Demande d'aide pour une lecture de hijackthis Résolu/Fermé

Question

Bonjour à tous, y a t'il une mae charitable qui peut m'aider a me débarasser de satanés spyware qui me balance des pages de pub et me bloque ma barre de travail ( menu démarrer) Voici le rapport hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 14:54:34, on 19/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.5.0_10\bin\jucheck.exe
C:\Program Files\NewTech Infosystems\NTI CD-Maker\Cdmkr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32	askmgr.exe
C:\Documents and Settings\Julie et Guillaume\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s  -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWSetadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ilspkjpc.dll",realset
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1706086c0cd06560c319/netzip/RdxIE601_fr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O18 - Protocol: bw+0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe


Un ENORME MERCI D AVANCE

rudyrital · Answer

Tout d'abord Bonjour et bienvenue sur le forum d'entraide COMMENT CA MARCHE 


Télécharge VundoFix.exe (par Atribune) sur ton Bureau. 
http://www.atribune.org/ccount/click.php?id=4 

* Double-clique VundoFix.exe afin de le lancer. 
* Lorsque l'outil se lance à nouveau, clique sur le bouton Scan for Vundo 
* Clique sur le bouton Scan for Vundo. 
* Lorsque le scan est complété, clique sur le bouton Remove Vundo 
* Une invite te demandera si tu veux supprimer les fichiers, clique YES 
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers. 
* Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK 
* Démarre ton PC à nouveau. 
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse. 

Note Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".

Gilesix · Answer

SVP !!!!!!!
que doi je faire maintenant avec ces 2 rapports ?????
Merci d'avance 
:-)

Séb08 · Answer

slt,

évite de créer d'autre thread (doublon)

suite a apres hijackthis vundo que faire

merci.

Ca n'ira pas plus vite ..

Séb08 · Answer

Désinstalle ta version de Java (Java version is 1.5.0.2 ) elle est vérolé ...


=====================

Fais un clic droit sur l'outil HijackThis! - > "Renommer", puis renomme-le en scan.exe par exemple.

Lance HijackThis! (double clique scan.exe) puis clique Do a system scan and save a logfile, puis poste le rapport ici.

GILESIX · Answer

Déja, merci Séb08 pour ta réponse rapide,
ensuite, j'ai désinstallé la version de java vérollée, renommé hijack et fait un scan, voici le résultat:

Logfile of HijackThis v1.99.1
Scan saved at 12:30:02, on 20/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWSetadpu1000272.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32	askmgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Documents and Settings\Julie et Guillaume\Bureau\scan.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\kpeoowuo.dll
O2 - BHO: (no name) - {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} - C:\WINDOWS\system32\jkkji.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} - C:\WINDOWS\system32\jkhfd.dll
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\gebbcax.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s  -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWSetadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ilspkjpc.dll",realset
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin
pjpi150_10.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin
pjpi150_10.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1706086c0cd06560c319/netzip/RdxIE601_fr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O18 - Protocol: bw+0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: gebbcax - C:\WINDOWS\SYSTEM32\gebbcax.dll
O20 - Winlogon Notify: jkhfd - C:\WINDOWS\system32\jkhfd.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineij32 - C:\WINDOWS\SYSTEM32\wineij32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Merci encore.

Séb08 · Answer

ok bien ...

Télécharge VundoFix (par Atribune) de ce lien : 
http://www.atribune.org/ccount/click.php?id=4 

* Sauvegarde-le sur ton Bureau. 
* Double-clique VundoFix.exe afin de le lancer 
* Clique sur le bouton Scan for Vundo 
* Lorsque le scan est complété, clique sur le bouton Remove Vundo 
* Une invite te demandera si tu veux supprimer les fichiers, clique YES 
* Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers 
* Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK 
* Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse. 

Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo"

a+

GILESIX · Answer

ok, voici le rapport vundo:


VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 20:28:19 19/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\cpjkpsli.ini
C:\WINDOWS\system32\gteehtmy.ini
C:\WINDOWS\system32\ilspkjpc.dll
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\ymtheetg.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\cpjkpsli.ini
C:\WINDOWS\system32\cpjkpsli.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\gteehtmy.ini
C:\WINDOWS\system32\gteehtmy.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ilspkjpc.dll
C:\WINDOWS\system32\ilspkjpc.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkji.dll Has been deleted!

 Attempting to delete C:\WINDOWS\system32\ymtheetg.dll
C:\WINDOWS\system32\ymtheetg.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 12:49:53 20/05/2007

Listing files found while scanning....

C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\jkhfd.dll

Beginning removal...

 Attempting to delete C:\WINDOWS\system32\dfhkj.bak1
C:\WINDOWS\system32\dfhkj.bak1 Has been deleted!

 Attempting to delete C:\WINDOWS\system32\dfhkj.ini
C:\WINDOWS\system32\dfhkj.ini Has been deleted!

 Attempting to delete C:\WINDOWS\system32\jkhfd.dll
C:\WINDOWS\system32\jkhfd.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.23

Checking Java version...

Java version is 1.4.2.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.2
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.4
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.10

Scan started at 13:16:25 20/05/2007

Listing files found while scanning....

et le hijack:

Logfile of HijackThis v1.99.1
Scan saved at 13:23:12, on 20/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\retadpu1000272.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\retadpu1000272.exe
C:\Documents and Settings\Julie et Guillaume\Bureau\VundoFix.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Julie et Guillaume\Bureau\scan.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {526F3E9F-948D-4974-A324-091453F9A8D6} - C:\WINDOWS\system32\ddccb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\kpeoowuo.dll
O2 - BHO: (no name) - {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} - C:\WINDOWS\system32\jkkji.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\gebbcax.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s  -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ilspkjpc.dll",realset
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1706086c0cd06560c319/netzip/RdxIE601_fr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O18 - Protocol: bw+0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ddccb - C:\WINDOWS\system32\ddccb.dll
O20 - Winlogon Notify: gebbcax - C:\WINDOWS\SYSTEM32\gebbcax.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineij32 - C:\WINDOWS\SYSTEM32\wineij32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Séb08 · Answer

ok désolé pour java (erreur d'interprétation) il est légitime...

Télécharge VirtumundoBegone sur le bureau: 
http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe 

Double clique ensuite sur VirtumundoBeGone.exe et suis les instructions. 
Une fois terminé, redémarre et poste le rapport VBG.TXT créé sur le bureau dans ta prochaine réponse avec un nouveau rapport HijackThis. 
Ne t'inquiète pas si tu vois un message Ecran bleu "Erreur fatale", c'est normal et attendu 

Je dois m'absenter .

je serai là en soirée.

a+

GILESIX · Answer

voici le rapport de virtmundo:


[05/20/2007, 13:38:47] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Julie et Guillaume\Bureau\VirtumundoBeGone.exe" )
[05/20/2007, 13:38:57] - Detected System Information:
[05/20/2007, 13:38:57] -  Windows Version: 5.1.2600, Service Pack 2
[05/20/2007, 13:38:57] -  Current Username: Julie et Guillaume (Admin)
[05/20/2007, 13:38:57] -  Windows is in NORMAL mode.
[05/20/2007, 13:38:57] - Searching for Browser Helper Objects:
[05/20/2007, 13:38:57] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:38:57] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:38:57] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} ()
[05/20/2007, 13:38:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:57] -  Checking for HKLM\...\Winlogon\Notify\ddccb
[05/20/2007, 13:38:57] -  Found: HKLM\...\Winlogon\Notify\ddccb - This is probably Virtumundo.
[05/20/2007, 13:38:57] -  Assigning {526F3E9F-948D-4974-A324-091453F9A8D6} MSEvents Object
[05/20/2007, 13:38:57] - BHO list has been changed! Starting over...
[05/20/2007, 13:38:57] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:38:57] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:38:57] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:38:57] - ALERT: Found MSEvents Object!
[05/20/2007, 13:38:57] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:38:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:57] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:38:57] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:38:57] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:38:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:57] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:38:57] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:38:57] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:38:57] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:58] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:38:58] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:38:58] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:38:58] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:58] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:38:58] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:38:58] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:58] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:38:58] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:38:58] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:38:58] - BHO list has been changed! Starting over...
[05/20/2007, 13:38:58] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:38:58] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:38:58] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:38:58] - ALERT: Found MSEvents Object!
[05/20/2007, 13:38:58] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:58] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:38:58] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:38:58] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:58] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:38:58] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:38:58] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:58] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:38:58] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:38:58] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:38:58] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:58] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:38:58] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:38:58] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:58] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:38:58] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:38:58] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:38:58] - BHO list has been changed! Starting over...
[05/20/2007, 13:38:58] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:38:58] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:38:58] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:38:58] - ALERT: Found MSEvents Object!
[05/20/2007, 13:38:58] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:58] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:38:58] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:38:58] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:58] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:38:58] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:38:58] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:58] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:38:58] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:38:58] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:38:58] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:58] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:38:58] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:38:58] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:38:58] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:59] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:38:59] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:38:59] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:38:59] - BHO list has been changed! Starting over...
[05/20/2007, 13:38:59] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:38:59] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:38:59] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:38:59] - ALERT: Found MSEvents Object!
[05/20/2007, 13:38:59] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:59] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:38:59] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:38:59] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:59] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:38:59] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:38:59] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:59] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:38:59] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:38:59] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:38:59] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:59] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:38:59] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:38:59] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:59] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:38:59] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:38:59] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:38:59] - BHO list has been changed! Starting over...
[05/20/2007, 13:38:59] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:38:59] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:38:59] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:38:59] - ALERT: Found MSEvents Object!
[05/20/2007, 13:38:59] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:59] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:38:59] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:38:59] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:59] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:38:59] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:38:59] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:59] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:38:59] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:38:59] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:38:59] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:59] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:38:59] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:38:59] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:38:59] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:38:59] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:38:59] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:38:59] - BHO list has been changed! Starting over...
[05/20/2007, 13:38:59] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:38:59] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:38:59] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:38:59] - ALERT: Found MSEvents Object!
[05/20/2007, 13:38:59] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:38:59] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:00] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:00] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:00] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:00] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:00] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:00] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:00] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:00] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:00] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:00] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:00] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:00] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:00] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:00] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:00] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:00] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:00] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:00] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:00] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:00] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:00] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:00] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:00] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:00] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:00] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:00] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:00] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:00] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:00] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:00] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:00] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:00] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:00] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:00] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:00] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:00] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:00] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:00] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:00] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:00] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:00] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:00] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:00] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:00] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:00] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:00] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:00] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:00] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:00] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:00] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:00] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:00] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:01] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:01] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:01] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:01] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:01] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:01] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:01] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:01] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:01] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:01] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:01] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:01] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:01] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:01] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:01] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:01] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:01] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:01] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:01] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:01] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:01] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:01] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:01] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:01] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:01] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:01] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:01] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:01] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:01] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:01] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:01] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:01] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:01] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:01] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:01] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:01] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:01] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:01] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:01] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:01] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:01] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:01] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:01] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:01] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:01] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:01] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:01] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:01] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:01] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:01] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:01] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:01] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:01] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:02] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:02] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:02] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:02] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:02] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:02] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:02] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:02] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:02] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:02] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:02] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:02] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:02] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:02] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:02] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:02] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:02] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:02] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:02] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:02] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:02] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:02] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:02] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:02] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:02] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:02] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:02] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:02] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:02] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:02] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:02] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:02] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:02] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:02] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:02] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:02] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:02] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:02] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:02] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:02] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:02] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:02] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:02] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:02] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:02] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:02] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:02] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:02] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:02] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:02] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:02] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:02] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:02] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:03] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:03] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:03] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:03] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:03] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:03] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:03] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:03] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:03] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:03] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:03] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:03] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:03] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:03] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:03] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:03] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:03] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:03] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:03] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:03] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:03] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:03] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:03] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:03] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:03] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:03] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:03] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:03] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:03] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:03] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:03] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:03] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:03] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:03] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:03] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:03] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:03] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:03] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:03] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:03] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:03] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:03] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:03] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:03] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:03] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:03] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:03] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:03] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:03] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:03] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:03] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:03] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:03] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:04] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:04] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:04] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:04] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:04] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:04] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:04] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:04] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:04] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:04] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:04] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:04] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:04] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:04] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:04] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:04] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:04] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:04] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:04] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:04] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:04] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:04] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:04] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:04] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:04] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:04] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:04] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:04] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:04] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:04] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:04] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:04] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:04] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:04] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:04] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:04] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:04] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:04] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:04] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:04] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:04] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:04] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:04] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:04] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:04] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:04] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:04] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:04] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:04] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:04] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:04] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:04] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:04] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:05] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:05] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:05] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:05] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:05] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:05] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:05] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:05] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:05] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:05] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:05] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:05] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:05] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:05] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:05] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:05] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:05] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:05] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:05] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:05] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:05] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:05] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:05] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:05] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:05] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:05] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:05] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:05] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:05] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:05] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:05] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:05] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:05] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:05] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:05] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:05] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:05] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:05] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:05] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:05] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:05] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:05] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:05] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:05] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:05] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:05] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:05] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:05] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:05] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:05] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:05] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:05] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:05] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:06] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:06] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:06] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:06] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:06] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:06] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:06] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:06] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:06] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:06] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:06] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:06] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:06] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:06] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:06] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:06] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:06] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:06] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:06] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:06] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:06] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:06] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:06] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:06] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:06] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:06] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:06] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:06] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:06] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:06] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:06] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:06] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:06] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:06] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:06] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:06] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:06] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:06] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:06] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:06] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:06] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:06] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:06] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:06] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:06] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:06] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:06] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:06] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:07] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:07] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:07] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:07] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:07] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:07] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:07] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:07] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:07] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:07] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:07] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:07] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:07] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:07] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:07] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:07] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:07] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:07] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:07] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:07] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:07] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:07] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:07] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:07] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:07] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:07] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:07] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:07] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:07] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:07] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:07] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:07] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:07] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:07] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:07] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:07] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:07] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:07] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:07] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:07] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:07] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:08] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:08] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:08] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:08] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:08] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:08] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:08] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:08] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:08] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:08] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:08] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:08] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:08] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:08] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:08] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:08] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:08] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:08] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:08] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:08] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:08] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:08] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:08] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:08] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:08] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:08] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:08] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:08] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:08] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:08] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:08] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:08] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:08] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:08] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:08] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:08] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:08] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:08] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:08] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:08] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:08] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:08] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:08] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:08] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:08] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:08] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:08] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:08] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:08] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:08] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:08] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:08] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:08] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:09] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:09] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:09] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:09] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:09] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:09] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:09] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:09] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:09] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:09] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:09] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:09] -  BHO 4: {53707962-6F74-2D53-2644-206D7942484F} ()
[05/20/2007, 13:39:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:09] -  Checking for HKLM\...\Winlogon\Notify\SDHelper
[05/20/2007, 13:39:09] -  Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[05/20/2007, 13:39:09] -  BHO 5: {55DB983C-BDBF-426f-86F0-187B02DDA39B} ()
[05/20/2007, 13:39:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:09] -  Checking for HKLM\...\Winlogon\Notify\kpeoowuo
[05/20/2007, 13:39:09] -  Key not found: HKLM\...\Winlogon\Notify\kpeoowuo, continuing.
[05/20/2007, 13:39:09] -  BHO 6: {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} ()
[05/20/2007, 13:39:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:09] -  Checking for HKLM\...\Winlogon\Notify\jkkji
[05/20/2007, 13:39:09] -  Key not found: HKLM\...\Winlogon\Notify\jkkji, continuing.
[05/20/2007, 13:39:09] -  BHO 7: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[05/20/2007, 13:39:09] -  BHO 8: {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} ()
[05/20/2007, 13:39:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:09] -  Checking for HKLM\...\Winlogon\Notify\jkhfd
[05/20/2007, 13:39:09] -  Key not found: HKLM\...\Winlogon\Notify\jkhfd, continuing.
[05/20/2007, 13:39:09] -  BHO 9: {C004A8DA-623A-4409-B6ED-F3E3DA367792} ()
[05/20/2007, 13:39:09] - WARNING: BHO has no default name. Checking for Winlogon reference.
[05/20/2007, 13:39:09] -  Checking for HKLM\...\Winlogon\Notify\gebbcax
[05/20/2007, 13:39:09] -  Found: HKLM\...\Winlogon\Notify\gebbcax - This is probably Virtumundo.
[05/20/2007, 13:39:09] -  Assigning {C004A8DA-623A-4409-B6ED-F3E3DA367792} MSEvents Object
[05/20/2007, 13:39:09] - BHO list has been changed! Starting over...
[05/20/2007, 13:39:09] -  BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[05/20/2007, 13:39:09] -  BHO 2: {2E03C0FD-4C48-43A7-9A54-00240C70FF16} (ECarteBleueBrowserHelper Class)
[05/20/2007, 13:39:09] -  BHO 3: {526F3E9F-948D-4974-A324-091453F9A8D6} (MSEvents Object)
[05/20/2007, 13:39:09] - ALERT: Found MSEvents Object!
[05/20/2007, 13:39:09] -  BHO 4: {53707962-6F74-2D53-2644-206D

gilesix · Answer

Je suis suivi par séb08, est il e retour ????????????????

Merci

Séb08 · Answer

Remet un log hijack .

Ou en sont tes probs ?

gilesix · Answer

Bonjour et merci de ta réponse.
Et bien en fait, j'ai accés maintenant à ma barre de tahce mai il rest encore des fenétres de pub quio viennent s'ouvrir.
..
Voici le hijack:

Logfile of HijackThis v1.99.1
Scan saved at 10:51:34, on 21/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\retadpu1000272.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Julie et Guillaume\Bureau\scan.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\kpeoowuo.dll
O2 - BHO: (no name) - {60DF6507-6336-4145-917F-89342A347D97} - C:\WINDOWS\system32\ddccb.dll
O2 - BHO: (no name) - {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} - C:\WINDOWS\system32\jkkji.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: (no name) - {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} - C:\WINDOWS\system32\jkhfd.dll (file missing)
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\gebbcax.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s  -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ilspkjpc.dll",realset
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1706086c0cd06560c319/netzip/RdxIE601_fr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O18 - Protocol: bw+0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: ddccb - C:\WINDOWS\system32\ddccb.dll
O20 - Winlogon Notify: gebbcax - C:\WINDOWS\SYSTEM32\gebbcax.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineij32 - C:\WINDOWS\SYSTEM32\wineij32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Merci d'avance

Séb08 · Answer

OK Vundo est toujours présent .
on va faire autrement ...

1/

Télécharger Process XP ici :
https://www.cjoint.com/?fvlGdF6jfp

 Télécharger : Pocket Killbox ici :
http://www.downloads.subratam.org/KillBox.exe 

:: Démo d utilisation (merci a Balltrap34 pour cette réalisation) :: 
http://pageperso.aol.fr/balltrap34/killbox.htm


2/

Déconnecte toi du net.
Ferme tous les programmes en cours (média player, internet explorer, ...etc)

Dézippe (clic droit > extraire) Process XP et double-clique sur processxp.exe

* Dans la fenêtre principale de processxp double-clique sur winlogon.exe
Dans la nouvelle fenêtre qui s'ouvre clique sur threads
Sélectionne seulement les lignes qui contiennent les .dll infectées(ddccb.dll,gebbcax.dll, wineij32.dll,kpeoowuo.dll 
) puis clique sur kill pour chacune des lignes trouvées.
une fois fait, valide avec [ok]

* Dans la fenêtre principale de processxp double clic sur explorer.exe
Dans la nouvelle fenêtre qui s'ouvre clique sur threads
sélectionner seulement les lignes qui contiennent les .dll infectées (ddccb.dll,gebbcax.dll, wineij32.dll,kpeoowuo.dll 
)  puis clique sur kill pour chacune des lignes trouvées.
une fois fait, valide avec [ok]

3/

Puis lance HijackThis:

clique sur "do a system scan only"

* Coche la case au début de ces lignes:

O2 - BHO: (no name) - {55DB983C-BDBF-426f-86F0-187B02DDA39B} - C:\WINDOWS\system32\kpeoowuo.dll 
O2 - BHO: (no name) - {60DF6507-6336-4145-917F-89342A347D97} - C:\WINDOWS\system32\ddccb.dll 
O2 - BHO: (no name) - {6B4BEBBA-EBAE-48D9-AE2D-459F3DAA70BA} - C:\WINDOWS\system32\jkkji.dll (file missing) 
O2 - BHO: (no name) - {7A0C4B68-E5F6-4061-B573-1F021C40AD6E} - C:\WINDOWS\system32\jkhfd.dll (file missing) 
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\gebbcax.dll

O20 - Winlogon Notify: ddccb - C:\WINDOWS\system32\ddccb.dll 
O20 - Winlogon Notify: gebbcax - C:\WINDOWS\SYSTEM32\gebbcax.dll 
O20 - Winlogon Notify: wineij32 - C:\WINDOWS\SYSTEM32\wineij32.dll 


* Valide avec [fix checked]


4/

Double clic sur killbox.exe (Pocket Killbox)

- coche : Delete on reboot
- Dans "Full Path of File to Delete"
Pour chaque ligne,copie et colle :


C:\WINDOWS\system32\ddccb.dll 
C:\WINDOWS\SYSTEM32\gebbcax.dll 
C:\WINDOWS\SYSTEM32\wineij32.dll 
C:\WINDOWS\system32\kpeoowuo.dll 

- clique sur la croix rouge
- une fenêtre va apparaître pour confirmation clique sur YES
- une seconde fenêtre te demande si tu veux redémarrer, clique sur YES

Laisse le PC redémarrer.
Si tu as un message: "pending file rename operations registry data has been removed by external process.", ignore-le, et redémarre ton PC manuellement.

Et remet un hijack .

a+

gilesix · Answer

Merci Séb, tout a fonctionné sauf avec killbox ou les lignes:

C:\WINDOWS\system32\ddccb.dll 
C:\WINDOWS\SYSTEM32\gebbcax.dll 
C:\WINDOWS\SYSTEM32\wineij32.dll 
C:\WINDOWS\system32\kpeoowuo.dll 

ne peuvent etres suppromées ( this file could not be deleted )

Que faire ???

voici le hijack:

Logfile of HijackThis v1.99.1
Scan saved at 15:21:33, on 21/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Julie et Guillaume\Bureau\scan.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s  -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu1000272.exe 61A847B5BBF72813329B385475FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ilspkjpc.dll",realset
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1706086c0cd06560c319/netzip/RdxIE601_fr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O18 - Protocol: bw+0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

merci encore séb.

gile · Answer

Que me conseil u de faire séb ???

Séb08 · Answer

Ok bien , Vundo est dégagé !

Supprime C:\ProgramFiles\!killbox

Vide ta poubelle.

ensuite :

Télécharge et installe ce log :

*  AVG AS 

AVG anti spyware
avg antispyware
Met le a jour avant de lancer le scan.
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" : 

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
 

a+

gilesix · Answer

Bonjour séb, avant toute chose ( et au rique de me répeter !!!) encore un grand merci pour me venir en aide et passer du tps sur mon cas.

Voici le rapport d'AVG:

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	12:30:09 22/05/2007

 + Résultat de l'analyse:	



C:\System Volume Information\_restore{D54EF6E2-98A0-4B5D-8FC9-24257917EE03}\RP831\A0067175.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{D54EF6E2-98A0-4B5D-8FC9-24257917EE03}\RP831\A0067176.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{D54EF6E2-98A0-4B5D-8FC9-24257917EE03}\RP831\A0067177.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{D54EF6E2-98A0-4B5D-8FC9-24257917EE03}\RP831\A0067178.dll -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{D54EF6E2-98A0-4B5D-8FC9-24257917EE03}\RP831\A0067181.DLL -> Adware.Virtumonde : Nettoyé.
C:\System Volume Information\_restore{D54EF6E2-98A0-4B5D-8FC9-24257917EE03}\RP831\A0067173.exe -> Downloader.Agent.bls : Nettoyé.
C:\System Volume Information\_restore{D54EF6E2-98A0-4B5D-8FC9-24257917EE03}\RP831\A0067174.exe -> Hijacker.Costrat.at : Nettoyé.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Nettoyé.
C:\System Volume Information\_restore{D54EF6E2-98A0-4B5D-8FC9-24257917EE03}\RP831\A0067171.dll -> Trojan.Dialer.qn : Nettoyé.
C:\System Volume Information\_restore{D54EF6E2-98A0-4B5D-8FC9-24257917EE03}\RP831\A0067172.DLL -> Trojan.Dialer.qn : Nettoyé.


Fin du rapport

Merci

Séb08 · Answer

Ta resto est ou était infectée , donc pour être sur de la rendre saine fais cette manip

¤Désactive ta restauration système (uniquement si tu es sous XP): 
Clic droit sur poste de travail puis, 
propriété, tu cliques sur onglet restauration système 
tu coches la case « désactiver la restauration » et applique. 

Puis, 

¤Réactive ta restauration système (uniquement si tu es sous XP): 
Clic droit sur poste de travail puis, 
propriété, tu cliques sur onglet restauration système 
tu décoches la case « désactiver la restauration » et applique.

http://www.libellules.ch/desactiver_restauration.php


Et dis moi ou en sont tes probs ?

Remet un log hijack pour qu'on fasse un peu le ménage ... :)


a+

gilesix · Answer

ok pour la réstauration. Jr l'ai enlevé et remise et voici le rapport hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 21:43:35, on 22/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Julie et Guillaume\Bureau\scan.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s  -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ilspkjpc.dll",realset
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1706086c0cd06560c319/netzip/RdxIE601_fr.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab
O18 - Protocol: bw+0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {71E8FBEE-2576-4181-B6E2-DEF02AB3529C} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Merci 

a+

Séb08 · Answer

ok. :)

Relance Hijack,choisi « do a scan only » ou « scanner seulement » coches ces lignes :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 


O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE 
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" 
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe 
O4 - HKLM\..\Run: [Alaunch] C:\Windows\alaunch.exe 
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime 
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" 
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe 
O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles 
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\ilspkjpc.dll",realset 
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized 
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background 
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 
O4 - Global Startup: DataViz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe 


O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) 
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) 

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab 
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab 
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab 
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/1706086c0cd06560c319/netzip/RdxIE601_fr.cab 
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab 
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab 
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/Newuploader/ImageUploader4.cab 
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab 
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab 
O16 - DPF: {FB90BA05-66E6-4C56-BCD3-D65B0F7EBA39} (Foto.com SpeedUploader 1.0 Control) - http://express.foto.com/SFUploader/SpeedUploader.cab

 

***********Toutes les 018***********



O20 - Winlogon Notify: wineij32 - wineij32.dll (file missing) 

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe 


Ferme toutes les fenêtres actives autres que HijackThis!, navigateur inclus, puis clique « Fix checked » ou « fixer objet ». Ferme HijackThis!

======================

Arrête ce service

AVG Anti-Spyware Guard 

pour ça fais cette manip :

Démarrer -> executer tape services.msc   double clic sur le service cité - > et dans "type de démarrage"  mets le sur  « désactivé » et dans statut du service, met le sur « arrêté ».

======================

Affiches tous les fichiers et dossiers… 

Clique sur démarrer -> panneau de configuration (en affichage classique) ->option des dossiers -> onglet « affichage » 

* [Coche] « afficher les dossiers et fichiers cachés »

* [Décoche]  « Masquer les fichiers protégés du système d'exploitation (recommandé) » 

* [Décoche] « masquer les extensions dont le type est connu » 

Puis [valider] pour valider les changements. 

Et [Ok]


recherche et supprime ou désinstalle ceci :

C:\WINDOWS\system32\ilspkjpc.dll
C:\Program Files\Fichiers communs\Symantec Shared

Vide ta poubelle.

======================

Installe un vrai parefeu car celui de Windows ne sert à rien.

Kério (pare feu): 
kerio 
lire le tuto: pour configurer et comprendre Kerio 
https://kerio.probb.fr/t250-tuto-sunbelt-personal-firewall-4-6
https://www.vulgarisation-informatique.com/kerio.php
https://forums.cnetfrance.fr

A lire :
securite le parefeu de windows xp

explication d'un parefeu : 
firewall

====================

ensuite :

- > Pour vérifier, scanne ton PC avec cet antivirus en ligne (sous IE et accepte l’activX) : 
http://www.bitdefender.fr/bd/site/search.php#
Clique sur « Bitdefender scan on line »  suis les instructions.
Démo (merci à balltrap pour cette démo) :
http://perso.orange.fr/rginformatique/section%20virus/defender.htm

Et colle le rapport.

a+

gilesix · Answer

Salut Séb08, enfin le WE ou je peut consacrer du tps a réparer mon pc !!!
J'ai tout fais, cependant je n'arrive pas a insérer le rapport de bitdefender, donc je te met le rapport d'hijacktjis
:Logfile of HijackThis v1.99.1
Scan saved at 22:41:36, on 26/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Julie et Guillaume\Bureau\scan.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=https://www.acer.com/worldwide/selection.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\perfc000.dat
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Séb08 · Answer

ou en sont tes probs ?

Télécharge et installe ce log :

*  AVG AS 

AVG anti spyware
avg antispyware
Met le a jour avant de lancer le scan.
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" : 

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
 
a+

gilesix · Answer

Alors voici les sacn d'avg et en ce qui concerne mes problemes, il me semble que je n'en ai plus vraiment !!!!!!!!

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	16:56:34 27/05/2007

 + Résultat de l'analyse:	



C:\Documents and Settings\Julie et Guillaume\Local Settings\Temporary Internet Files\Content.IE5\527NA2GN\file[1].exe -> Backdoor.Small.os : Aucune action entreprise.
C:\WINDOWS\Temp\win2CB.tmp.exe -> Downloader.PurityScan.eg : Aucune action entreprise.
C:\WINDOWS\Temp\win2EF.tmp.exe -> Downloader.PurityScan.eg : Aucune action entreprise.
C:\WINDOWS\Temp\win31C.tmp.exe -> Downloader.PurityScan.eg : Aucune action entreprise.
C:\WINDOWS\Temp\win4A4.tmp.exe -> Downloader.PurityScan.eg : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@247realmedia[1].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.11:C:\Documents and Settings\Julie et Guillaume\Application Data\Mozilla\Firefox\Profiles\fyeftua1.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.12:C:\Documents and Settings\Julie et Guillaume\Application Data\Mozilla\Firefox\Profiles\fyeftua1.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.13:C:\Documents and Settings\Julie et Guillaume\Application Data\Mozilla\Firefox\Profiles\fyeftua1.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
:mozilla.14:C:\Documents and Settings\Julie et Guillaume\Application Data\Mozilla\Firefox\Profiles\fyeftua1.default\cookies.txt -> TrackingCookie.Adbrite : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@4.adbrite[2].txt -> TrackingCookie.Adbrite : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@adbrite[1].txt -> TrackingCookie.Adbrite : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@adtech[2].txt -> TrackingCookie.Adtech : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@atdmt[1].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.19:C:\Documents and Settings\Julie et Guillaume\Application Data\Mozilla\Firefox\Profiles\fyeftua1.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@com[1].txt -> TrackingCookie.Com : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@dealtime[1].txt -> TrackingCookie.Dealtime : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@estat[1].txt -> TrackingCookie.Estat : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@fastclick[1].txt -> TrackingCookie.Fastclick : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@ehg-cogemag.hitbox[2].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@hitbox[1].txt -> TrackingCookie.Hitbox : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@oewabox[1].txt -> TrackingCookie.Oewabox : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@www.paypal[1].txt -> TrackingCookie.Paypal : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@questionmarket[2].txt -> TrackingCookie.Questionmarket : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@realmedia[1].txt -> TrackingCookie.Realmedia : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@pr.valueclick[2].txt -> TrackingCookie.Valueclick : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@valueclick[2].txt -> TrackingCookie.Valueclick : Aucune action entreprise.
:mozilla.21:C:\Documents and Settings\Julie et Guillaume\Application Data\Mozilla\Firefox\Profiles\fyeftua1.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Aucune action entreprise.
C:\Documents and Settings\Julie et Guillaume\Cookies\julie_et_guillaume@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.


Fin du rapport

Séb08 · Answer

Tu peux refaire le scan et mettre AVG sur "quarantaines ou "supprimer" comme je te l'avais indiqué ..

parce que là tu n'as rien supprimer d'ou le  "Aucune action entreprise" dans ton rapport.

a+

gilesix · Answer

Ouos, effectivement, j'ai enregistrer le rapport avant de faire les actions, bref...j'ai refait une analyse et le résultat est assez encourageant !!!:

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	18:11:26 27/05/2007

 + Résultat de l'analyse:	



	Rien à signaler.



Fin du rapport

Pense tu que mes soucis snt ENFIN terminées ?????????

Merci encore Seb

Séb08 · Answer

Tu as bien fait les mise a jour d'AVG avant de le lancer ?

Si oui c'est ok .

Bon surf   :-)

gilesix · Answer

Salut pour la dernière fois je crois...Je n'avais pas fait les mises à jur avant mais qd je veu le faire, il me dit qu'il n y a pas de mise a jour de dispo...donc je présume que je suis clean à présent !!!!!

Bon, alors un ENORME merci à toi pour avoir passé du tps sur mon cas. Je trouve que ce que vous faites ( toi et les autre personnes du site ) sont vraiment magnifiques et c'est assez incroyable de voir que l'entraide est aussi présente sur internet.
Je te tire mon chapeau et te souhaite une bonne continuation.

Merci encore

Guillaume

Séb08 · Answer

Ok s'il n'y a pas de MAJ dispo c'est qu'il est à jour ...

Lance le toutes les semaines (ca dépend de ton surf) mais n'oublie pas de le mettre à jour avant.

De rien Guillaume. ;-)

Bonne soirée.

Demande d'aide pour une lecture de hijackthis

28 réponses

Discussions similaires