Votre question

Analyse de Combofix pour éradiquer Vundo/Virtumonde

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Mars 2009 08:37:13

Bonjour à tous,

Ayant détecté une infection de mon ordinateur par le Trojan-Malware Vundo/Virtumonde, j'ai appliqué la méthode d'éradication de commentcamarche sur ce lien :
http://www.commentcamarche.net/faq/sujet-6862-supprimer...

J'ai donc utilisé MBAM puis Combofix, mais n'ayant pas les compétences nécessaires pour comprendre le log je me permets de le poster en espérant que quelqu'un puisse m'aider à éradiquer totalement le trojan et/ou me dire si MBAM l'a déjà éradiqué.

Voici donc le post, un grand merci d'avance à ceux qui voudront bien m'aider :

ComboFix 09-03-02.01 - Owner 2009-03-03 8:17:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1509.789 [GMT 1:00]
Lancé depuis: c:\documents and settings\Owner\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)
FW: Symantec Client Firewall *enabled*
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\IE4 Error Log.txt
c:\windows\system32\aiqbtggi.dll
c:\windows\system32\CJjRCcfe.ini
c:\windows\system32\CJjRCcfe.ini2
c:\windows\system32\fvoeai.dll
c:\windows\system32\system
c:\windows\system32\system\msxml4.dll
c:\windows\system32\system\msxml4r.dll
c:\windows\system32\Ultra.dll
c:\windows\system32\vhvhcu.dll
c:\windows\system32\yedsmmvs.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((( Fichiers créés du 2009-02-03 au 2009-03-03 ))))))))))))))))))))))))))))))))))))
.

2009-03-03 01:19 . 2009-03-03 07:30 <DIR> d-------- k:\program files\Malwarebytes' Anti-Malware
2009-03-03 01:19 . 2009-03-03 01:19 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-03-03 01:19 . 2009-03-03 01:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-03 01:19 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 01:19 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-02 00:58 . 2009-03-03 00:56 <DIR> d-------- k:\program files\Avast4
2009-02-25 18:49 . 2009-01-09 20:19 1,089,593 --a--c--- c:\windows\system32\dllcache\ntprint.cat
2009-02-20 18:08 . 2009-02-20 18:08 <DIR> d-------- k:\program files\RALINK
2009-02-08 10:29 . 2009-02-08 10:29 <DIR> d-------- k:\program files\TeamViewer

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-03 07:24 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-03 07:24 --------- d-----w c:\documents and settings\Owner\Application Data\Skype
2009-03-02 00:43 --------- d-----w k:\program files\Everest Poker.net
2009-03-01 20:53 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-01 20:52 --------- d-----w k:\program files\Spybot - Search & Destroy
2009-03-01 17:15 --------- d-----w k:\program files\Ad-Aware SE Professional
2009-02-20 18:25 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-02-17 19:10 --------- d-----w k:\program files\MSN Messenger
2009-02-17 19:10 --------- d-----w k:\program files\Messenger Plus! Live
2008-04-10 22:05 76,760 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2005-01-26 08:39 0 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2003-07-19 04:47 2,498,560 ----a-w k:\program files\Walser.exe
2005-02-20 06:11 160,325 --sh--w c:\windows\Resources\Themes\DameK UltraBlue\irunin.dat
2005-01-28 03:43 0 --sha-w c:\windows\SMINST\HPCD.sys
2005-10-17 16:16 8 --sh--r c:\windows\system32\4464A5C56E.sys
2005-10-17 16:16 4,704 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="k:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="k:\program files\Skype Phone\Skype.exe" [2006-10-13 20058152]
"JFSW2Launch"="c:\documents and settings\Owner\Application Data\Transcend\JFSW2\JFSW2Launch.exe" [2008-09-29 172032]
"PC Suite Tray"="k:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-03-28 1079296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2004-02-29 66680]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2005-02-09 95960]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]
"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-10-18 135168]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-31 185896]
"QuickTime Task"="k:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"SunJavaUpdateSched"="k:\program files\Java\jre6\bin\jusched.exe" [2008-11-10 136600]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-18 c:\windows\system32\Hdaudpropshortcut.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-05-12 c:\windows\SoundMan.exe]
"CHotkey"="zHotkey.exe" [2004-05-18 c:\windows\zHotkey.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl]
"ShowWnd"="ShowWnd.exe" [2003-09-19 c:\windows\ShowWnd.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-05-12 c:\windows\ALCWZRD.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Nokia.PCSync"="k:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Lancement rapide d'Adobe Acrobat.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2005-05-19 25214]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "k:\progra~1\DVDREG~1\DVDShell.dll" [2004-10-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vhvhcu.dll fvoeai.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.enc"= ITIG726.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.PIMJ"= pvljpg20.dll
"VIDC.MJPX"= pvmjpg21.dll
"VIDC.PVW2"= pvwv220.dll
"VIDC.MSZH"= avimszh.dll
"VIDC.ZLIB"= avizlib.dll
"VIDC.ASV1"= asusasv1.dll
"VIDC.ASV2"= asusasv2.dll
"VIDC.I263"= i263_32.drv
"msacm.WRPR"= aviwrap.dll
"vidc.WRPR"= aviwrap.dll
"vidc.xvid"= xvid.dll
"VIDC.RUD0"= rududu.dll
"MSACM.IMC"= IMC32.ACM
"VIDC.DCMJ"= MCMJPG32.DLL
"VIDC.MWV1"= icmw_32.dll
"vidc.aflc"= flccodec32.dll
"vidc.afli"= flccodec32.dll
"msacm.qmpeg"= qmpeg.acm
"VIDC.BT20"= btvvc32.drv
"VIDC.Y41P"= btvvc32.drv
"MSACM.PCDV"= pcdv.acm
"VIDC.CDVC"= CSCCDVC.DLL
"VIDC.DDVC"= CSCdvsd.DLL
"VIDC.PDVC"= pdvcodec.dll
"vidc.MJPG"= m3jpeg32.dll
"vidc.dmb1"= m3jpeg32.dll
"IMC32.ACM"= IMC32.ACM
"vidc.NUB2"= NuB2.dll
"VIDC.VP40"= vp4vfw.dll
"VIDC.PIXL"= PCLEpixl.dll
"VIDC.PIM1"= PCLEPIM1.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Beyond TV.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Démarrage rapide du logiciel HP Image Zone.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lancement rapide d'Adobe Reader.lnk]
backup=c:\windows\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TribalWeb.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\TribalWeb.lnk
backup=c:\windows\pss\TribalWeb.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Scheduler
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCLEPCI
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QD FastAndSafe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
--a------ 2008-04-23 01:08 483328 k:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2005-09-22 00:42 454144 k:\program files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2006-10-27 14:06 863744 c:\program files\Common Files\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eCarteBleue-PREM]
--a------ 2006-02-07 09:23 200704 k:\program files\e-Carte Bleue\LCL\e-Carte Bleue VISA PREMIER\ECB-PREM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-02-19 02:41 49152 k:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 09:36 267048 k:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
--a------ 2006-01-15 12:48 36864 k:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2003-08-29 21:17 188416 c:\program files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2003-08-29 21:20 77824 c:\program files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 20:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Tray Application]
--a------ 2003-12-19 18:38 425984 c:\program files\Common Files\Nokia\Tools\NclTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-03-28 10:20 1079296 k:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 22:37 413696 k:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor]
--a------ 2005-01-06 21:09 1466368 k:\program files\Spyware Doctor\swdoctor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-31 17:06 185896 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2004-12-20 19:41 33792 k:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
--a------ 2002-07-11 10:25 53248 c:\windows\system32\mmtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShowWnd]
--a--c--- 2003-09-19 18:09 36864 c:\windows\ShowWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"k:\\Program Files\\Trillian\\trillian.exe"=
"k:\\Program Files\\ICQLite\\ICQLite.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"k:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"k:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"k:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"k:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"k:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"k:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"k:\\Program Files\\eMule\\emule.exe"=
"k:\\Program Files\\amsn\\bin\\wish.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"k:\\Program Files\\iTunes\\iTunes.exe"=
"k:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"k:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"k:\\Program Files\\MSN Messenger\\livecall.exe"=
"k:\\Program Files\\Skype Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:Eazyconnect
"593:UDP"= 593:UDP:Eazyconnect

R1 prodrv02;prodrv02;c:\windows\system32\drivers\prodrv02.sys [2005-02-02 143776]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-08-20 3712]
R2 RTWTKRNL;Real-Time Windows Target;c:\windows\system32\drivers\RTWTKRNL.sys [2005-02-09 27008]
R2 TeamViewer4;TeamViewer 4;k:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-28 185640]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2005-10-05 6369]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2008-01-25 25088]
S2 BCMNTIO;BCMNTIO; [x]
S2 MAPMEM;MAPMEM; [x]
S3 ATICXCAP;ATI TV Wonder Pro A/V Capture;c:\windows\system32\drivers\aticxcap.sys [2005-01-26 188506]
S3 ATICXTUN;ATI TV Wonder Pro Tuner (Philips 1236 MK3);c:\windows\system32\drivers\aticxtun.sys [2005-01-26 31003]
S3 ATICXXBR;ATI TV Wonder Pro A/V Crossbar;c:\windows\system32\drivers\aticxxbr.sys [2005-01-26 9882]
S3 ComFiltr;Panda Anti-Dialer;\??\c:\windows\system32\DRIVERS\COMFiltr.sys --> c:\windows\system32\DRIVERS\COMFiltr.sys [?]
S3 SA2KMD;STEL Modem;c:\windows\system32\drivers\sa2kmd.sys [2005-09-12 28752]
S3 SA2KPT;STEL OBEX PORT;c:\windows\system32\drivers\sa2kpt.sys [2005-09-12 28784]
S3 SACTL;STEL USB HOST DRIVER;c:\windows\system32\drivers\sactl.sys [2005-09-12 17216]
S3 SAENUM;STEL Enum Driver;c:\windows\system32\drivers\saenum.sys [2005-09-12 9952]
S3 SavRoam;SAVRoam;k:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [2004-03-12 169192]
S3 TESTCAP;Studio PCTV (Audio);c:\windows\system32\DRIVERS\PCTVAud.sys --> c:\windows\system32\DRIVERS\PCTVAud.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{23b5a776-fc4c-11dc-87e1-0006f40ce426}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91fd51dc-d025-11dc-87a9-0006f40ce426}]
\Shell\AutoRun\command - H:\setupSNK.exe
.
Contenu du dossier 'Tâches planifiées'

2009-02-20 c:\windows\Tasks\PcbugDoctorOwner.job
- k:\program files\PCBugDoctor\PCBugDoctor.exe [2004-07-13 09:21]

2009-03-02 c:\windows\Tasks\User_Feed_Synchronization-{9DE59D33-804E-4D9C-B922-F4464C22D7D4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 17:36]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{23D7E00B-35BB-4020-B500-7BF40A12BAD6} - (no file)
BHO-{3A9288C0-73D1-4C51-AB9F-27EABCB2E24C} - c:\windows\system32\efcCRjJC.dll
MSConfigStartUp-ATI Launchpad - c:\program files\ATI Multimedia\main\launchpd.exe
MSConfigStartUp-ATI Remote Control - c:\program files\ATI Multimedia\RemCtrl\ATIX10.exe
MSConfigStartUp-HP Component Manager - c:\program files\HP\hpcoretech\hpcmpmgr.exe
MSConfigStartUp-MaxtorOneTouch - c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe
MSConfigStartUp-MCAgentExe - c:\progra~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - c:\progra~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-RemoteControl - c:\program files\CyberLink\PowerDVD\PDVDServ.exe
MSConfigStartUp-_AntiSpyware - c:\program files\McAfee\McAfee AntiSpyware\MssCli.exe


.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/ig?hl=fr&source=iglk
uInternet Settings,ProxyOverride = localhost;*.local
IE: &ICQ Toolbar Search
IE: Convertir en Adobe PDF - k:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir en un fichier PDF existant - k:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la cible du lien en Adobe PDF - k:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la cible du lien en un fichier PDF existant - k:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir la sélection en Adobe PDF - k:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convertir la sélection en un fichier PDF existant - k:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convertir les liens sélectionnés en fichier Adobe PDF - k:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convertir les liens sélectionnés en un fichier PDF existant - k:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xporter vers Microsoft Excel - k:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Envoyer à &Bluetooth - k:\program files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - k:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ywkyndir.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr/
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ywkyndir.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: k:\program files\Realtek\Netscape6\nppl3260.dll
FF - plugin: k:\program files\Realtek\Netscape6\nprjplug.dll
FF - plugin: k:\program files\Realtek\Netscape6\nprpjplug.dll
FF - plugin: k:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- PARAMETRES FIREFOX ----
k:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-03 08:23:22
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-2936227637-2867005528-609594776-1003\RemoteAccess\Profile\x *]
"EnableAutodisconnect"=dword:00000001
"EnableExitDisconnect"=dword:00000001
"DisconnectIdleTime"=dword:00000014

[HKEY_USERS\S-1-5-21-2936227637-2867005528-609594776-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,f8,6b,04,19,51,
11,df,8c,e2,63,26,f1,3f,c8,ff,68,e0,ca,57,79,e2,b7,4a,0d,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,e5,14,02,cf,44,
28,b3,d6,6a,9c,d6,61,af,45,84,18,86,34,e5,3d,56,ac,c7,b7,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,95,dd,04,27,31,
82,c2,ce,ff,7c,85,e0,43,d4,0e,fe,14,99,ef,bc,15,99,17,27,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,06,8c,7a,24,de,
61,5b,d5,86,8c,21,01,be,91,eb,e7,29,c1,52,c3,4f,b7,5e,8a,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,0a,71,ef,5b,48,
28,d8,e8,f5,1d,4d,73,a8,13,5c,05,1c,09,4a,ca,35,e9,fe,94,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,ba,09,e5,a2,fd,
4d,d9,b2,df,20,58,62,78,6b,cf,c8,a6,5d,79,cc,2b,00,0d,2e,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,e7,db,af,11,f4,
24,eb,6e,fb,a7,78,e6,12,2f,9a,ea,2e,32,9c,fa,a4,b7,99,26,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,5c,8e,db,a1,a2,
d6,b0,8c,01,3a,48,fc,e8,04,4a,f1,e0,7c,37,9e,a7,34,a6,c0,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,8c,2c,9a,92,dc,
58,43,59,f6,0f,4e,58,98,5b,89,c9,82,4b,d1,65,08,45,02,20,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,f5,2d,9c,cb,62,
d0,7a,8f,3d,ce,ea,26,2d,45,aa,78,bd,f9,24,5b,c7,f3,a0,a8,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,d6,c8,9e,ea,be,
10,b6,7e,2a,b7,cc,b5,b9,7f,41,e7,69,bf,45,fb,0c,e8,c5,4f,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,06,b6,e5,3f,1c,
8a,43,f0,6c,43,2d,1e,aa,22,2f,9c,36,b7,66,32,63,3b,7e,a1,6c,43,2d,1e,aa,22,\
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
k:\program files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
k:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
k:\program files\Maxtor\OneTouch\Utils\SyncServices.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
k:\progra~1\RETROS~1\RETROS~1.1\retrorun.exe
c:\program files\Dantz\Retrospect\retrorun.exe
c:\windows\system32\locator.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
k:\program files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
k:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\msiexec.exe
k:\program files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe
k:\program files\PC Connectivity Solution\ServiceLayer.exe
k:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
k:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
k:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
.
**************************************************************************
.
Heure de fin: 2009-03-03 8:29:20 - La machine a redémarré [Owner]
ComboFix-quarantined-files.txt 2009-03-03 07:29:17

Avant-CF: 14,390,099,968 bytes free
Après-CF: 14,840,426,496 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=3 Sets=,1,2,3
401 --- E O F --- 2009-02-25 17:55:11

Autres pages sur : analyse combofix eradiquer vundo virtumonde

a b 8 Sécurité
3 Mars 2009 13:21:15

Bonjour,

Tu as encore des soucis ?

Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.

  • Autorise les Active x.
  • Clique sur Démarrer Online Scanner.
  • Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
  • Colle son rapport ici.
  • Poste un nouveau rapport Hijackthis.

    Aide : Comment faire un scan en ligne avec Kaspersky .
    3 Mars 2009 23:42:13

    Bonjour Angeldark,

    Merci pour ta réponse. Il semble donc que tu n'aies pas détecté de traces de Vundo-Virtumonde ou autre Malware dans le post?

    Je n'ai plus de soucis mais je veux être sûr que MBAM a bien éradiqué Vundo et qu'il ne risque pas de revenir suite à un programme qui protégerait le système.

    J'ai fait un scan Kaspersky, tout est OK car il trouve une vingtaine de fichiers contaminés mais tous sont en fait dans le dossier de Quarantaine de Norton.

    Voici le rapport HiJackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:54:23, on 03/03/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    K:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    K:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    K:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    K:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
    C:\Program Files\Dantz\Retrospect\retrorun.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    K:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    K:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\zHotkey.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\ALCWZRD.EXE
    C:\Program Files\Digital Media Reader\shwiconem.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    K:\Program Files\Java\jre6\bin\jusched.exe
    K:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    K:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    K:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    K:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    C:\WINDOWS\explorer.exe
    K:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\WINDOWS\system32\msiexec.exe
    K:\Program Files\Java\jre6\bin\java.exe
    C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig?hl=fr&source=iglk
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - K:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - K:\Program Files\Realtek\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - K:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - K:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - K:\Program Files\Java\jre6\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - K:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - K:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - K:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "K:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "K:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [msnmsgr] "K:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Skype] "K:\Program Files\Skype Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [JFSW2Launch] C:\Documents and Settings\Owner\Application Data\Transcend\JFSW2\JFSW2Launch.exe
    O4 - HKCU\..\Run: [PC Suite Tray] "K:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "K:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
    O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Convertir en Adobe PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir en un fichier PDF existant - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://K:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://K:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - K:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - K:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - K:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - K:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/F...
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
    O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} (LinkedIn ContactFinderControl) - http://www.linkedin.com/cab/LinkedInContactFinderContro...
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUpload...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.photoservice.com/telechargement/ImageUploade...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_d...
    O18 - Protocol: bw+0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: offline-8876480 - {BF475FD2-B42B-4E3E-B720-5FBC1FC49C9D} - K:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: vhvhcu.dll fvoeai.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - K:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - K:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: EpsonBidirectionalService - Unknown owner - K:\Program Files\EPSON\ESM2\eEBSVC.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - K:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LiveUpdate - Symantec Corporation - K:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~2.EXE
    O23 - Service: MaxSyncService (NTService1) - - K:\Program Files\Maxtor\OneTouch\Utils\SyncServices.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
    O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - K:\PROGRA~1\RETROS~1\RETROS~1.1\retrorun.exe
    O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - K:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
    O23 - Service: ServiceLayer - Nokia. - K:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - K:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - K:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
    O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - K:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
    O23 - Service: Windows Automatic Updates - Unknown owner - C:\Windows\temp\windowsautomaticupdates.exe (file missing)

    --
    End of file - 25762 bytes



    Encore un grand merci pour ton aide.
    a b 8 Sécurité
    4 Mars 2009 12:49:53

    Re,

    Juste des restes.

    Relance Hijackthis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
    R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O20 - AppInit_DLLs: vhvhcu.dll fvoeai.dll

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked !
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS