOWS\system32\ilspkjpc.dll
    C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\ymtheetg.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\cpjkpsli.ini
    C:\WINDOWS\system32\cpjkpsli.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gteehtmy.ini
    C:\WINDOWS\system32\gteehtmy.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ilspkjpc.dll
    C:\WINDOWS\system32\ilspkjpc.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkji.dll
    C:\WINDOWS\system32\jkkji.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ymtheetg.dll
    C:\WINDOWS\system32\ymtheetg.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.23

    Checking Java version...

    Java version is 1.4.2.5
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.2
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.4
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Scan started at 12:49:53 20/05/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\dfhkj.bak1
    C:\WINDOWS\system32\dfhkj.ini
    C:\WINDOWS\system32\jkhfd.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\dfhkj.bak1
    C:\WINDOWS\system32\dfhkj.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dfhkj.ini
    C:\WINDOWS\system32\dfhkj.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkhfd.dll
    C:\WINDOWS\system32\jkhfd.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V6.3.23

    Checking Java version...

    Java version is 1.4.2.5
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.2
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.4
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.9
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Scan started at 13:16:25 20/05/2007

    Listing files found while scanning....

    et le hijack:

    Logfile of HijackThis v1.99.1
    Scan saved at 13:23:12, on 20/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\retadpu1000272.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\WINDOWS\retadpu1000272.exe
    C:\Documents and Settings\Julie et Guillaume\Bureau\VundoFix.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\Julie et Guillaume\Bureau\scan.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: (no name) - {526F3E9F-948D-4974-A324-091453F9A8D6} - C:\WINDOWS\system32\ddccb.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\kpeoowuo.dll
    O2 - BHO: (no name) - {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} - C:\WINDOWS\system32\jkkji.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} - C:\WINDOWS\system32\jkhfd.dll (file missing)
    O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\gebbcax.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ilspkjpc.dll",realset
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
    O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1706086c0cd06560c319/netzip/RdxIE601_fr.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
    O18 - Protocol: bw+0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: ddccb - C:\WINDOWS\system32\ddccb.dll
    O20 - Winlogon Notify: gebbcax - C:\WINDOWS\SYSTEM32\gebbcax.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: wineij32 - C:\WINDOWS\SYSTEM32\wineij32.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
    0
  9. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    ok désolé pour java (erreur d'interprétation) il est légitime...

    Télécharge VirtumundoBegone sur le bureau:
    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions.
    Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis.
    Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu

    Je dois m'absenter .

    je serai là en soirée.

    a+
    0
  10. GILESIX
     
    voici le rapport de virtmundo:

    [05/20/2007, 13:38:47] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Julie et Guillaume\Bureau\VirtumundoBeGone.exe" )
    [05/20/2007, 13:38:57] - Detected System Information:
    [05/20/2007, 13:38:57] - Windows Version: 5.1.2600, Service Pack 2
    [05/20/2007, 13:38:57] - Current Username: Julie et Guillaume (Admin)
    [05/20/2007, 13:38:57] - Windows is in NORMAL mode.
    [05/20/2007, 13:38:57] - Searching for Browser Helper Objects:
    [05/20/2007, 13:38:57] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:38:57] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:38:57] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} ()
    [05/20/2007, 13:38:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:57] - Checking for HKLM\...\Winlogon\Notify\ddccb
    [05/20/2007, 13:38:57] - Found: HKLM\...\Winlogon\Notify\ddccb - This is probably Virtumundo.
    [05/20/2007, 13:38:57] - Assigning {526F3E9F-948D-4974-A324-091453F9A8D6} MSEvents Object
    [05/20/2007, 13:38:57] - BHO list has been changed! Starting over...
    [05/20/2007, 13:38:57] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:38:57] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:38:57] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:38:57] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:38:57] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:38:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:57] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:38:57] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:38:57] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:38:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:57] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:38:57] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:38:57] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:38:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:58] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:38:58] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:38:58] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:38:58] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:58] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:38:58] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:38:58] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:58] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:38:58] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:38:58] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:38:58] - BHO list has been changed! Starting over...
    [05/20/2007, 13:38:58] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:38:58] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:38:58] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:38:58] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:38:58] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:58] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:38:58] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:38:58] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:58] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:38:58] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:38:58] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:58] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:38:58] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:38:58] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:38:58] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:58] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:38:58] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:38:58] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:58] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:38:58] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:38:58] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:38:58] - BHO list has been changed! Starting over...
    [05/20/2007, 13:38:58] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:38:58] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:38:58] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:38:58] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:38:58] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:58] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:38:58] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:38:58] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:58] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:38:58] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:38:58] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:58] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:38:58] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:38:58] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:38:58] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:58] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:38:58] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:38:58] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:59] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:38:59] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:38:59] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:38:59] - BHO list has been changed! Starting over...
    [05/20/2007, 13:38:59] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:38:59] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:38:59] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:38:59] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:38:59] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:59] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:38:59] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:38:59] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:59] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:38:59] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:38:59] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:59] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:38:59] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:38:59] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:38:59] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:59] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:38:59] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:38:59] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:59] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:38:59] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:38:59] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:38:59] - BHO list has been changed! Starting over...
    [05/20/2007, 13:38:59] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:38:59] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:38:59] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:38:59] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:38:59] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:59] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:38:59] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:38:59] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:59] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:38:59] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:38:59] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:59] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:38:59] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:38:59] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:38:59] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:59] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:38:59] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:38:59] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:38:59] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:38:59] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:38:59] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:38:59] - BHO list has been changed! Starting over...
    [05/20/2007, 13:38:59] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:38:59] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:38:59] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:38:59] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:38:59] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:00] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:00] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:00] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:00] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:00] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:00] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:00] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:00] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:00] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:00] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:00] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:00] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:00] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:00] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:00] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:00] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:00] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:00] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:00] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:00] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:00] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:00] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:00] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:00] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:00] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:00] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:00] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:00] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:00] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:00] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:00] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:00] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:00] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:00] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:00] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:00] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:00] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:00] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:00] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:00] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:00] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:00] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:00] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:00] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:00] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:00] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:00] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:00] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:00] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:00] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:00] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:01] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:01] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:01] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:01] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:01] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:01] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:01] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:01] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:01] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:01] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:01] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:01] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:01] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:01] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:01] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:01] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:01] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:01] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:01] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:01] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:01] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:01] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:01] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:01] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:01] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:01] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:01] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:01] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:01] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:01] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:01] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:01] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:01] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:01] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:01] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:01] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:01] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:01] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:01] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:01] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:01] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:01] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:01] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:01] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:01] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:01] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:01] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:01] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:01] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:01] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:01] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:01] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:02] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:02] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:02] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:02] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:02] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:02] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:02] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:02] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:02] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:02] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:02] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:02] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:02] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:02] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:02] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:02] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:02] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:02] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:02] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:02] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:02] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:02] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:02] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:02] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:02] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:02] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:02] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:02] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:02] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:02] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:02] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:02] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:02] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:02] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:02] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:02] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:02] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:02] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:02] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:02] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:02] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:02] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:02] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:02] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:02] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:02] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:02] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:02] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:02] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:02] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:02] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:02] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:03] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:03] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:03] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:03] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:03] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:03] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:03] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:03] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:03] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:03] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:03] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:03] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:03] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:03] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:03] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:03] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:03] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:03] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:03] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:03] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:03] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:03] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:03] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:03] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:03] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:03] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:03] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:03] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:03] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:03] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:03] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:03] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:03] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:03] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:03] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:03] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:03] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:03] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:03] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:03] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:03] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:03] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:03] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:03] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:03] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:03] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:03] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:03] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:03] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:03] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:03] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:03] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:04] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:04] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:04] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:04] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:04] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:04] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:04] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:04] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:04] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:04] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:04] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:04] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:04] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:04] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:04] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:04] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:04] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:04] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:04] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:04] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:04] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:04] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:04] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:04] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:04] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:04] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:04] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:04] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:04] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:04] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:04] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:04] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:04] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:04] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:04] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:04] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:04] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:04] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:04] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:04] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:04] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:04] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:04] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:04] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:04] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:04] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:04] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:04] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:04] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:04] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:04] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:05] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:05] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:05] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:05] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:05] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:05] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:05] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:05] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:05] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:05] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:05] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:05] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:05] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:05] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:05] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:05] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:05] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:05] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:05] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:05] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:05] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:05] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:05] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:05] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:05] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:05] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:05] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:05] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:05] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:05] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:05] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:05] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:05] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:05] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:05] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:05] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:05] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:05] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:05] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:05] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:05] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:05] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:05] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:05] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:05] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:05] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:05] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:05] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:05] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:05] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:05] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:05] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:06] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:06] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:06] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:06] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:06] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:06] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:06] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:06] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:06] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:06] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:06] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:06] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:06] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:06] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:06] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:06] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:06] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:06] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:06] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:06] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:06] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:06] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:06] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:06] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:06] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:06] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:06] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:06] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:06] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:06] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:06] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:06] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:06] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:06] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:06] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:06] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:06] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:06] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:06] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:06] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:06] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:06] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:06] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:06] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:06] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:06] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:06] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:07] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:07] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:07] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:07] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:07] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:07] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:07] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:07] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:07] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:07] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:07] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:07] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:07] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:07] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:07] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:07] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:07] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:07] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:07] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:07] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:07] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:07] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:07] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:07] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:07] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:07] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:07] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:07] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:07] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:07] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:07] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:07] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:07] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:07] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:07] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:07] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:07] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:07] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:07] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:07] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:08] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:08] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:08] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:08] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:08] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:08] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:08] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:08] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:08] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:08] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:08] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:08] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:08] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:08] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:08] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:08] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:08] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:08] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:08] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:08] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:08] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:08] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:08] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:08] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:08] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:08] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:08] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:08] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:08] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:08] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:08] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:08] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:08] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:08] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:08] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:08] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:08] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:08] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:08] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:08] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:08] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:08] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:08] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:08] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:08] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:08] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:08] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:08] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:08] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:08] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:08] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:09] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:09] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:09] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:09] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:09] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:09] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:09] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:09] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:09] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:09] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:09] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:09] - BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
    [05/20/2007, 13:39:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:09] - Checking for HKLM\...\Winlogon\Notify\SDHelper
    [05/20/2007, 13:39:09] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
    [05/20/2007, 13:39:09] - BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
    [05/20/2007, 13:39:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:09] - Checking for HKLM\...\Winlogon\Notify\kpeoowuo
    [05/20/2007, 13:39:09] - Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
    [05/20/2007, 13:39:09] - BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
    [05/20/2007, 13:39:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:09] - Checking for HKLM\...\Winlogon\Notify\jkkji
    [05/20/2007, 13:39:09] - Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
    [05/20/2007, 13:39:09] - BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [05/20/2007, 13:39:09] - BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
    [05/20/2007, 13:39:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:09] - Checking for HKLM\...\Winlogon\Notify\jkhfd
    [05/20/2007, 13:39:09] - Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
    [05/20/2007, 13:39:09] - BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
    [05/20/2007, 13:39:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [05/20/2007, 13:39:09] - Checking for HKLM\...\Winlogon\Notify\gebbcax
    [05/20/2007, 13:39:09] - Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
    [05/20/2007, 13:39:09] - Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
    [05/20/2007, 13:39:09] - BHO list has been changed! Starting over...
    [05/20/2007, 13:39:09] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [05/20/2007, 13:39:09] - BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
    [05/20/2007, 13:39:09] - BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
    [05/20/2007, 13:39:09] - ALERT: Found MSEvents Object!
    [05/20/2007, 13:39:09] - BHO 4: {53707962-6F74-2D53-2644-206D
    0
  11. gilesix
     
    Je suis suivi par séb08, est il e retour ????????????????

    Merci
    0
  12. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Remet un log hijack .

    Ou en sont tes probs ?
    0
  13. gilesix
     
    Bonjour et merci de ta réponse.
    Et bien en fait, j'ai accés maintenant à ma barre de tahce mai il rest encore des fenétres de pub quio viennent s'ouvrir.
    ..
    Voici le hijack:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:51:34, on 21/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\WINDOWS\retadpu1000272.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Documents and Settings\Julie et Guillaume\Bureau\scan.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\kpeoowuo.dll
    O2 - BHO: (no name) - {60DF6507-6336-4145-917F-89342A347D97} - C:\WINDOWS\system32\ddccb.dll
    O2 - BHO: (no name) - {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} - C:\WINDOWS\system32\jkkji.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} - C:\WINDOWS\system32\jkhfd.dll (file missing)
    O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\gebbcax.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ilspkjpc.dll",realset
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
    O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1706086c0cd06560c319/netzip/RdxIE601_fr.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
    O18 - Protocol: bw+0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: ddccb - C:\WINDOWS\system32\ddccb.dll
    O20 - Winlogon Notify: gebbcax - C:\WINDOWS\SYSTEM32\gebbcax.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: wineij32 - C:\WINDOWS\SYSTEM32\wineij32.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Merci d'avance
    0
  14. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    OK Vundo est toujours présent .
    on va faire autrement ...

    1/

    Télécharger Process XP ici :
    https://www.cjoint.com/?fvlGdF6jfp

    Télécharger : Pocket Killbox ici :
    http://www.downloads.subratam.org/KillBox.exe

    :: Démo d utilisation (merci a Balltrap34 pour cette réalisation) ::
    http://pageperso.aol.fr/balltrap34/killbox.htm

    2/

    Déconnecte toi du net.
    Ferme tous les programmes en cours (média player, internet explorer, ...etc)

    Dézippe (clic droit > extraire) Process XP et double-clique sur processxp.exe

    * Dans la fenêtre principale de processxp double-clique sur winlogon.exe
    Dans la nouvelle fenêtre qui s'ouvre clique sur threads
    Sélectionne seulement les lignes qui contiennent les .dll infectées(ddccb.dll,gebbcax.dll, wineij32.dll,kpeoowuo.dll
    ) puis clique sur kill pour chacune des lignes trouvées.
    une fois fait, valide avec [ok]

    * Dans la fenêtre principale de processxp double clic sur explorer.exe
    Dans la nouvelle fenêtre qui s'ouvre clique sur threads
    sélectionner seulement les lignes qui contiennent les .dll infectées (ddccb.dll,gebbcax.dll, wineij32.dll,kpeoowuo.dll
    ) puis clique sur kill pour chacune des lignes trouvées.
    une fois fait, valide avec [ok]

    3/

    Puis lance HijackThis:

    clique sur "do a system scan only"

    * Coche la case au début de ces lignes:

    O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\kpeoowuo.dll
    O2 - BHO: (no name) - {60DF6507-6336-4145-917F-89342A347D97} - C:\WINDOWS\system32\ddccb.dll
    O2 - BHO: (no name) - {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} - C:\WINDOWS\system32\jkkji.dll (file missing)
    O2 - BHO: (no name) - {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} - C:\WINDOWS\system32\jkhfd.dll (file missing)
    O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\gebbcax.dll

    O20 - Winlogon Notify: ddccb - C:\WINDOWS\system32\ddccb.dll
    O20 - Winlogon Notify: gebbcax - C:\WINDOWS\SYSTEM32\gebbcax.dll
    O20 - Winlogon Notify: wineij32 - C:\WINDOWS\SYSTEM32\wineij32.dll


    * Valide avec [fix checked]

    4/

    Double clic sur killbox.exe (Pocket Killbox)

    - coche : Delete on reboot
    - Dans "Full Path of File to Delete"
    Pour chaque ligne,copie et colle :

    C:\WINDOWS\system32\ddccb.dll
    C:\WINDOWS\SYSTEM32\gebbcax.dll
    C:\WINDOWS\SYSTEM32\wineij32.dll
    C:\WINDOWS\system32\kpeoowuo.dll

    - clique sur la croix rouge
    - une fenêtre va apparaître pour confirmation clique sur YES
    - une seconde fenêtre te demande si tu veux redémarrer, clique sur YES

    Laisse le PC redémarrer.
    Si tu as un message: "pending file rename operations registry data has been removed by external process.", ignore-le, et redémarre ton PC manuellement.

    Et remet un hijack .

    a+

    0
  15. gilesix
     
    Merci Séb, tout a fonctionné sauf avec killbox ou les lignes:

    C:\WINDOWS\system32\ddccb.dll
    C:\WINDOWS\SYSTEM32\gebbcax.dll
    C:\WINDOWS\SYSTEM32\wineij32.dll
    C:\WINDOWS\system32\kpeoowuo.dll

    ne peuvent etres suppromées ( this file could not be deleted )

    Que faire ???

    voici le hijack:

    Logfile of HijackThis v1.99.1
    Scan saved at 15:21:33, on 21/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Julie et Guillaume\Bureau\scan.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ilspkjpc.dll",realset
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
    O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1706086c0cd06560c319/netzip/RdxIE601_fr.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
    O18 - Protocol: bw+0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    merci encore séb.
    0
  16. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Ok bien , Vundo est dégagé !

    Supprime C:\ProgramFiles\!killbox

    Vide ta poubelle.

    ensuite :

    Télécharge et installe ce log :

    * AVG AS

    AVG anti spyware
    avg antispyware
    Met le a jour avant de lancer le scan.
    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

    a+
    0
  17. gilesix
     
    Bonjour séb, avant toute chose ( et au rique de me répeter !!!) encore un grand merci pour me venir en aide et passer du tps sur mon cas.

    Voici le rapport d'AVG:

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 12:30:09 22/05/2007

    + Résultat de l'analyse:

    C:\System Volume Information\_restore{D54EF6E2-98A0-4B5D-8FC9-24257917EE03}\RP831\A0067175.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{D54EF6E2-98A0-4B5D-8FC9-24257917EE03}\RP831\A0067176.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{D54EF6E2-98A0-4B5D-8FC9-24257917EE03}\RP831\A0067177.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{D54EF6E2-98A0-4B5D-8FC9-24257917EE03}\RP831\A0067178.dll -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{D54EF6E2-98A0-4B5D-8FC9-24257917EE03}\RP831\A0067181.DLL -> Adware.Virtumonde : Nettoyé.
    C:\System Volume Information\_restore{D54EF6E2-98A0-4B5D-8FC9-24257917EE03}\RP831\A0067173.exe -> Downloader.Agent.bls : Nettoyé.
    C:\System Volume Information\_restore{D54EF6E2-98A0-4B5D-8FC9-24257917EE03}\RP831\A0067174.exe -> Hijacker.Costrat.at : Nettoyé.
    C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
    C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
    C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
    C:\System Volume Information\_restore{D54EF6E2-98A0-4B5D-8FC9-24257917EE03}\RP831\A0067171.dll -> Trojan.Dialer.qn : Nettoyé.
    C:\System Volume Information\_restore{D54EF6E2-98A0-4B5D-8FC9-24257917EE03}\RP831\A0067172.DLL -> Trojan.Dialer.qn : Nettoyé.

    Fin du rapport

    Merci
    0
  18. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    Ta resto est ou était infectée , donc pour être sur de la rendre saine fais cette manip

    ¤Désactive ta restauration système (uniquement si tu es sous XP):
    Clic droit sur poste de travail puis,
    propriété, tu cliques sur onglet restauration système
    tu coches la case « désactiver la restauration » et applique.

    Puis,

    ¤Réactive ta restauration système (uniquement si tu es sous XP):
    Clic droit sur poste de travail puis,
    propriété, tu cliques sur onglet restauration système
    tu décoches la case « désactiver la restauration » et applique.

    http://www.libellules.ch/desactiver_restauration.php

    Et dis moi ou en sont tes probs ?

    Remet un log hijack pour qu'on fasse un peu le ménage ... :)

    a+
    0
  19. gilesix
     
    ok pour la réstauration. Jr l'ai enlevé et remise et voici le rapport hijackthis:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:43:35, on 22/05/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16441)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Julie et Guillaume\Bureau\scan.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
    O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ilspkjpc.dll",realset
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
    O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1706086c0cd06560c319/netzip/RdxIE601_fr.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
    O18 - Protocol: bw+0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    Merci

    a+
    0
  20. Séb08 Messages postés 18169 Date d'inscription   Statut Contributeur Dernière intervention   1 430
     
    ok. :)

    Relance Hijack,choisi « do a scan only » ou « scanner seulement » coches ces lignes :

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
    O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ilspkjpc.dll",realset
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1706086c0cd06560c319/netzip/RdxIE601_fr.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab

    ***********Toutes les 018***********

    O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)

    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

    Ferme toutes les fenêtres actives autres que HijackThis!, navigateur inclus, puis clique « Fix checked » ou « fixer objet ». Ferme HijackThis!

    ======================

    Arrête ce service

    AVG Anti-Spyware Guard

    pour ça fais cette manip :

    Démarrer -> executer tape services.msc double clic sur le service cité - > et dans "type de démarrage" mets le sur « désactivé » et dans statut du service, met le sur « arrêté ».

    ======================

    Affiches tous les fichiers et dossiers…

    Clique sur démarrer -> panneau de configuration (en affichage classique) ->option des dossiers -> onglet « affichage »

    * [Coche] « afficher les dossiers et fichiers cachés »

    * [Décoche] « Masquer les fichiers protégés du système d'exploitation (recommandé) »

    * [Décoche] « masquer les extensions dont le type est connu »

    Puis [valider] pour valider les changements.

    Et [Ok]

    recherche et supprime ou désinstalle ceci :

    C:\WINDOWS\system32\ilspkjpc.dll
    C:\Program Files\Fichiers communs\Symantec Shared

    Vide ta poubelle.

    ======================

    Installe un vrai parefeu car celui de Windows ne sert à rien.

    Kério (pare feu):
    kerio
    lire le tuto: pour configurer et comprendre Kerio
    https://kerio.probb.fr/t250-tuto-sunbelt-personal-firewall-4-6
    https://www.vulgarisation-informatique.com/kerio.php
    https://forums.cnetfrance.fr

    A lire :
    securite le parefeu de windows xp

    explication d'un parefeu :
    firewall

    ====================

    ensuite :

    - > Pour vérifier, scanne ton PC avec cet antivirus en ligne (sous IE et accepte l’activX) :
    http://www.bitdefender.fr/bd/site/search.php#
    Clique sur « Bitdefender scan on line » suis les instructions.
    Démo (merci à balltrap pour cette démo) :
    http://perso.orange.fr/rginformatique/section%20virus/defender.htm

    Et colle le rapport.

    a+
    0
  • 1
  • 2