Sujet Précédent Sujet Suivant

Norton alerte virus intempestif

Résolu/Fermé
nimava Messages postés 32 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 14 décembre 2008 - 4 déc. 2007 à 16:59
nimava Messages postés 32 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 14 décembre 2008 - 7 déc. 2007 à 16:28
Bonjour,
c'est mon premier message sur ce forum j' espére que je serais assez précis.
j'ai norton internet security (2004 ou 2005) et depuis que j' arrive à ma fin d' abonement norton me trouve des virus( alors que je n'ai jamais eu de probléme depuis que je l'ai eu ).
Et vu que mon PC date un peu mon PC rame ... et c'est assez énervant. pourtant quand je lance des analyse avec secuser ou adward SE il ne me trouve rien.
norton me trouve downloader et trojan.vundo si vous connaissez c'est programme (ou virus) est-ce que vous pouvez me le dire.

ps : je vais changé d' antivirus à la fin de mon abonement. Je pensais à kapersky mais peut-être un peu cher ? ou sinon antivir mais est-ce que antivir suffit ou faut mettre d'autres programmes avec pour avoir un maximum de protection.
désolé pour les fautes d' orthographes , je n' ai jamais été trés fort.
A voir également:

22 réponses

  • 1
  • 2
Réponse 1 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
4 déc. 2007 à 17:02
slt,

vundo est un espion

__________________

norton est moyen comme antivirus , je te conseille plutot g data ou bitdefender ou kaspersky
______________



colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."


_________________


scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
____________________

puis :


virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

_____________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
0
Réponse 2 / 22
nimava Messages postés 32 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 14 décembre 2008 3
4 déc. 2007 à 17:27
je fais un rapport avec hijackthis ?
sinon vundoFix est en route
0
Réponse 3 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
4 déc. 2007 à 17:52
oui colle le rapport hijackthis avant pour pouvoir voir l'evolution
a plus
0
Réponse 4 / 22
nimava Messages postés 32 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 14 décembre 2008 3
4 déc. 2007 à 18:00
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:57:52, on 04/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Packard Bell EverSafe\TrayControl.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\aubouin\Bureau\VundoFix.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.free.fr/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes1.dll
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.121.124.125 eu.logon.worldofwarcraft.com
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes1.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [NovaNet-WEB Tray Control] C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu880.exe 61A847B5BBF7281A3A9B284503996897C881250221C8670836AC4FA7C8833201749139
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ec5b77bc] rundll32.exe "C:\WINDOWS\system32\gygcnmoh.dll",b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S1C0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/2.0.0.33/player.virtools.com/downloads/player/Install2.0/Installer.exe
O18 - Protocol: bw+0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
4 déc. 2007 à 18:05
ok fais la suite

tu desinstallera via ton panneau de configuration:

Best Security Tips Toolbar

______________________

a la fin recolle un rapport hijakthis en le renommant cette fois pour ne pas masquer d'infection vundo

a plus
0
Réponse 6 / 22
nimava Messages postés 32 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 14 décembre 2008 3
4 déc. 2007 à 18:08
est-ce que c'est normal que vundoFix reste longtemps aprés qu' on est cliquer sur removing sa fait 10 minute la et je commence à perdre patience.
0
Réponse 7 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
4 déc. 2007 à 18:08
oui ca peut prendre du temps
0
Réponse 8 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
4 déc. 2007 à 18:17
qui es tu ????

tu te fais passer pour lyonnais 92 ????
0
Réponse 9 / 22
nimava Messages postés 32 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 14 décembre 2008 3
4 déc. 2007 à 18:20
lyonnais92 kapersky est cher ... et j'ai pas envie de mettre beaucoup d' argent dedans.

par contre jlpjlp en désintallant best security j'ai ( sans faire exprés ) redémarrer mon PC je dois relancer un nouvelle analyse avec vunderfix ou je peux remov tout de suite ?
0
Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 537
4 déc. 2007 à 18:43
Bonjour et désolé,

quelqu'un cherche à me nuire (bêtement d'ailleurs).

Je ne propose jamais un antivirus payant si on ne me demande pas explicitement mon avis..
0
Réponse 10 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
4 déc. 2007 à 18:23
passe a la suite




virtumondebegone (colle le rapport)

http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

_____________________

combofix (colle le rapport)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
0
Réponse 11 / 22
nimava Messages postés 32 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 14 décembre 2008 3
4 déc. 2007 à 18:27
[12/04/2007, 18:24:17] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\aubouin\Bureau\VirtumundoBeGone.exe" )
[12/04/2007, 18:24:23] - Detected System Information:
[12/04/2007, 18:24:23] - Windows Version: 5.1.2600, Service Pack 2
[12/04/2007, 18:24:23] - Current Username: aubouin (Admin)
[12/04/2007, 18:24:23] - Windows is in NORMAL mode.
[12/04/2007, 18:24:23] - Searching for Browser Helper Objects:
[12/04/2007, 18:24:23] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
[12/04/2007, 18:24:23] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[12/04/2007, 18:24:23] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[12/04/2007, 18:24:23] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
[12/04/2007, 18:24:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/04/2007, 18:24:23] - No filename found. Continuing.
[12/04/2007, 18:24:23] - BHO 5: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
[12/04/2007, 18:24:23] - BHO 6: {94e3e326-58b5-4d8f-a5a1-59f9d6ca37d5} ()
[12/04/2007, 18:24:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/04/2007, 18:24:23] - Checking for HKLM\...\Winlogon\Notify\lqpbcvve
[12/04/2007, 18:24:24] - Key not found: HKLM\...\Winlogon\Notify\lqpbcvve, continuing.
[12/04/2007, 18:24:24] - BHO 7: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
[12/04/2007, 18:24:24] - BHO 8: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
[12/04/2007, 18:24:24] - BHO 9: {B6E4153E-4422-418D-A6C2-8D0FBCD3E793} ()
[12/04/2007, 18:24:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
[12/04/2007, 18:24:24] - Checking for HKLM\...\Winlogon\Notify\geebb
[12/04/2007, 18:24:24] - Key not found: HKLM\...\Winlogon\Notify\geebb, continuing.
[12/04/2007, 18:24:24] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
[12/04/2007, 18:24:24] - BHO 11: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
[12/04/2007, 18:24:24] - Finished Searching Browser Helper Objects
[12/04/2007, 18:24:24] - Finishing up...
[12/04/2007, 18:24:24] - Nothing found! Exiting...

voila

ps : lyonnais c'est pas ilégal d'utiliser des clé qui ne sont pas acheter
0
Réponse 12 / 22
nimava Messages postés 32 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 14 décembre 2008 3
4 déc. 2007 à 18:57
ComboFix 07-12-02.6 - aubouin 2007-12-04 18:33:26.1 - NTFSx86
Running from: C:\Documents and Settings\aubouin\Bureau\ComboFix.exe
* Created a new restore point
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\moviebox
C:\Program Files\moviebox\Uninstall.exe
C:\WINDOWS\mrofinu880.exe
C:\WINDOWS\system32\baartcuf.dll
C:\WINDOWS\system32\bbeeg.bak1
C:\WINDOWS\system32\bbeeg.bak2
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\bbeeg.tmp
C:\WINDOWS\system32\bmxcqail.dll
C:\WINDOWS\system32\ehtnptfg.dll
C:\WINDOWS\system32\evrjphfe.dll
C:\WINDOWS\system32\fgpgrdbr.dll
C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\gmefngje.dll
C:\WINDOWS\system32\gttxwcwo.dll
C:\WINDOWS\system32\gygcnmoh.dll
C:\WINDOWS\system32\homncgyg.ini
C:\WINDOWS\system32\hvuttfkp.dll
C:\WINDOWS\system32\hxmqgeng.dll
C:\WINDOWS\system32\lqpbcvve.dll
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\mrdavydn.dll
C:\WINDOWS\system32\vsddlvqv.dll
C:\WINDOWS\system32\wqeopqly.dll

.
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))))))))
.

2007-12-04 17:15 . 2007-12-04 17:56 <REP> d-------- C:\VundoFix Backups
2007-12-04 17:13 . 2007-12-04 17:57 <REP> d-------- C:\hijackthis
2007-12-04 17:09 . 2007-12-04 17:09 <REP> d-------- C:\Program Files\Trend Micro
2007-12-03 21:01 . 2007-12-04 16:32 808,579 ---hs---- C:\WINDOWS\system32\ouumroir.ini
2007-12-03 16:50 . 2007-12-03 16:50 <REP> d-------- C:\WINDOWS\report
2007-12-03 16:49 . 2007-12-03 16:49 <REP> d-------- C:\WINDOWS\AU_Backup
2007-12-03 16:49 . 2007-12-03 16:49 39,811,417 --a------ C:\WINDOWS\VPTNFILE.857
2007-12-03 16:49 . 2007-12-03 16:49 39,811,417 --a------ C:\WINDOWS\LPT$VPN.857
2007-12-03 16:49 . 2007-12-03 16:49 1,899,383 --a------ C:\WINDOWS\tsc.ptn
2007-12-03 16:49 . 2007-12-03 16:49 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
2007-12-03 16:49 . 2007-12-03 16:49 267,845 --a------ C:\WINDOWS\tsc.exe
2007-12-03 16:49 . 2007-12-03 16:49 86,094 --a------ C:\WINDOWS\BPMNT.dll
2007-12-03 16:49 . 2007-12-03 16:49 71,749 --a------ C:\WINDOWS\hcextoutput.dll
2007-12-03 16:49 . 2007-12-03 17:45 823 --a------ C:\WINDOWS\tsc.ini
2007-12-03 16:47 . 2007-12-03 16:49 <REP> d-------- C:\WINDOWS\AU_Temp
2007-12-03 16:47 . 2007-12-03 16:47 <REP> d-------- C:\WINDOWS\AU_Log
2007-12-03 16:47 . 2007-12-03 16:47 170 --a------ C:\WINDOWS\GetServer.ini
2007-12-03 16:46 . 2007-12-03 16:46 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
2007-12-03 16:46 . 2007-12-03 16:46 286,720 --a------ C:\WINDOWS\PATCH.EXE
2007-12-03 16:46 . 2007-12-03 16:46 69,689 --a------ C:\WINDOWS\UNZIP.DLL
2007-12-03 16:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-12-03 16:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-03 16:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-12-02 19:51 . 2007-12-02 19:51 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2007-12-02 19:49 . 2007-12-02 19:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-02 19:35 . 2007-12-02 19:37 <REP> d-------- C:\WINDOWS\system32\fr-fr
2007-12-02 19:16 . 2007-12-02 19:38 1,374 --a------ C:\WINDOWS\imsins.BAK
2007-12-02 19:14 . 2007-08-20 10:59 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2007-12-02 19:14 . 2007-04-17 10:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-12-02 19:14 . 2007-03-08 06:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2007-12-02 19:14 . 2007-08-20 10:59 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-12-02 19:14 . 2007-08-20 10:59 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-12-02 19:14 . 2007-08-20 10:59 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2007-12-02 19:14 . 2007-08-20 10:59 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2007-12-02 19:14 . 2007-08-20 10:59 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-12-02 19:14 . 2006-10-27 15:09 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2007-12-02 19:14 . 2007-08-17 11:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-01 10:31 . 2007-12-01 10:31 <REP> d-------- C:\Program Files\Guitar Pro 5
2007-11-30 17:34 . 2007-11-30 17:34 <REP> d-------- C:\Team17
2007-11-27 17:14 . 2007-11-30 17:56 <REP> d-------- C:\Liero Xtreme
2007-11-27 16:35 . 2007-11-27 16:35 <REP> d-------- C:\Documents and Settings\aubouin\Application Data\Uniblue
2007-11-26 21:30 . 2007-11-26 21:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-26 21:19 . 2007-11-26 21:19 <REP> d-------- C:\Program Files\CCleaner
2007-11-25 18:09 . 2007-11-25 18:08 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-11-25 18:09 . 2007-11-25 18:09 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-25 18:08 . 2007-11-25 18:08 <REP> d-------- C:\WINDOWS\system32\LogFiles
2007-11-25 18:08 . 2007-11-25 18:08 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-11-25 17:34 . 2007-11-27 16:24 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-25 17:34 . 2007-11-25 17:34 <REP> d-------- C:\Documents and Settings\aubouin\Application Data\SUPERAntiSpyware.com
2007-11-25 17:34 . 2007-11-25 17:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-24 19:50 . 2007-11-24 19:50 <REP> d-------- C:\etmain
2007-11-24 19:50 . 2007-11-24 19:50 <REP> d-------- C:\Creations [RW]
2007-11-24 19:50 . 2007-11-24 19:50 49,891 --a------ C:\Uninstal.exe
2007-11-24 12:34 . 2007-11-24 12:37 <REP> d-------- C:\Documents and Settings\aubouin\Citrix
2007-11-24 12:34 . 2007-11-24 12:34 81 --a------ C:\CTX.DAT
2007-11-24 12:29 . 2007-11-24 12:29 <REP> d-------- C:\WINDOWS\system32\Resource
2007-11-24 12:29 . 2007-11-24 12:29 <REP> d-------- C:\Program Files\Citrix
2007-11-24 11:58 . 2007-11-24 11:58 <REP> d-------- C:\Documents and Settings\aubouin\.tuxguitar
2007-11-24 11:57 . 2007-11-24 11:57 <REP> d-------- C:\Program Files\tuxguitar-0.9.1
2007-11-23 16:38 . 2007-11-23 16:40 <REP> d-------- C:\WINDOWS\$regcmp$
2007-11-21 20:57 . 2007-11-21 20:57 <REP> d-------- C:\Program Files\Musicmatch
2007-11-21 20:57 . 2007-11-21 20:57 <REP> d-------- C:\Documents and Settings\aubouin\Application Data\Musicmatch
2007-11-21 20:57 . 2005-05-10 15:04 503,808 --a------ C:\WINDOWS\system32\msvc563d.rra
2007-11-21 19:24 . 2007-11-21 19:24 <REP> d-------- C:\Program Files\Registry Clean Expert
2007-11-18 14:10 . 2007-11-18 14:10 <REP> d-------- C:\OEMCUST
2007-11-11 16:55 . 2007-11-11 16:55 32 --a------ C:\WINDOWS\banana.ini
2007-11-10 20:51 . 2007-11-11 11:12 <REP> d-------- C:\Documents and Settings\aubouin\Application Data\Shareaza
2007-11-10 19:15 . 2007-12-04 18:10 <REP> d-------- C:\Program Files\Best_Security_Tips
2007-11-10 19:14 . 2007-11-23 19:51 0 --a------ C:\WINDOWS\system32\efcdedb.dll
2007-11-10 19:13 . 2007-11-23 19:51 0 --a------ C:\WINDOWS\system32\rqrstrr.dll
2007-11-05 20:17 . 2007-11-30 16:34 <REP> d-------- C:\Documents and Settings\aubouin\Application Data\DMCache
2007-11-05 17:38 . 2007-11-05 17:38 <REP> d-------- C:\soldatmapmaker
2007-11-05 14:53 . 2007-12-01 19:29 <REP> d-------- C:\Program Files\World of Warcraft
2007-11-05 11:18 . 2007-11-05 11:18 <REP> d-------- C:\Program Files\RPG Maker 2003
2007-11-04 18:58 . 2007-11-04 18:58 <REP> d-------- C:\Documents and Settings\aubouin\Application Data\Soldat
2007-11-04 12:01 . 2007-11-11 11:12 <REP> d-------- C:\Program Files\Shareaza

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 17:49 --------- d-----w C:\Program Files\Packard Bell EverSafe
2007-12-04 17:41 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-12-04 15:41 --------- d-----w C:\Program Files\Mozilla Thunderbird
2007-12-03 20:43 --------- d-----w C:\Program Files\Microsoft SQL Server
2007-12-02 19:24 --------- d-----w C:\Documents and Settings\aubouin\Application Data\uTorrent
2007-12-02 19:24 --------- d-----w C:\Documents and Settings\aubouin\Application Data\LimeWire
2007-12-02 19:24 --------- d-----w C:\Documents and Settings\aubouin\Application Data\Azureus
2007-12-02 19:23 --------- d-----w C:\Documents and Settings\aubouin\Application Data\Canon
2007-12-02 18:50 --------- d-----w C:\Program Files\Windows Live
2007-11-30 16:35 --------- d-----w C:\Program Files\directx
2007-11-26 20:19 --------- d-----w C:\Program Files\Yahoo!
2007-11-25 16:33 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
2007-11-24 18:16 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
2007-11-22 18:14 --------- d-----w C:\Program Files\Norton Internet Security
2007-11-21 19:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-11 17:54 --------- d-----w C:\Program Files\Street Fighter Online
2007-11-10 18:18 --------- d-----w C:\Program Files\Tweak-XP Pro 4
2007-11-10 18:15 --------- d-----w C:\Program Files\Common Files
2007-11-05 21:09 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
2007-11-04 11:14 10 ----a-w C:\Program Files\.autoreg
2007-10-31 11:12 --------- d-----w C:\Program Files\Game Vindicator
2007-10-31 08:31 --------- d-s---w C:\Program Files\Xfire
2007-10-30 17:03 --------- d-----w C:\Documents and Settings\aubouin\Application Data\Xfire
2007-10-30 16:44 --------- d-----w C:\Documents and Settings\aubouin\Application Data\Bioshock
2007-10-30 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2007-10-30 16:20 --------- d-----w C:\Program Files\GALA-NET
2007-10-30 10:16 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
2007-10-29 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-10-29 17:58 --------- d-----w C:\Program Files\MSN Messenger
2007-10-29 17:58 --------- d-----w C:\Program Files\Messenger Plus! Live
2007-10-29 14:19 --------- d--h--r C:\Documents and Settings\aubouin\Application Data\SecuROM
2007-10-29 14:19 --------- d-----w C:\Program Files\BoontyGames
2007-10-29 10:31 --------- d-----w C:\Program Files\Sauerbraten
2007-10-29 09:39 --------- d-----w C:\Program Files\Mario Forever
2007-10-22 19:53 --------- d-----w C:\Documents and Settings\aubouin\Application Data\EPSON
2007-10-21 17:16 --------- d-----w C:\Program Files\Diablo II
2007-10-21 17:15 --------- d-----w C:\Program Files\Fichiers communs\WhenU
2007-10-21 17:14 --------- d-----w C:\Program Files\Azureus
2007-10-21 17:05 --------- d-----w C:\Program Files\The All-Seeing Eye
2007-10-21 16:57 --------- d-----w C:\Documents and Settings\aubouin\Application Data\Hamachi
2007-10-21 16:49 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-10-21 16:10 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-10-20 11:16 --------- d-----w C:\Program Files\CDBurnerXP Pro 3
2007-10-20 09:46 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2007-10-20 09:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
2007-10-20 09:40 --------- d-----w C:\Program Files\EPSON
2007-10-20 09:37 --------- d-----w C:\Documents and Settings\aubouin\Application Data\InstallShield
2007-10-20 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2007-10-17 18:26 --------- d-----w C:\Program Files\Auralog
2007-10-17 11:51 --------- d-----w C:\Program Files\Mindscape
2007-10-10 12:52 --------- d-----w C:\Program Files\Micro Application
2007-10-07 08:49 --------- d-----w C:\Documents and Settings\aubouin\Application Data\DivX
2007-10-07 08:46 --------- d-----w C:\Program Files\Google
2007-10-05 15:48 --------- d-----w C:\Documents and Settings\aubouin\Application Data\OpenArena
2007-10-05 14:24 --------- d-----w C:\Program Files\Warcraft III
2007-08-21 07:33 87,608 -c--a-w C:\Documents and Settings\aubouin\Application Data\ezpinst.exe
2007-08-21 07:33 47,360 -c--a-w C:\Documents and Settings\aubouin\Application Data\pcouffin.sys
2007-08-11 20:00 39,560 ----a-w C:\Documents and Settings\aubouin\Application Data\GDIPFONTCACHEV1.DAT
2005-05-13 15:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 09:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-13 19:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
2006-04-27 08:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"Update Service"="C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe" [2004-02-11 15:23]
"EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [2007-03-01 07:01]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 21:10]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31]
"NovaNet-WEB Tray Control"="C:\Program Files\Packard Bell EverSafe\TrayControl.exe" [2003-07-21 14:20]
"VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 10:33]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-06 20:41]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08]
"LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 00:12]
"Realtime Audio Engine"="mmrtkrnl.exe" [2002-04-29 21:22 C:\WINDOWS\system32\MMRTKRNL.EXE]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-04 12:07]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-08-03 16:29]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 0 (0x0)
"DisableChangePassword"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R0 Ramdisk;Ramdisk Driver;C:\WINDOWS\system32\DRIVERS\ramdsk.sys
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys
R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys
R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys
R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys
S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys
S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
S3 sony_ssm.sys;sony_ssm.sys;\??\C:\DOCUME~1\aubouin\LOCALS~1\Temp\sony_ssm.sys

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2007-11-30 18:01:04 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2007-11-30 19:00:24 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - aubouin.job"
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 18:50:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
Completion time: 2007-12-04 18:53:38 - machine was rebooted
.
--- E O F ---

et dernier rapport bonne chance et merci de m' aider
0
Réponse 13 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
4 déc. 2007 à 19:10
recolle un rapport hijakthis svp
0
Réponse 14 / 22
nimava Messages postés 32 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 14 décembre 2008 3
4 déc. 2007 à 20:55
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:53:04, on 04/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\apps\ABoard\ABoard.exe
C:\Program Files\Packard Bell EverSafe\TrayControl.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
C:\apps\ABoard\AOSD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\UAService7.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
O4 - HKLM\..\Run: [NovaNet-WEB Tray Control] C:\Program Files\Packard Bell EverSafe\TrayControl.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S1C0.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROProj.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/2.0.0.33/player.virtools.com/downloads/player/Install2.0/Installer.exe
O18 - Protocol: bw+0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
0
Réponse 15 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
4 déc. 2007 à 21:06
pour avancer , je regarderai tout demain , combofix , hijackthis et le scan en ligne

colle le rapport d'un scan en ligne
avec

Panda en ligne :
http://pandasoftware.fr
0
Réponse 16 / 22
david1970 Messages postés 55 Date d'inscription dimanche 2 décembre 2007 Statut Membre Dernière intervention 5 janvier 2008
4 déc. 2007 à 21:20
wawwww je prefre kaspersky internet security 7
0
Réponse 17 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
4 déc. 2007 à 22:48
colle le rapport d'un scan en ligne(desactive ton antivirus si besoin)

avec

Panda en ligne :
http://pandasoftware.fr


a demain

et dis moi si tu as encore des problemes doonnés par norton
0
Réponse 18 / 22
nimava Messages postés 32 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 14 décembre 2008 3
5 déc. 2007 à 16:33
;***********************************************************************************************************************************************************************************
ANALYSIS: 2007-12-05 16:27:53
PROTECTIONS: 1
MALWARE: 22
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Norton Internet Security 2006 2006 Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00039703 Application/Pskill.A HackTools No 0 Yes No C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE
00039703 Application/Pskill.A HackTools No 0 Yes No C:\WINDOWS\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE]
00039703 Application/Pskill.A HackTools No 0 Yes No C:\WINDOWS\system\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE]
00040735 adware/whenusearch Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}
00040735 adware/whenusearch Adware No 0 Yes No c:\program files\fichiers communs\whenu
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.doubleclick.net/]
00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\aubouin\Bureau\Raccourcis Bureau non utilisés\VirtumundoBeGone.exe[²ƒÇ]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.fastclick.net/]
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.fastclick.net/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.xiti.com/]
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Cookies\aubouin@xiti[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.statcounter.com/]
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.apmebf.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.serving-sys.com/]
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.serving-sys.com/]
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.bs.serving-sys.com/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.weborama.fr/]
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.weborama.fr/]
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[statse.webtrendslive.com/]
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.overture.com/]
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.zedo.com/]
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.bluestreak.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.adultfriendfinder.com/]
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.adultfriendfinder.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.smartadserver.com/]
00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.smartadserver.com/]
00518896 Adware/MovieBox Adware No 0 Yes No C:\qoobox\Quarantine\C\Program Files\MovieBox\Uninstall.exe.vir
00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\aubouin\Bureau\Raccourcis Bureau non utilisés\VirtumundoBeGone.exe
00580604 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\MMRTKRNL.EXE
01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
01262593 Application/NirCmd.A HackTools No 0 No No C:\RECYCLER\S-1-5-21-2946522079-3443008408-2663697209-1007\Dc1.exe[nircmd.exe]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
01262593 Application/NirCmd.A HackTools No 0 No No C:\RECYCLER\S-1-5-21-2946522079-3443008408-2663697209-1007\Dc1.exe[nircmd.cfexe]
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================

voila pour panda en ligne (dommage que pour désinfecter faut payer^^)
0
Réponse 19 / 22
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
5 déc. 2007 à 16:58
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".


O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

____________________

vire ce qui est en quarantaine en allant dans poste de travail puis C puis qoobox

C:\qoobox\Quarantine\


_________________


télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :


c:\program files\fichiers communs\whenu
C:\qoobox\Quarantine\C\Program Files\MovieBox\Uninstall.exe.vir
C:\WINDOWS\SYSTEM32\MMRTKRNL.EXE
C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll


clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

_______________________

vire ce qui est dans moved files en allant dans poste de travail puis C....

C:\_OTMoveIt\MovedFiles

_________________________

desinstalle vundofix, virtubeogone, combofix
_________________________

utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

_________________________

nettoie ton registre avec regcleaner
http://manuelsdaide.com/RegCleaner/RegCleaner.htm
__________________________

colle un rapport de ton antivirus norton pour verifier si il reste des infection
0
Réponse 20 / 22
nimava Messages postés 32 Date d'inscription mardi 4 décembre 2007 Statut Membre Dernière intervention 14 décembre 2008 3
5 déc. 2007 à 17:49
c:\program files\fichiers communs\whenu moved successfully.
File/Folder C:\qoobox\Quarantine\C\Program Files\MovieBox\Uninstall.exe.vir not found.
C:\WINDOWS\SYSTEM32\MMRTKRNL.EXE moved successfully.
DllUnregisterServer procedure not found in C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll NOT unregistered.
C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll moved successfully.

Created on 12/05/2007 17:33:56

voila pour OTmoveIT ( pas de demande de redémarer le PC)

si je met un rapport d' ad-Aware 2007 sa va ? (je préfére plus rapide et je pense qu' il n'est pas moins efficace )
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses