A voir également:
- NORTON 360: Auto Protect bloqué
- Norton gratuit - Télécharger - Antivirus & Antimalwares
- Norton power eraser - Télécharger - Divers Utilitaires
- Norton utilities ultimate gratuit - Télécharger - Optimisation
- Code gta 4 xbox 360 - Guide
- Pilote manette xbox 360 - Télécharger - Pilotes & Matériel
11 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
1 mars 2008 à 21:58
1 mars 2008 à 21:58
slt,
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
_________________________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
_________________________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
Bonjour jlpjlp,
Merci pour ton attention pour commencer.
J'ai utilisé PANDA pour scanner en ligne mon ordi: rien trouvé. Est ce que cela veut dire qu'il y a quand même une possibilité d'être infecté par un virus plus vicieux malgré ce scan?
J'ai aussi utiliser SPYBOT: rien trouvé.
J'ai quand même charger Hijackthis mais je n'y ai rien compris. Je l'ai installé, il a scanné, et m'a donné une page pleine de lignes de fichiers mais pas d'infos spécifique concernant une infection ou quoi. Et je ne l'ai pas renommé: je ne sais pas comment le renommé, et je n'ai pas eu à le décompresser (downloadé directement sur C: ).
Au moment ou je t'écris l'Autoprotect a été activé... ???? ... Est ce possible que cela soit du à Panda ou Hijackthis???
Je vais donc redémarrer mon ordi pour voir, et attendre un peu pour savoir si la correction perdure. Sans quoi je réécrirais sur le forum.
J'en profite pour dire que commentcamerche.com est LE site pour les novices comme moi qui appellent à l'aident afin de trouver écho auprès de pros comme toi qui prennent le temps de répondre s'ils le peuvent! :P
Merci d'avance jlpjlp!
Merci pour ton attention pour commencer.
J'ai utilisé PANDA pour scanner en ligne mon ordi: rien trouvé. Est ce que cela veut dire qu'il y a quand même une possibilité d'être infecté par un virus plus vicieux malgré ce scan?
J'ai aussi utiliser SPYBOT: rien trouvé.
J'ai quand même charger Hijackthis mais je n'y ai rien compris. Je l'ai installé, il a scanné, et m'a donné une page pleine de lignes de fichiers mais pas d'infos spécifique concernant une infection ou quoi. Et je ne l'ai pas renommé: je ne sais pas comment le renommé, et je n'ai pas eu à le décompresser (downloadé directement sur C: ).
Au moment ou je t'écris l'Autoprotect a été activé... ???? ... Est ce possible que cela soit du à Panda ou Hijackthis???
Je vais donc redémarrer mon ordi pour voir, et attendre un peu pour savoir si la correction perdure. Sans quoi je réécrirais sur le forum.
J'en profite pour dire que commentcamerche.com est LE site pour les novices comme moi qui appellent à l'aident afin de trouver écho auprès de pros comme toi qui prennent le temps de répondre s'ils le peuvent! :P
Merci d'avance jlpjlp!
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
2 mars 2008 à 13:27
2 mars 2008 à 13:27
ok si ca recidive colle le rapport hiajkchits comme indiqué dans le manuel
Salut jlpjlp,
Ben voilà, trop beau pour être vrai bien-sûr. :! Mon ordi a planté milles fois dès le démarrage de Windows, avant que je n'arrive enfin à l'allumer presque normalement. Et l'ordi s'éteint comme pour redémarrer dès que je lance Norton 360 en cliqiant sur l'icone (qui marqué par un "v" vert indiquant que tout va bien, et il se met à bugger et planter sans me laisser d'autre choix que de débrancher le courant pour le relancer).
Je sors d'un forum concernant un internaute qui avait le même problème avec AutoProtect de Norton 360 et à qui tu avais répondu (décembre 07). J'ai suivi tes conseilles donnés selon la procédure dans ton blog (bravo soit dit en passant).
J'ai utilisé AVG AntiSpyWare (des coockies traités) et ensuite Panda Total Scan qui ne m'a rien rapporté (tout était ok).
J'ai réinstallé Hijackthis, et voilà le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:28, on 02.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Program Files\iRiver\HSeries\iHPDetect.exe
C:\Program Files\USB Disk Win98 Driver\Res.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Azureus\Azureus.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\HSeries\iHPDetect.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O18 - Protocol: bw+0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Ben voilà, trop beau pour être vrai bien-sûr. :! Mon ordi a planté milles fois dès le démarrage de Windows, avant que je n'arrive enfin à l'allumer presque normalement. Et l'ordi s'éteint comme pour redémarrer dès que je lance Norton 360 en cliqiant sur l'icone (qui marqué par un "v" vert indiquant que tout va bien, et il se met à bugger et planter sans me laisser d'autre choix que de débrancher le courant pour le relancer).
Je sors d'un forum concernant un internaute qui avait le même problème avec AutoProtect de Norton 360 et à qui tu avais répondu (décembre 07). J'ai suivi tes conseilles donnés selon la procédure dans ton blog (bravo soit dit en passant).
J'ai utilisé AVG AntiSpyWare (des coockies traités) et ensuite Panda Total Scan qui ne m'a rien rapporté (tout était ok).
J'ai réinstallé Hijackthis, et voilà le rapport:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:07:28, on 02.03.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe
C:\Program Files\iRiver\HSeries\iHPDetect.exe
C:\Program Files\USB Disk Win98 Driver\Res.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Azureus\Azureus.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Afficher Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [PCMService] "C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [iHP-100] C:\Program Files\iRiver\HSeries\iHPDetect.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {80AEEC0E-A2BE-4B8D-985F-350FE869DC40} (HPDDClientExec Class) - http://h30155.www3.hp.com/ediags/dd/install/HPDriverDiagnosticsVista.cab
O18 - Protocol: bw+0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {70656DD9-BE51-471A-B7A0-9BEAF5FA0253} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Acer\Empowering Technology\eMode\PCM\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
4 mars 2008 à 00:10
4 mars 2008 à 00:10
fix ces lignes:
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [?????????] ??????????????
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
_______________
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [?????????] ??????????????
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
_______________
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
Salut jlpjlp,
Il est tard, et ce n'est pas faute d'avoir posé mes fesses devant mon ordi plus tôt: voilà 1h30 que je me démène pour que l'ordi s'allume presque normalement et pouvoir me connecter à internet et appliquer tes demandesMais bref, l'important c'est d'y être. :)
J'ai suivi tes conseils pour Hijackthis, et Combofix. Voici le rapport de ce dernier.
ComboFix 08-03-04.3 - Khalid 2008-03-04 22:54:16.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.295 [GMT 1:00]
Endroit: C:\Users\Khalid\Desktop\KillBagle.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 21:45 --------- d-----w C:\ProgramData\Symantec
2008-03-04 18:56 --------- d-----w C:\Users\Khalid\AppData\Roaming\Skype
2008-03-04 04:55 --------- d-----w C:\Users\Khalid\AppData\Roaming\Azureus
2008-03-03 22:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-03 22:32 177,390,110 ----a-w C:\Windows\System32\ma base de registre de mars 2008.reg
2008-03-03 20:42 --------- d-----w C:\Users\Khalid\AppData\Roaming\Grisoft
2008-03-03 20:28 --------- d-----w C:\ProgramData\Grisoft
2008-03-03 20:06 --------- d-----w C:\Program Files\Trend Micro
2008-03-02 16:27 --------- d-----w C:\Program Files\MediaCoder
2008-03-02 11:49 --------- d-----w C:\Program Files\Panda Security
2008-03-01 21:07 --------- d-----w C:\Program Files\Mininova
2008-03-01 21:07 --------- d-----w C:\Program Files\Conduit
2008-03-01 16:40 --------- d-----w C:\Users\Khalid\AppData\Roaming\Symantec
2008-03-01 16:36 --------- d-----w C:\ProgramData\Symantec Temporary Files
2008-02-23 18:09 --------- d-----w C:\Program Files\Winamp
2008-02-23 18:07 --------- d-----w C:\Users\Khalid\AppData\Roaming\Winamp
2008-02-13 19:05 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 19:05 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 18:58 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 18:58 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 18:58 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 18:58 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 18:58 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 18:58 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 18:58 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 18:58 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 18:58 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 18:58 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 18:58 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 18:58 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 18:57 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 18:57 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 18:57 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 18:57 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 18:57 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 18:57 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 18:52 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 18:52 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 18:51 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 18:51 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-27 13:27 --------- d-----w C:\Users\Khalid\AppData\Roaming\CyberLink
2008-01-27 13:14 2,560 ------w C:\Windows\system32\drivers\cdralw2k.sys
2008-01-27 13:14 2,432 ------w C:\Windows\system32\drivers\cdr4_xp.sys
2008-01-27 13:14 158,456 ------w C:\Windows\System32\pxwma.dll
2008-01-26 22:02 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-26 22:02 --------- d-----w C:\Program Files\Common Files\Real
2008-01-21 12:16 --------- d-----w C:\Program Files\Norton 360
2008-01-19 02:02 --------- d-----w C:\Program Files\Windows Mail
2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-01-09 19:23 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-08 21:25 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-08 21:25 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-08 21:25 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2007-12-12 22:58 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 22:58 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 22:58 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-08-31 05:25 174 --sha-w C:\Program Files\desktop.ini
2007-08-16 14:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-16 14:26 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-16 14:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 22:25 1232896]
"????r"="" []
"?????????"="??????????????e" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-27 01:01 32768]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-09 20:43 171448]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-02-22 22:31 25388584]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-11 23:21 1006264]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 17:12 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 03:57 3784704 C:\Windows\RtHDVCpl.exe]
"Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 15:24 319488]
"Acer Tour"="" []
"eRecoveryService"="" []
"PCMService"="C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe" [2006-11-25 01:57 151552]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"iHP-100"="C:\Program Files\iRiver\HSeries\iHPDetect.exe" [2004-07-05 14:50 24576]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52 505368]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53 780312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-26 23:01 185896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
C:\Users\Khalid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-04-12 21:38:32 299008]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-09-17 15:25:49 1183744]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-15 12:59:45 528384]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-02-27 01:01:58 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-27 00:57:27 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3D7FB22F-99DB-4524-ACFF-19B11C5AF818}"= UDP:C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{3133F0F7-30A4-4875-9C3D-A89F266ACE64}"= TCP:C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{1B5F55AA-DC07-4594-A01A-1069A13944BE}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{21BAA4E3-7695-4099-9D21-8933E6983FE2}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{E427861B-161B-4A0F-948B-FC004DF3DD19}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{4B325AFD-C08C-47BE-A505-78D6FD8ECAD6}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B1DCE408-C40D-4CFE-A400-7F734586B5D9}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{7DE36F32-4210-4712-AAFA-7086EF9AA32D}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{1D719D62-5E42-46AC-A617-A12E21200D5D}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{387202B2-5A6C-423F-BFD0-2E93C59490D7}"= UDP:C:\Program Files\Midway Games\Rise and Fall\RiseAndFall.exe:Rise and Fall: Civilizations at War
"{C3848389-326D-4CED-86EB-2C42D132CF78}"= TCP:C:\Program Files\Midway Games\Rise and Fall\RiseAndFall.exe:Rise and Fall: Civilizations at War
"{D1A29683-FDD2-431F-A718-49AA93C01C26}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{55EDE63D-F50E-4EA1-B45B-94E5B62C8647}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{3EA1634C-B4A3-40CE-9FC8-E3703C6DF328}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-08-24 12:32]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\Windows\system32\drivers\sfsync03.sys [2005-12-06 16:11]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080227.001\IDSvix86.sys [2008-02-13 17:18]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 14:46]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 23:32]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]
S0 AFS;AFS;C:\Windows\system32\drivers\AFS.sys [2007-08-03 21:29]
S3 Symantec RemoteAssist;Symantec RemoteAssist;"C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe" [2008-01-29 16:09]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4154ac48-d5ae-11dc-8648-00030d000001}]
\shell\AutoRun\command - J:\InstallTomTomHOME.exe
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 22:59:24
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-04 23:01:25
.
2008-02-29 20:42:53 --- E O F ---
Merci bien mex!
ps: que puis je faire pour que mon ordi ne se bloque pas littéralement lorsque Windows démarre? Un écran bleu apparait soudainement, avec texte parlant de dumpping et des chiffres qui défilent en pourcentage pour finir par se bloquer et ne plus répondre ni au reset ni au power on/of. Je suis obligé de débrancher le courant. Et parfois, quand je remets la prise de courant, la tour fait des biiiiip biiiiip sans arrêt et rien à l'écran. Obligé de redébrancher... C'est glauque hein? :)
Il est tard, et ce n'est pas faute d'avoir posé mes fesses devant mon ordi plus tôt: voilà 1h30 que je me démène pour que l'ordi s'allume presque normalement et pouvoir me connecter à internet et appliquer tes demandesMais bref, l'important c'est d'y être. :)
J'ai suivi tes conseils pour Hijackthis, et Combofix. Voici le rapport de ce dernier.
ComboFix 08-03-04.3 - Khalid 2008-03-04 22:54:16.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.295 [GMT 1:00]
Endroit: C:\Users\Khalid\Desktop\KillBagle.exe
.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 21:45 --------- d-----w C:\ProgramData\Symantec
2008-03-04 18:56 --------- d-----w C:\Users\Khalid\AppData\Roaming\Skype
2008-03-04 04:55 --------- d-----w C:\Users\Khalid\AppData\Roaming\Azureus
2008-03-03 22:54 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-03 22:32 177,390,110 ----a-w C:\Windows\System32\ma base de registre de mars 2008.reg
2008-03-03 20:42 --------- d-----w C:\Users\Khalid\AppData\Roaming\Grisoft
2008-03-03 20:28 --------- d-----w C:\ProgramData\Grisoft
2008-03-03 20:06 --------- d-----w C:\Program Files\Trend Micro
2008-03-02 16:27 --------- d-----w C:\Program Files\MediaCoder
2008-03-02 11:49 --------- d-----w C:\Program Files\Panda Security
2008-03-01 21:07 --------- d-----w C:\Program Files\Mininova
2008-03-01 21:07 --------- d-----w C:\Program Files\Conduit
2008-03-01 16:40 --------- d-----w C:\Users\Khalid\AppData\Roaming\Symantec
2008-03-01 16:36 --------- d-----w C:\ProgramData\Symantec Temporary Files
2008-02-23 18:09 --------- d-----w C:\Program Files\Winamp
2008-02-23 18:07 --------- d-----w C:\Users\Khalid\AppData\Roaming\Winamp
2008-02-13 19:05 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 19:05 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-13 18:58 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 18:58 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-13 18:58 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 18:58 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 18:58 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 18:58 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 18:58 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-13 18:58 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-13 18:58 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 18:58 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-13 18:58 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-13 18:58 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-13 18:57 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 18:57 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 18:57 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 18:57 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 18:57 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 18:57 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-13 18:52 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 18:52 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 18:51 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 18:51 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-01-27 13:27 --------- d-----w C:\Users\Khalid\AppData\Roaming\CyberLink
2008-01-27 13:14 2,560 ------w C:\Windows\system32\drivers\cdralw2k.sys
2008-01-27 13:14 2,432 ------w C:\Windows\system32\drivers\cdr4_xp.sys
2008-01-27 13:14 158,456 ------w C:\Windows\System32\pxwma.dll
2008-01-26 22:02 --------- d-----w C:\Program Files\Common Files\xing shared
2008-01-26 22:02 --------- d-----w C:\Program Files\Common Files\Real
2008-01-21 12:16 --------- d-----w C:\Program Files\Norton 360
2008-01-19 02:02 --------- d-----w C:\Program Files\Windows Mail
2008-01-15 08:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-01-15 04:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-12 17:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys
2008-01-09 19:23 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-08 21:25 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-08 21:25 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-08 21:25 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2007-12-12 22:58 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 22:58 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-12 22:58 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-08-31 05:25 174 --sha-w C:\Program Files\desktop.ini
2007-08-16 14:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-08-16 14:26 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-08-16 14:26 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 22:25 1232896]
"????r"="" []
"?????????"="??????????????e" []
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-27 01:01 32768]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 15:30 249856]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-09 20:43 171448]
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" [ ]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-02-22 22:31 25388584]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:34 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-11 23:21 1006264]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 17:12 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 03:57 3784704 C:\Windows\RtHDVCpl.exe]
"Acer Empowering Technology Monitor"="C:\Windows\system32\SysMonitor.exe" [2006-11-23 15:24 319488]
"Acer Tour"="" []
"eRecoveryService"="" []
"PCMService"="C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe" [2006-11-25 01:57 151552]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 21:48 57344]
"iHP-100"="C:\Program Files\iRiver\HSeries\iHPDetect.exe" [2004-07-05 14:50 24576]
"USB Storage Toolbox"="C:\Program Files\USB Disk Win98 Driver\Res.EXE" [2005-09-14 20:44 65536]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 09:22 517768]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-05-17 10:52 505368]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-05-17 10:53 780312]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-26 23:01 185896]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-15 23:54 37376]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
C:\Users\Khalid\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\palmOne\HOTSYNC.EXE [2004-04-12 21:38:32 299008]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-09-17 15:25:49 1183744]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-12-15 12:59:45 528384]
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-04-06 01:17:18 147456]
hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-02-27 01:01:58 450560]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-02-27 00:57:27 450560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{3D7FB22F-99DB-4524-ACFF-19B11C5AF818}"= UDP:C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{3133F0F7-30A4-4875-9C3D-A89F266ACE64}"= TCP:C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{1B5F55AA-DC07-4594-A01A-1069A13944BE}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{21BAA4E3-7695-4099-9D21-8933E6983FE2}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{E427861B-161B-4A0F-948B-FC004DF3DD19}"= Disabled:UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{4B325AFD-C08C-47BE-A505-78D6FD8ECAD6}"= Disabled:TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B1DCE408-C40D-4CFE-A400-7F734586B5D9}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{7DE36F32-4210-4712-AAFA-7086EF9AA32D}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{1D719D62-5E42-46AC-A617-A12E21200D5D}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{387202B2-5A6C-423F-BFD0-2E93C59490D7}"= UDP:C:\Program Files\Midway Games\Rise and Fall\RiseAndFall.exe:Rise and Fall: Civilizations at War
"{C3848389-326D-4CED-86EB-2C42D132CF78}"= TCP:C:\Program Files\Midway Games\Rise and Fall\RiseAndFall.exe:Rise and Fall: Civilizations at War
"{D1A29683-FDD2-431F-A718-49AA93C01C26}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{55EDE63D-F50E-4EA1-B45B-94E5B62C8647}"= UDP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
"{3EA1634C-B4A3-40CE-9FC8-E3703C6DF328}"= TCP:C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:BlueSoleil
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 AtiPcie;ATI PCI Express (3GIO) Filter;C:\Windows\system32\DRIVERS\AtiPcie.sys [2006-08-24 12:32]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);C:\Windows\system32\drivers\sfsync03.sys [2005-12-06 16:11]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080227.001\IDSvix86.sys [2008-02-13 17:18]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-24 14:46]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 23:32]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-09 02:52]
S0 AFS;AFS;C:\Windows\system32\drivers\AFS.sys [2007-08-03 21:29]
S3 Symantec RemoteAssist;Symantec RemoteAssist;"C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe" [2008-01-29 16:09]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4154ac48-d5ae-11dc-8648-00030d000001}]
\shell\AutoRun\command - J:\InstallTomTomHOME.exe
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-04 22:59:24
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
Temps d'accomplissement: 2008-03-04 23:01:25
.
2008-02-29 20:42:53 --- E O F ---
Merci bien mex!
ps: que puis je faire pour que mon ordi ne se bloque pas littéralement lorsque Windows démarre? Un écran bleu apparait soudainement, avec texte parlant de dumpping et des chiffres qui défilent en pourcentage pour finir par se bloquer et ne plus répondre ni au reset ni au power on/of. Je suis obligé de débrancher le courant. Et parfois, quand je remets la prise de courant, la tour fait des biiiiip biiiiip sans arrêt et rien à l'écran. Obligé de redébrancher... C'est glauque hein? :)
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
4 mars 2008 à 23:16
4 mars 2008 à 23:16
cela peut venir d'un probleme matreil les bip (carte memoire, disque dur....) et non d'un virus
regarde ici
http://www.depannetonpc.net/fiches-pratiques/lire_32_1_bips-au-demarrage.html
il faudrait aussi que tu note les chiffres qui s'affichent et lancer une recherche dans google si possible
regarde ici
http://www.depannetonpc.net/fiches-pratiques/lire_32_1_bips-au-demarrage.html
il faudrait aussi que tu note les chiffres qui s'affichent et lancer une recherche dans google si possible
jlpjlp,
Il faut aussi noté que l'Antivirus de Norton 360 est à nouveau actif. Et ce depuis hier. La correction a tenu. Le gros soucis c'est vraiment le démarrage. Une vrai catastrophe.
Le plus drôle c'est qu'une fois démarré, on dirait presque que tout est ok...
Il faut aussi noté que l'Antivirus de Norton 360 est à nouveau actif. Et ce depuis hier. La correction a tenu. Le gros soucis c'est vraiment le démarrage. Une vrai catastrophe.
Le plus drôle c'est qu'une fois démarré, on dirait presque que tout est ok...
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
4 mars 2008 à 23:19
4 mars 2008 à 23:19
cela peut venir d'un probleme matreil les bip (carte memoire, disque dur....) et non d'un virus
regarde ici
http://www.depannetonpc.net/fiches-pratiques/lire_32_1_bips-au-demarrage.html
il faudrait aussi que tu note les chiffres qui s'affichent et lancer une recherche dans google si possible
regarde ici
http://www.depannetonpc.net/fiches-pratiques/lire_32_1_bips-au-demarrage.html
il faudrait aussi que tu note les chiffres qui s'affichent et lancer une recherche dans google si possible
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
4 mars 2008 à 23:19
4 mars 2008 à 23:19
tu peux tester ta memoire vive avec memtest:
http://www.world-informatique.com/pasapas/faq/voir.html?qid=48
http://www.world-informatique.com/pasapas/faq/voir.html?qid=48
Le biiiip c'est pas à chaque fois... Cela se passe après que j'ai débranché la prise de la tour car par d'autres choix. Enfin d'après moi du moins...
Je tacherais de noter les chiffres que j'ai à l'écran la prochaine fois.
Je tacherais de noter les chiffres que j'ai à l'écran la prochaine fois.
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
4 mars 2008 à 23:26
4 mars 2008 à 23:26
un materiel defectuex peut marcher par intermittence et donc tu peux n'avoir des bips que par moment!
