Norton alerte virus intempestif

Résolu
nimava Messages postés 32 Statut Membre -  
nimava Messages postés 32 Statut Membre -
Bonjour,
c'est mon premier message sur ce forum j' espére que je serais assez précis.
j'ai norton internet security (2004 ou 2005) et depuis que j' arrive à ma fin d' abonement norton me trouve des virus( alors que je n'ai jamais eu de probléme depuis que je l'ai eu ).
Et vu que mon PC date un peu mon PC rame ... et c'est assez énervant. pourtant quand je lance des analyse avec secuser ou adward SE il ne me trouve rien.
norton me trouve downloader et trojan.vundo si vous connaissez c'est programme (ou virus) est-ce que vous pouvez me le dire.

ps : je vais changé d' antivirus à la fin de mon abonement. Je pensais à kapersky mais peut-être un peu cher ? ou sinon antivir mais est-ce que antivir suffit ou faut mettre d'autres programmes avec pour avoir un maximum de protection.
désolé pour les fautes d' orthographes , je n' ai jamais été trés fort.
Configuration: Windows XP
Firefox 2.0.0.11

22 réponses

  • 1
  • 2
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    vundo est un espion

    __________________

    norton est moyen comme antivirus , je te conseille plutot g data ou bitdefender ou kaspersky
    ______________

    colle un rapport hijackthis

    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."

    _________________

    scan avec vundofix (colle le rapport)

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    Double cliquez VundoFix.exe pour l'exécuter.
    Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
    Une fois le scan fini, cliquez sur le bouton Remove Vundo.
    Vous recevrez un avertissement vous demandant si vous voulez effacer ces
    fichiers répondez en cliquant sur YES
    Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
    enlève Vundo.

    Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
    OK.
    ____________________

    puis :

    virtumondebegone (colle le rapport)

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    _____________________

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    0
  2. nimava Messages postés 32 Statut Membre 3
     
    je fais un rapport avec hijackthis ?
    sinon vundoFix est en route
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    oui colle le rapport hijackthis avant pour pouvoir voir l'evolution
    a plus
    0
  4. nimava Messages postés 32 Statut Membre 3
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:57:52, on 04/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\Packard Bell EverSafe\TrayControl.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\aubouin\Bureau\VundoFix.exe
    C:\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.free.fr/search/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*https://fr.yahoo.com/?p=us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes1.dll
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 91.121.124.125 eu.logon.worldofwarcraft.com
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Best Security Tips Toolbar - {da30eff8-ccc6-4162-a20d-67402a26a215} - C:\Program Files\Best_Security_Tips\tbBes1.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [NovaNet-WEB Tray Control] C:\Program Files\Packard Bell EverSafe\TrayControl.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu880.exe 61A847B5BBF7281A3A9B284503996897C881250221C8670836AC4FA7C8833201749139
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ec5b77bc] rundll32.exe "C:\WINDOWS\system32\gygcnmoh.dll",b
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S1C0.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROProj.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/2.0.0.33/player.virtools.com/downloads/player/Install2.0/Installer.exe
    O18 - Protocol: bw+0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok fais la suite

    tu desinstallera via ton panneau de configuration:

    Best Security Tips Toolbar

    ______________________

    a la fin recolle un rapport hijakthis en le renommant cette fois pour ne pas masquer d'infection vundo

    a plus
    0
  7. nimava Messages postés 32 Statut Membre 3
     
    est-ce que c'est normal que vundoFix reste longtemps aprés qu' on est cliquer sur removing sa fait 10 minute la et je commence à perdre patience.
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    oui ca peut prendre du temps
    0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    qui es tu ????

    tu te fais passer pour lyonnais 92 ????
    0
  10. nimava Messages postés 32 Statut Membre 3
     
    lyonnais92 kapersky est cher ... et j'ai pas envie de mettre beaucoup d' argent dedans.

    par contre jlpjlp en désintallant best security j'ai ( sans faire exprés ) redémarrer mon PC je dois relancer un nouvelle analyse avec vunderfix ou je peux remov tout de suite ?
    0
    1. Lyonnais92 Messages postés 25708 Statut Contributeur sécurité 1 537
       
      Bonjour et désolé,

      quelqu'un cherche à me nuire (bêtement d'ailleurs).

      Je ne propose jamais un antivirus payant si on ne me demande pas explicitement mon avis..
      0
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    passe a la suite

    virtumondebegone (colle le rapport)

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    _____________________

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    0
  12. nimava Messages postés 32 Statut Membre 3
     
    [12/04/2007, 18:24:17] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\aubouin\Bureau\VirtumundoBeGone.exe" )
    [12/04/2007, 18:24:23] - Detected System Information:
    [12/04/2007, 18:24:23] - Windows Version: 5.1.2600, Service Pack 2
    [12/04/2007, 18:24:23] - Current Username: aubouin (Admin)
    [12/04/2007, 18:24:23] - Windows is in NORMAL mode.
    [12/04/2007, 18:24:23] - Searching for Browser Helper Objects:
    [12/04/2007, 18:24:23] - BHO 1: {02478D38-C3F9-4EFB-9B51-7695ECA05670} (Yahoo! Toolbar Helper)
    [12/04/2007, 18:24:23] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
    [12/04/2007, 18:24:23] - BHO 3: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
    [12/04/2007, 18:24:23] - BHO 4: {7E853D72-626A-48EC-A868-BA8D5E23E045} ()
    [12/04/2007, 18:24:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/04/2007, 18:24:23] - No filename found. Continuing.
    [12/04/2007, 18:24:23] - BHO 5: {9394EDE7-C8B5-483E-8773-474BF36AF6E4} (ST)
    [12/04/2007, 18:24:23] - BHO 6: {94e3e326-58b5-4d8f-a5a1-59f9d6ca37d5} ()
    [12/04/2007, 18:24:23] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/04/2007, 18:24:23] - Checking for HKLM\...\Winlogon\Notify\lqpbcvve
    [12/04/2007, 18:24:24] - Key not found: HKLM\...\Winlogon\Notify\lqpbcvve, continuing.
    [12/04/2007, 18:24:24] - BHO 7: {9ECB9560-04F9-4bbc-943D-298DDF1699E1} (CNisExtBho Class)
    [12/04/2007, 18:24:24] - BHO 8: {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} (CNavExtBho Class)
    [12/04/2007, 18:24:24] - BHO 9: {B6E4153E-4422-418D-A6C2-8D0FBCD3E793} ()
    [12/04/2007, 18:24:24] - WARNING: BHO has no default name. Checking for Winlogon reference.
    [12/04/2007, 18:24:24] - Checking for HKLM\...\Winlogon\Notify\geebb
    [12/04/2007, 18:24:24] - Key not found: HKLM\...\Winlogon\Notify\geebb, continuing.
    [12/04/2007, 18:24:24] - BHO 10: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (MSNToolBandBHO)
    [12/04/2007, 18:24:24] - BHO 11: {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} (EpsonToolBandKicker Class)
    [12/04/2007, 18:24:24] - Finished Searching Browser Helper Objects
    [12/04/2007, 18:24:24] - Finishing up...
    [12/04/2007, 18:24:24] - Nothing found! Exiting...

    voila

    ps : lyonnais c'est pas ilégal d'utiliser des clé qui ne sont pas acheter
    0
  13. nimava Messages postés 32 Statut Membre 3
     
    ComboFix 07-12-02.6 - aubouin 2007-12-04 18:33:26.1 - NTFSx86
    Running from: C:\Documents and Settings\aubouin\Bureau\ComboFix.exe
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\moviebox
    C:\Program Files\moviebox\Uninstall.exe
    C:\WINDOWS\mrofinu880.exe
    C:\WINDOWS\system32\baartcuf.dll
    C:\WINDOWS\system32\bbeeg.bak1
    C:\WINDOWS\system32\bbeeg.bak2
    C:\WINDOWS\system32\bbeeg.ini
    C:\WINDOWS\system32\bbeeg.ini2
    C:\WINDOWS\system32\bbeeg.tmp
    C:\WINDOWS\system32\bmxcqail.dll
    C:\WINDOWS\system32\ehtnptfg.dll
    C:\WINDOWS\system32\evrjphfe.dll
    C:\WINDOWS\system32\fgpgrdbr.dll
    C:\WINDOWS\system32\geebb.dll
    C:\WINDOWS\system32\gmefngje.dll
    C:\WINDOWS\system32\gttxwcwo.dll
    C:\WINDOWS\system32\gygcnmoh.dll
    C:\WINDOWS\system32\homncgyg.ini
    C:\WINDOWS\system32\hvuttfkp.dll
    C:\WINDOWS\system32\hxmqgeng.dll
    C:\WINDOWS\system32\lqpbcvve.dll
    C:\WINDOWS\system32\MabryObj.dll
    C:\WINDOWS\system32\mrdavydn.dll
    C:\WINDOWS\system32\vsddlvqv.dll
    C:\WINDOWS\system32\wqeopqly.dll

    .
    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-04 to 2007-12-04 ))))))))))))))))))))))))))))))))))))
    .

    2007-12-04 17:15 . 2007-12-04 17:56 <REP> d-------- C:\VundoFix Backups
    2007-12-04 17:13 . 2007-12-04 17:57 <REP> d-------- C:\hijackthis
    2007-12-04 17:09 . 2007-12-04 17:09 <REP> d-------- C:\Program Files\Trend Micro
    2007-12-03 21:01 . 2007-12-04 16:32 808,579 ---hs---- C:\WINDOWS\system32\ouumroir.ini
    2007-12-03 16:50 . 2007-12-03 16:50 <REP> d-------- C:\WINDOWS\report
    2007-12-03 16:49 . 2007-12-03 16:49 <REP> d-------- C:\WINDOWS\AU_Backup
    2007-12-03 16:49 . 2007-12-03 16:49 39,811,417 --a------ C:\WINDOWS\VPTNFILE.857
    2007-12-03 16:49 . 2007-12-03 16:49 39,811,417 --a------ C:\WINDOWS\LPT$VPN.857
    2007-12-03 16:49 . 2007-12-03 16:49 1,899,383 --a------ C:\WINDOWS\tsc.ptn
    2007-12-03 16:49 . 2007-12-03 16:49 1,163,344 --a------ C:\WINDOWS\vsapi32.dll
    2007-12-03 16:49 . 2007-12-03 16:49 267,845 --a------ C:\WINDOWS\tsc.exe
    2007-12-03 16:49 . 2007-12-03 16:49 86,094 --a------ C:\WINDOWS\BPMNT.dll
    2007-12-03 16:49 . 2007-12-03 16:49 71,749 --a------ C:\WINDOWS\hcextoutput.dll
    2007-12-03 16:49 . 2007-12-03 17:45 823 --a------ C:\WINDOWS\tsc.ini
    2007-12-03 16:47 . 2007-12-03 16:49 <REP> d-------- C:\WINDOWS\AU_Temp
    2007-12-03 16:47 . 2007-12-03 16:47 <REP> d-------- C:\WINDOWS\AU_Log
    2007-12-03 16:47 . 2007-12-03 16:47 170 --a------ C:\WINDOWS\GetServer.ini
    2007-12-03 16:46 . 2007-12-03 16:46 507,904 --a------ C:\WINDOWS\TMUPDATE.DLL
    2007-12-03 16:46 . 2007-12-03 16:46 286,720 --a------ C:\WINDOWS\PATCH.EXE
    2007-12-03 16:46 . 2007-12-03 16:46 69,689 --a------ C:\WINDOWS\UNZIP.DLL
    2007-12-03 16:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2007-12-03 16:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
    2007-12-03 16:23 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2007-12-02 19:51 . 2007-12-02 19:51 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-02 19:49 . 2007-12-02 19:49 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-02 19:35 . 2007-12-02 19:37 <REP> d-------- C:\WINDOWS\system32\fr-fr
    2007-12-02 19:16 . 2007-12-02 19:38 1,374 --a------ C:\WINDOWS\imsins.BAK
    2007-12-02 19:14 . 2007-08-20 10:59 6,058,496 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
    2007-12-02 19:14 . 2007-04-17 10:32 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
    2007-12-02 19:14 . 2007-03-08 06:10 1,048,576 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
    2007-12-02 19:14 . 2007-08-20 10:59 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
    2007-12-02 19:14 . 2007-08-20 10:59 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
    2007-12-02 19:14 . 2007-08-20 10:59 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
    2007-12-02 19:14 . 2007-08-20 10:59 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
    2007-12-02 19:14 . 2007-08-20 10:59 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
    2007-12-02 19:14 . 2006-10-27 15:09 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
    2007-12-02 19:14 . 2007-08-17 11:20 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
    2007-12-01 10:31 . 2007-12-01 10:31 <REP> d-------- C:\Program Files\Guitar Pro 5
    2007-11-30 17:34 . 2007-11-30 17:34 <REP> d-------- C:\Team17
    2007-11-27 17:14 . 2007-11-30 17:56 <REP> d-------- C:\Liero Xtreme
    2007-11-27 16:35 . 2007-11-27 16:35 <REP> d-------- C:\Documents and Settings\aubouin\Application Data\Uniblue
    2007-11-26 21:30 . 2007-11-26 21:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2007-11-26 21:19 . 2007-11-26 21:19 <REP> d-------- C:\Program Files\CCleaner
    2007-11-25 18:09 . 2007-11-25 18:08 103,736 --a------ C:\WINDOWS\system32\PnkBstrB.exe
    2007-11-25 18:09 . 2007-11-25 18:09 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2007-11-25 18:08 . 2007-11-25 18:08 <REP> d-------- C:\WINDOWS\system32\LogFiles
    2007-11-25 18:08 . 2007-11-25 18:08 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
    2007-11-25 17:34 . 2007-11-27 16:24 <REP> d-------- C:\Program Files\SUPERAntiSpyware
    2007-11-25 17:34 . 2007-11-25 17:34 <REP> d-------- C:\Documents and Settings\aubouin\Application Data\SUPERAntiSpyware.com
    2007-11-25 17:34 . 2007-11-25 17:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
    2007-11-24 19:50 . 2007-11-24 19:50 <REP> d-------- C:\etmain
    2007-11-24 19:50 . 2007-11-24 19:50 <REP> d-------- C:\Creations [RW]
    2007-11-24 19:50 . 2007-11-24 19:50 49,891 --a------ C:\Uninstal.exe
    2007-11-24 12:34 . 2007-11-24 12:37 <REP> d-------- C:\Documents and Settings\aubouin\Citrix
    2007-11-24 12:34 . 2007-11-24 12:34 81 --a------ C:\CTX.DAT
    2007-11-24 12:29 . 2007-11-24 12:29 <REP> d-------- C:\WINDOWS\system32\Resource
    2007-11-24 12:29 . 2007-11-24 12:29 <REP> d-------- C:\Program Files\Citrix
    2007-11-24 11:58 . 2007-11-24 11:58 <REP> d-------- C:\Documents and Settings\aubouin\.tuxguitar
    2007-11-24 11:57 . 2007-11-24 11:57 <REP> d-------- C:\Program Files\tuxguitar-0.9.1
    2007-11-23 16:38 . 2007-11-23 16:40 <REP> d-------- C:\WINDOWS\$regcmp$
    2007-11-21 20:57 . 2007-11-21 20:57 <REP> d-------- C:\Program Files\Musicmatch
    2007-11-21 20:57 . 2007-11-21 20:57 <REP> d-------- C:\Documents and Settings\aubouin\Application Data\Musicmatch
    2007-11-21 20:57 . 2005-05-10 15:04 503,808 --a------ C:\WINDOWS\system32\msvc563d.rra
    2007-11-21 19:24 . 2007-11-21 19:24 <REP> d-------- C:\Program Files\Registry Clean Expert
    2007-11-18 14:10 . 2007-11-18 14:10 <REP> d-------- C:\OEMCUST
    2007-11-11 16:55 . 2007-11-11 16:55 32 --a------ C:\WINDOWS\banana.ini
    2007-11-10 20:51 . 2007-11-11 11:12 <REP> d-------- C:\Documents and Settings\aubouin\Application Data\Shareaza
    2007-11-10 19:15 . 2007-12-04 18:10 <REP> d-------- C:\Program Files\Best_Security_Tips
    2007-11-10 19:14 . 2007-11-23 19:51 0 --a------ C:\WINDOWS\system32\efcdedb.dll
    2007-11-10 19:13 . 2007-11-23 19:51 0 --a------ C:\WINDOWS\system32\rqrstrr.dll
    2007-11-05 20:17 . 2007-11-30 16:34 <REP> d-------- C:\Documents and Settings\aubouin\Application Data\DMCache
    2007-11-05 17:38 . 2007-11-05 17:38 <REP> d-------- C:\soldatmapmaker
    2007-11-05 14:53 . 2007-12-01 19:29 <REP> d-------- C:\Program Files\World of Warcraft
    2007-11-05 11:18 . 2007-11-05 11:18 <REP> d-------- C:\Program Files\RPG Maker 2003
    2007-11-04 18:58 . 2007-11-04 18:58 <REP> d-------- C:\Documents and Settings\aubouin\Application Data\Soldat
    2007-11-04 12:01 . 2007-11-11 11:12 <REP> d-------- C:\Program Files\Shareaza

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-12-04 17:49 --------- d-----w C:\Program Files\Packard Bell EverSafe
    2007-12-04 17:41 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2007-12-04 15:41 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2007-12-03 20:43 --------- d-----w C:\Program Files\Microsoft SQL Server
    2007-12-02 19:24 --------- d-----w C:\Documents and Settings\aubouin\Application Data\uTorrent
    2007-12-02 19:24 --------- d-----w C:\Documents and Settings\aubouin\Application Data\LimeWire
    2007-12-02 19:24 --------- d-----w C:\Documents and Settings\aubouin\Application Data\Azureus
    2007-12-02 19:23 --------- d-----w C:\Documents and Settings\aubouin\Application Data\Canon
    2007-12-02 18:50 --------- d-----w C:\Program Files\Windows Live
    2007-11-30 16:35 --------- d-----w C:\Program Files\directx
    2007-11-26 20:19 --------- d-----w C:\Program Files\Yahoo!
    2007-11-25 16:33 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2007-11-24 18:16 --------- d-----w C:\Program Files\Wolfenstein - Enemy Territory
    2007-11-22 18:14 --------- d-----w C:\Program Files\Norton Internet Security
    2007-11-21 19:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-11 17:54 --------- d-----w C:\Program Files\Street Fighter Online
    2007-11-10 18:18 --------- d-----w C:\Program Files\Tweak-XP Pro 4
    2007-11-10 18:15 --------- d-----w C:\Program Files\Common Files
    2007-11-05 21:09 --------- d-----w C:\Program Files\Fichiers communs\Blizzard Entertainment
    2007-11-04 11:14 10 ----a-w C:\Program Files\.autoreg
    2007-10-31 11:12 --------- d-----w C:\Program Files\Game Vindicator
    2007-10-31 08:31 --------- d-s---w C:\Program Files\Xfire
    2007-10-30 17:03 --------- d-----w C:\Documents and Settings\aubouin\Application Data\Xfire
    2007-10-30 16:44 --------- d-----w C:\Documents and Settings\aubouin\Application Data\Bioshock
    2007-10-30 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
    2007-10-30 16:20 --------- d-----w C:\Program Files\GALA-NET
    2007-10-30 10:16 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
    2007-10-29 18:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
    2007-10-29 17:58 --------- d-----w C:\Program Files\MSN Messenger
    2007-10-29 17:58 --------- d-----w C:\Program Files\Messenger Plus! Live
    2007-10-29 14:19 --------- d--h--r C:\Documents and Settings\aubouin\Application Data\SecuROM
    2007-10-29 14:19 --------- d-----w C:\Program Files\BoontyGames
    2007-10-29 10:31 --------- d-----w C:\Program Files\Sauerbraten
    2007-10-29 09:39 --------- d-----w C:\Program Files\Mario Forever
    2007-10-22 19:53 --------- d-----w C:\Documents and Settings\aubouin\Application Data\EPSON
    2007-10-21 17:16 --------- d-----w C:\Program Files\Diablo II
    2007-10-21 17:15 --------- d-----w C:\Program Files\Fichiers communs\WhenU
    2007-10-21 17:14 --------- d-----w C:\Program Files\Azureus
    2007-10-21 17:05 --------- d-----w C:\Program Files\The All-Seeing Eye
    2007-10-21 16:57 --------- d-----w C:\Documents and Settings\aubouin\Application Data\Hamachi
    2007-10-21 16:49 26,056 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
    2007-10-21 16:10 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2007-10-20 11:16 --------- d-----w C:\Program Files\CDBurnerXP Pro 3
    2007-10-20 09:46 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
    2007-10-20 09:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
    2007-10-20 09:40 --------- d-----w C:\Program Files\EPSON
    2007-10-20 09:37 --------- d-----w C:\Documents and Settings\aubouin\Application Data\InstallShield
    2007-10-20 09:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
    2007-10-17 18:26 --------- d-----w C:\Program Files\Auralog
    2007-10-17 11:51 --------- d-----w C:\Program Files\Mindscape
    2007-10-10 12:52 --------- d-----w C:\Program Files\Micro Application
    2007-10-07 08:49 --------- d-----w C:\Documents and Settings\aubouin\Application Data\DivX
    2007-10-07 08:46 --------- d-----w C:\Program Files\Google
    2007-10-05 15:48 --------- d-----w C:\Documents and Settings\aubouin\Application Data\OpenArena
    2007-10-05 14:24 --------- d-----w C:\Program Files\Warcraft III
    2007-08-21 07:33 87,608 -c--a-w C:\Documents and Settings\aubouin\Application Data\ezpinst.exe
    2007-08-21 07:33 47,360 -c--a-w C:\Documents and Settings\aubouin\Application Data\pcouffin.sys
    2007-08-11 20:00 39,560 ----a-w C:\Documents and Settings\aubouin\Application Data\GDIPFONTCACHEV1.DAT
    2005-05-13 15:12 217,073 --sha-r C:\WINDOWS\meta4.exe
    2005-10-24 09:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
    2005-10-13 19:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
    2005-10-07 17:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
    2005-07-14 10:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
    2005-06-26 13:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
    2005-06-21 20:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
    2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\i420vfw.dll
    2006-04-27 08:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
    2005-02-28 11:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
    2004-01-24 22:00 70,656 --sha-r C:\WINDOWS\system32\yv12vfw.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
    "Update Service"="C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe" [2004-02-11 15:23]
    "EPSON Stylus DX4400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.exe" [2007-03-01 07:01]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe]
    "ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 21:10]
    "ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 11:31]
    "NovaNet-WEB Tray Control"="C:\Program Files\Packard Bell EverSafe\TrayControl.exe" [2003-07-21 14:20]
    "VCSPlayer"="C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe" [2003-08-13 10:33]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-06-06 20:41]
    "ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 11:08]
    "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 00:12]
    "Realtime Audio Engine"="mmrtkrnl.exe" [2002-04-29 21:22 C:\WINDOWS\system32\MMRTKRNL.EXE]
    "Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-09-04 12:07]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09]
    "ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [2006-08-03 16:29]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableLockWorkstation"= 0 (0x0)
    "DisableChangePassword"= 0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogoff"= 0 (0x0)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    R0 Ramdisk;Ramdisk Driver;C:\WINDOWS\system32\DRIVERS\ramdsk.sys
    R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
    R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys
    R2 MarxDev1;MarxDev1;C:\WINDOWS\system32\drivers\MarxDev1.sys
    R2 MarxDev2;MarxDev2;C:\WINDOWS\system32\drivers\MarxDev2.sys
    R2 MarxDev3;MarxDev3;C:\WINDOWS\system32\drivers\MarxDev3.sys
    S3 adiusbae;USB ADSL LAN Adapter;C:\WINDOWS\system32\DRIVERS\adiusbae.sys
    S3 ASPI;Advanced SCSI Programming Interface Driver;\??\C:\WINDOWS\System32\DRIVERS\ASPI32.sys
    S3 sony_ssm.sys;sony_ssm.sys;\??\C:\DOCUME~1\aubouin\LOCALS~1\Temp\sony_ssm.sys

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    *Newly Created Service* - COMHOST
    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-11-30 18:01:04 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
    "2007-11-30 19:00:24 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - aubouin.job"
    .
    **************************************************************************

    catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-12-04 18:50:14
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-12-04 18:53:38 - machine was rebooted
    .
    --- E O F ---

    et dernier rapport bonne chance et merci de m' aider
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    recolle un rapport hijakthis svp
    0
  15. nimava Messages postés 32 Statut Membre 3
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:53:04, on 04/12/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16544)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\apps\ABoard\ABoard.exe
    C:\Program Files\Packard Bell EverSafe\TrayControl.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe
    C:\apps\ABoard\AOSD.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\slserv.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp_wave/defaults/su/*https://fr.yahoo.com/?p=us
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: CNavExtBho Class - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
    O4 - HKLM\..\Run: [NovaNet-WEB Tray Control] C:\Program Files\Packard Bell EverSafe\TrayControl.exe
    O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [Realtime Audio Engine] mmrtkrnl.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Update Service] C:\PROGRA~1\FICHIE~1\TEKNUM~1\update.exe /startup
    O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE /FU "C:\WINDOWS\TEMP\E_S1C0.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROProj.dll
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=https://www.free.fr/freebox/index.html
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712/2.0.0.33/player.virtools.com/downloads/player/Install2.0/Installer.exe
    O18 - Protocol: bw+0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {32C91714-3D20-427C-8B9A-E04E8427848A} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
    O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour avancer , je regarderai tout demain , combofix , hijackthis et le scan en ligne

    colle le rapport d'un scan en ligne
    avec

    Panda en ligne :
    http://pandasoftware.fr
    0
  17. david1970 Messages postés 55 Statut Membre
     
    wawwww je prefre kaspersky internet security 7
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle le rapport d'un scan en ligne(desactive ton antivirus si besoin)

    avec

    Panda en ligne :
    http://pandasoftware.fr

    a demain

    et dis moi si tu as encore des problemes doonnés par norton
    0
  19. nimava Messages postés 32 Statut Membre 3
     
    ;***********************************************************************************************************************************************************************************
    ANALYSIS: 2007-12-05 16:27:53
    PROTECTIONS: 1
    MALWARE: 22
    SUSPECTS: 0
    ;***********************************************************************************************************************************************************************************
    PROTECTIONS
    Description Version Active Updated
    ;===================================================================================================================================================================================
    Norton Internet Security 2006 2006 Yes Yes
    ;===================================================================================================================================================================================
    MALWARE
    Id Description Type Active Severity Disinfectable Disinfected Location
    ;===================================================================================================================================================================================
    00039703 Application/Pskill.A HackTools No 0 Yes No C:\OEMCUST\TOOLS\WIN32\PSKILL.EXE
    00039703 Application/Pskill.A HackTools No 0 Yes No C:\WINDOWS\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE]
    00039703 Application/Pskill.A HackTools No 0 Yes No C:\WINDOWS\system\RESTORE.INS[C:/OEMCUST/TOOLS/WIN32/PSKILL.EXE]
    00040735 adware/whenusearch Adware No 0 Yes No HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B}
    00040735 adware/whenusearch Adware No 0 Yes No c:\program files\fichiers communs\whenu
    00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.doubleclick.net/]
    00139535 Application/Processor HackTools No 0 No No C:\Documents and Settings\aubouin\Bureau\Raccourcis Bureau non utilisés\VirtumundoBeGone.exe[²ƒÇ]
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.fastclick.net/]
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.fastclick.net/]
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.fastclick.net/]
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.fastclick.net/]
    00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.fastclick.net/]
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.xiti.com/]
    00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Cookies\aubouin@xiti[1].txt
    00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.statcounter.com/]
    00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.apmebf.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.serving-sys.com/]
    00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.serving-sys.com/]
    00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.bs.serving-sys.com/]
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.weborama.fr/]
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.weborama.fr/]
    00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.weborama.fr/]
    00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[statse.webtrendslive.com/]
    00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.overture.com/]
    00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.zedo.com/]
    00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.bluestreak.com/]
    00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.adultfriendfinder.com/]
    00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.adultfriendfinder.com/]
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.smartadserver.com/]
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.smartadserver.com/]
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.smartadserver.com/]
    00273339 Cookie/Smartadserver TrackingCookie No 0 Yes No C:\Documents and Settings\aubouin\Application Data\Mozilla\Firefox\Profiles\6d2wo0tv.Utilisateur par défaut\cookies.txt[.smartadserver.com/]
    00518896 Adware/MovieBox Adware No 0 Yes No C:\qoobox\Quarantine\C\Program Files\MovieBox\Uninstall.exe.vir
    00519333 Application/Processor HackTools No 0 Yes No C:\Documents and Settings\aubouin\Bureau\Raccourcis Bureau non utilisés\VirtumundoBeGone.exe
    00580604 Generic Trojan Virus/Trojan No 0 Yes No C:\WINDOWS\SYSTEM32\MMRTKRNL.EXE
    01048936 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
    01262593 Application/NirCmd.A HackTools No 0 No No C:\RECYCLER\S-1-5-21-2946522079-3443008408-2663697209-1007\Dc1.exe[nircmd.exe]
    01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\NirCmd.exe
    01262593 Application/NirCmd.A HackTools No 0 No No C:\RECYCLER\S-1-5-21-2946522079-3443008408-2663697209-1007\Dc1.exe[nircmd.cfexe]
    ;===================================================================================================================================================================================
    SUSPECTS
    Location
    ;===================================================================================================================================================================================
    ;===================================================================================================================================================================================

    voila pour panda en ligne (dommage que pour désinfecter faut payer^^)
    0
  20. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    ____________________

    vire ce qui est en quarantaine en allant dans poste de travail puis C puis qoobox

    C:\qoobox\Quarantine\

    _________________

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    c:\program files\fichiers communs\whenu
    C:\qoobox\Quarantine\C\Program Files\MovieBox\Uninstall.exe.vir
    C:\WINDOWS\SYSTEM32\MMRTKRNL.EXE
    C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    _______________________

    vire ce qui est dans moved files en allant dans poste de travail puis C....

    C:\_OTMoveIt\MovedFiles

    _________________________

    desinstalle vundofix, virtubeogone, combofix
    _________________________

    utilise pour supprimer tes traces

    CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    _________________________

    nettoie ton registre avec regcleaner
    http://manuelsdaide.com/RegCleaner/RegCleaner.htm
    __________________________

    colle un rapport de ton antivirus norton pour verifier si il reste des infection
    0
  21. nimava Messages postés 32 Statut Membre 3
     
    c:\program files\fichiers communs\whenu moved successfully.
    File/Folder C:\qoobox\Quarantine\C\Program Files\MovieBox\Uninstall.exe.vir not found.
    C:\WINDOWS\SYSTEM32\MMRTKRNL.EXE moved successfully.
    DllUnregisterServer procedure not found in C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll
    C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll NOT unregistered.
    C:\Program Files\GameSpy Arcade\Services\_common\PortraitLoader.dll moved successfully.

    Created on 12/05/2007 17:33:56

    voila pour OTmoveIT ( pas de demande de redémarer le PC)

    si je met un rapport d' ad-Aware 2007 sa va ? (je préfére plus rapide et je pense qu' il n'est pas moins efficace )
    0
  • 1
  • 2