Se connecter / S'enregistrer
Votre question

Ordinateur infecté... mais virus inconnu [Résolu]

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
27 Janvier 2007 13:32:42

Bonjour,

Mon deuxième ordinateur a je pense beaucoup de problèmes mais je ne sais pas encore quels sont les virus en jeu?
Pourriez vous m'aider?
Je vous poste un rapport Hijackthis

Voici le rapport HijackThis :

Logfile of HijackThis v1.99.1
Scan saved at 13:28:55, on 27/01/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\wpablan.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\localx0.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctpmon.exe
C:\WINDOWS\System32\ctpmon.exe
C:\WINDOWS\System32\zvlaau.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Kevin\LOCALS~1\Temp\Rar$EX00.687\scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.free.fr/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: (no name) - {09F9FFD2-7232-4158-B29B-648FE4E9C85C} - C:\WINDOWS\System32\xxyaxus.dll
O2 - BHO: (no name) - {4EAFF741-9C5C-437C-93CC-928CC099E4DA} - C:\WINDOWS\System32\vtsqq.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\mvgcmgew.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ixjapkwmbu] c:\windows\system32\ixjapkwmbu.exe ixjapkwmbu
O4 - HKLM\..\Run: [hrcopul.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\LocalService\Local Settings\Application Data\hrcopul.dll",vuljcec
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\System32\gchbpbav.dll",setvm
O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\System32\autosys.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SvcManager] localx0.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ctpmon] ctpmon.exe
O4 - HKLM\..\Run: [Win32] zvlaau.exe
O4 - HKLM\..\RunServices: [Win32] zvlaau.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [irssyncd] C:\WINDOWS\System32\irssyncd.exe
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1066.dll,InstantAccess
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O4 - HKCU\..\Run: [Win32] zvlaau.exe
O4 - Startup: .protected
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?6df7b68c7399427ba3f1b398ff72637
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?6df7b68c7399427ba3f1b398ff72637
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {07b7f771-1b8e-4b7b-823e-ffac1732aa9f} - (no file) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O15 - Trusted Zone: http://www.archiviosex.net
O15 - Trusted Zone: www.archiviosex.net
O15 - Trusted Zone: http://www.happyfile.net
O15 - Trusted Zone: http://www.otherchance.com
O15 - Trusted Zone: www.otherchance.com
O15 - Trusted Zone: www.redfunny.com
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x....
O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x...
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.c...
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://fr.pixaco.com/static/download/iedropupload.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoade...
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/20adb262ad2aca3c8017/netzip...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.misterclic.fr/Components/Upload/ImageUploade...
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPl...
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.sonypictures.com/games/thedavincicode/DVCDow...
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools....
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_s...
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt....
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
O18 - Protocol: bw+0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - AppInit_DLLs: dxclib303562752.dll,wbsys.dll
O20 - Winlogon Notify: Controls Folder - C:\WINDOWS\system32\drcpsapi.dll (file missing)
O20 - Winlogon Notify: vtsqq - C:\WINDOWS\System32\vtsqq.dll (file missing)
O20 - Winlogon Notify: xxyaxus - C:\WINDOWS\SYSTEM32\xxyaxus.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Services IPSEC PolicyAgentNetlogon (PolicyAgentNetlogon) - Unknown owner - C:\WINDOWS\System32\23930.exe (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Microsoft Windows Als Service (Windows Als Service) - Conexant Systems - (no file)
O23 - Service: Microsoft Apache for Windows (Windows Apache Service) - Unknown owner - C:\WINDOWS\wpablin.exe (file missing)
O23 - Service: Windows Atapi Driver - Unknown owner - (no file)

Autres pages sur : ordinateur infecte virus inconnu resolu

a b 8 Sécurité
27 Janvier 2007 14:38:48

Bonjour,

Jamais vu un pc avec des infections aussi variées.
Tout cela est dû au fait que tu n'as pas de SP2.

Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
  • Double-clique VundoFix.exe afin de le lancer
  • Clique sur le bouton Scan for Vundo
  • Lorsque le scan est complété, clique sur le bouton Remove Vundo
  • Une invite te demandera si tu veux supprimer les fichiers, clique YES
  • Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
  • Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK
  • Copie/colle le contenu du rapport situé dans C:\vundofix.txt.

    Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo".
    **********
  • Télécharge combofix.exe (par sUBs) sur ton Bureau
  • Double clique combofix.exe.
  • Tape sur la touche Y (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt
    **********
    Avant de commencer, lis la licence de Blacklight (F-Secure)
    En lisant ce document, tu as pris connaissance et accepté les conditions d'utilisation de ce programme inclus dans Navilog1.zip.

    Télécharge maintenant Navilog1.zip (Il Mafioso)
    Enregistre-le sur ton Bureau.
    Dézippe le contenu de l'archive en faisant un Clique droit sur Navilog1.zip puis en choisissant Tout Extraire.

    Double clique sur Navilog1.bat.
    Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
    ! N'utilise pas l'option 2, 3 et 4 sans notre accord !
    Patiente jusqu'à l'apparition de ce message :
    "*** Analyse Termine le ..... ***"
    Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

    -> Edition / Sélectionner tout
    -> Edition / Copier
    -> Clique-Droit / Coller dans ta réponse


    NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
    **********
    Installe d'urgence un firewall comme Kerio :
    http://www.malekal.com/kerio_firewall.php
    **********
    Poste un nouveau rapport Hijackthis.
    27 Janvier 2007 16:32:28

    Re,

    Voici le rapport Vundo :


    VundoFix V6.3.2

    Checking Java version...

    Sun Java not detected
    Scan started at 15:15:55 27/01/2007

    Listing files found while scanning....

    C:\WINDOWS\system32\awtqpnk.dll
    C:\WINDOWS\system32\awtstrq.dll
    C:\WINDOWS\system32\cbxvwww.dll
    C:\WINDOWS\system32\ddcccbx.dll
    C:\WINDOWS\system32\drcpsapi.dll
    C:\WINDOWS\system32\fccawxu.dll
    C:\WINDOWS\system32\gchbpbav.dll
    C:\WINDOWS\system32\jkkiigg.dll
    C:\WINDOWS\System32\mvgcmgew.dll
    C:\WINDOWS\system32\pmnonom.dll
    C:\WINDOWS\system32\qomjhfd.dll
    C:\WINDOWS\system32\qomljgg.dll
    C:\WINDOWS\System32\qqstv.bak1
    C:\WINDOWS\System32\qqstv.bak2
    C:\WINDOWS\System32\qqstv.ini
    C:\WINDOWS\system32\rqrpnki.dll
    C:\WINDOWS\system32\vabpbhcg.ini
    C:\WINDOWS\System32\vtsqq.dll
    C:\WINDOWS\system32\xxyaxus.dll
    C:\WINDOWS\system32\yayyvvu.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtqpnk.dll
    C:\WINDOWS\system32\awtqpnk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\awtstrq.dll
    C:\WINDOWS\system32\awtstrq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cbxvwww.dll
    C:\WINDOWS\system32\cbxvwww.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ddcccbx.dll
    C:\WINDOWS\system32\ddcccbx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\fccawxu.dll
    C:\WINDOWS\system32\fccawxu.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\gchbpbav.dll
    C:\WINDOWS\system32\gchbpbav.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\jkkiigg.dll
    C:\WINDOWS\system32\jkkiigg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnonom.dll
    C:\WINDOWS\system32\pmnonom.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qomjhfd.dll
    C:\WINDOWS\system32\qomjhfd.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qomljgg.dll
    C:\WINDOWS\system32\qomljgg.dll Has been deleted!

    Attempting to delete C:\WINDOWS\System32\qqstv.bak1
    C:\WINDOWS\System32\qqstv.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\System32\qqstv.bak2
    C:\WINDOWS\System32\qqstv.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\System32\qqstv.ini
    C:\WINDOWS\System32\qqstv.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\rqrpnki.dll
    C:\WINDOWS\system32\rqrpnki.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\vabpbhcg.ini
    C:\WINDOWS\system32\vabpbhcg.ini Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xxyaxus.dll
    C:\WINDOWS\system32\xxyaxus.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yayyvvu.dll
    C:\WINDOWS\system32\yayyvvu.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    **********************************************

    Voici le rapport ComboFix

    "Alexandre Dias" - 07-01-27 15:41:51 Service Pack 1
    ComboFix 07-01-25 - Running from: "C:\Documents and Settings\Alexandre Dias\Bureau"

    ERROR !!! /wow section not completed

    ((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

    REGISTRY ENTRIES REMOVED:
    Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{142fdc13-da7b-4e5a-93a6-1f21fbc2c104}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\clsid\{142fdc13-da7b-4e5a-93a6-1f21fbc2c104}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{142fdc13-da7b-4e5a-93a6-1f21fbc2c104}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{142fdc13-da7b-4e5a-93a6-1f21fbc2c104}\InprocServer32]
    @="C:\\WINDOWS\\system32\\lecdll.dll"
    "ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{ae301a0d-8244-49ea-b19b-ab3862bc5364}]
    @=""
    "IDEx"="ADDR"

    [HKEY_CLASSES_ROOT\clsid\{ae301a0d-8244-49ea-b19b-ab3862bc5364}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{ae301a0d-8244-49ea-b19b-ab3862bc5364}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{ae301a0d-8244-49ea-b19b-ab3862bc5364}\InprocServer32]
    @="C:\\WINDOWS\\system32\\btowseui.dll"
    "ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{6938f21c-5c87-47b6-a8d2-9dfebf5a381c}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{6938f21c-5c87-47b6-a8d2-9dfebf5a381c}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{6938f21c-5c87-47b6-a8d2-9dfebf5a381c}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{6938f21c-5c87-47b6-a8d2-9dfebf5a381c}\InprocServer32]
    @="C:\\WINDOWS\\system32\\ayicap32.dll"
    "ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{5f2bb81e-2bf8-4223-ac3e-612516a50311}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{5f2bb81e-2bf8-4223-ac3e-612516a50311}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{5f2bb81e-2bf8-4223-ac3e-612516a50311}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{5f2bb81e-2bf8-4223-ac3e-612516a50311}\InprocServer32]
    @="C:\\WINDOWS\\system32\\iyv6mon.dll"
    "ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{d3596afc-983d-4f09-90f6-5d3f9f25d41d}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{d3596afc-983d-4f09-90f6-5d3f9f25d41d}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{d3596afc-983d-4f09-90f6-5d3f9f25d41d}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{d3596afc-983d-4f09-90f6-5d3f9f25d41d}\InprocServer32]
    "ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{3b45a530-6fe9-43d5-8546-ce5091300b9d}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{3b45a530-6fe9-43d5-8546-ce5091300b9d}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{3b45a530-6fe9-43d5-8546-ce5091300b9d}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{3b45a530-6fe9-43d5-8546-ce5091300b9d}\InprocServer32]
    "ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{5be6cde0-433a-4504-a110-aa5e86d06bbd}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{5be6cde0-433a-4504-a110-aa5e86d06bbd}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{5be6cde0-433a-4504-a110-aa5e86d06bbd}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{5be6cde0-433a-4504-a110-aa5e86d06bbd}\InprocServer32]
    "ThreadingModel"="Apartment"Windows Registry Editor Version 5.00

    [HKEY_CLASSES_ROOT\clsid\{851a2473-3236-45f1-81a0-322205927621}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{851a2473-3236-45f1-81a0-322205927621}\Implemented Categories]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{851a2473-3236-45f1-81a0-322205927621}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
    @=""

    [HKEY_CLASSES_ROOT\clsid\{851a2473-3236-45f1-81a0-322205927621}\InprocServer32]
    @="C:\\WINDOWS\\system32\\drcpsapi.dll"
    "ThreadingModel"="Apartment"

    * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


    Granting SeDebugPrivilege to Administrateurs ... successful


    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
    Folders Quarantined:
    C:\qoobox\purity\Program Files\ASKS~1
    C:\qoobox\purity\Program Files\ASKS~1\?icrosoft.NET


    ((((((((((((((((((((((((((((((( Files Created from 2006-12-27 to 2007-01-27 ))))))))))))))))))))))))))))))))))


    2007-01-27 15:15 <REP> d----c--- C:\VundoFix Backups
    2007-01-27 15:05 <REP> d-------- C:\Program Files\Sunbelt Software
    2007-01-27 15:00 42,692 --a------ C:\WINDOWS\system32\kernelex6.exe
    2007-01-23 18:27 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
    2007-01-23 17:42 94,208 -r-hs---- C:\WINDOWS\system32\zvlaau.exe
    2007-01-23 17:42 390 --a--c--- C:\chemical.exe
    2007-01-23 17:42 3,281 --a------ C:\WINDOWS\system32\autosys.exe
    2007-01-23 17:41 94,208 -ra------ C:\WINDOWS\system32\msinnt.exe
    2007-01-20 18:56 0 --a------ C:\WINDOWS\system32\setup_55302.exe
    2007-01-20 18:51 0 --a--c--- C:\raxkkvo.exe
    2007-01-20 18:48 0 --a--c--- C:\amwapy.exe
    2007-01-20 18:48 0 --a--c--- C:\aklrkeh.exe
    2007-01-19 13:01 6,143 --a------ C:\WINDOWS\system32\3963185065.dll
    2007-01-19 12:52 49,152 --a--c--- C:\elljoi.exe
    2007-01-19 12:52 1,024 --a--c--- C:\ypcqmug.exe
    2007-01-19 12:51 30,720 --a------ C:\WINDOWS\system32\ctpmon.exe
    2007-01-14 14:20 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\SearchToolbarCorp
    2007-01-14 14:11 45,568 --a--c--- C:\mfye.exe
    2007-01-13 23:02 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\AdobeUM
    2007-01-13 22:58 23,552 --a--c--- C:\giicqk.exe
    2007-01-13 22:58 1,024 --a--c--- C:\jswaao.exe
    2007-01-13 18:12 1,024 --a--c--- C:\eimh.exe
    2007-01-13 17:21 <REP> d-------- C:\Program Files\SymNetDrv
    2007-01-13 17:10 34,578 --a------ C:\WINDOWS\system32\drivers\NPDRIVER.SYS
    2007-01-13 16:59 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2007-01-13 16:59 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-01-13 16:59 <REP> d-------- C:\Program Files\Norton AntiVirus
    2007-01-13 16:58 <REP> d-------- C:\Program Files\Symantec
    2007-01-10 18:09 44,032 --a--c--- C:\loder.exe
    2007-01-10 15:09 1,024 --a--c--- C:\wrncp.exe
    2007-01-09 16:45 42,692 --a------ C:\WINDOWS\system32\svhostz7.exe
    2007-01-09 13:01 1,024 --a--c--- C:\nsrat.exe
    2007-01-08 17:15 30,221 -----c--- C:\rmfi.exe
    2007-01-08 17:14 84,480 -r-hs---- C:\WINDOWS\wpablan.exe
    2007-01-07 20:38 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\Symantec
    2007-01-06 22:51 <REP> d--hs---- C:\found.000
    2007-01-06 22:25 0 --a--c--- C:\whmiqq.exe
    2007-01-06 22:25 0 --a--c--- C:\pjvatvux.exe
    2007-01-06 22:25 0 --a--c--- C:\omhran.exe
    2007-01-06 22:25 0 --a--c--- C:\ngaobk.exe
    2007-01-06 22:25 0 --a--c--- C:\doqic.exe
    2007-01-06 22:25 0 --a--c--- C:\cgpevf.exe
    2007-01-06 22:24 0 --a--c--- C:\ntbtggkm.exe
    2007-01-06 22:24 0 --a--c--- C:\jtcjyqpk.exe
    2007-01-06 16:19 <REP> d----c--- C:\DOCUME~1\ALEXAN~1\Application Data\Ultimate Cleaner
    2007-01-06 14:27 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\Ultimate Cleaner
    2007-01-05 12:08 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\Ultimate Defender
    2007-01-05 11:37 <REP> d---s---- C:\DOCUME~1\NETWOR~1\Favoris
    2007-01-05 11:37 <REP> d---s---- C:\DOCUME~1\NETWOR~1\Favoris
    2007-01-05 11:36 <REP> d-------- C:\DOCUME~1\NETWOR~1\Menu D‚marrer
    2007-01-05 11:36 <REP> d-------- C:\DOCUME~1\NETWOR~1\Menu D‚marrer
    2007-01-03 16:35 <REP> d-------- C:\Program Files\Alwil Software
    2007-01-03 16:24 0 --a------ C:\WINDOWS\system32\setup_53572.exe
    2007-01-03 13:53 22,016 --a------ C:\WINDOWS\system32\Partizan.exe
    2007-01-03 13:52 25,773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
    2007-01-03 10:11 0 --a------ C:\WINDOWS\system32\hrcopul.dll
    2007-01-03 10:05 <REP> d-------- C:\Program Files\Ultimate Cleaner
    2007-01-02 15:11 0 --a------ C:\WINDOWS\internat.exe
    2007-01-02 15:11 <REP> d-------- C:\Program Files\password recovery pro demo
    2007-01-02 15:11 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\adprotect nospam
    2007-01-02 14:54 0 --a--c--- C:\sdqmmkl.exe
    2007-01-02 13:55 133,727 --a--c--- C:\ragh.exe
    2007-01-02 10:05 84,480 -r-hs---- C:\WINDOWS\WeRecl.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-23 18:51 -------- d----c--- C:\Program Files\Fichiers communs\symantec shared
    2007-01-23 18:49 -------- d-------- C:\Program Files\deskbar
    2007-01-13 16:59 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
    2007-01-06 22:03 -------- d-------- C:\Program Files\google
    2007-01-06 16:19 -------- d----c--- C:\Documents and Settings\Alexandre Dias\Application Data\ultimate cleaner
    2007-01-05 12:24 -------- d-------- C:\Program Files\msn messenger
    2007-01-04 20:16 656 --a------ C:\WINDOWS\system32\sfc_os.dll
    2007-01-03 16:23 -------- d----c--- C:\Documents and Settings\Alexandre Dias\Application Data\google
    2006-12-22 10:48 -------- d----c--- C:\Documents and Settings\Alexandre Dias\Application Data\logitech
    2006-12-19 20:55 -------- d--h----- C:\Program Files\installshield installation information
    2006-12-19 20:55 -------- d-------- C:\Program Files\musicmatch
    2006-12-19 20:52 118784 -r------- C:\WINDOWS\bwunin-7.2.0.137-8876480sl.exe
    2006-12-19 20:52 -------- d-------- C:\Program Files\logitech
    2006-12-19 20:47 -------- d-------- C:\Program Files\Fichiers communs\logitech
    2006-12-01 23:35 -------- d----c--- C:\Documents and Settings\Alexandre Dias\Application Data\prevx
    2006-11-21 17:20 0 --a------ C:\WINDOWS\system32\setup_66621.exe
    2006-11-11 14:34 0 --a------ C:\WINDOWS\system32\setup_12517.exe
    2006-11-07 13:27 675840 --a------ C:\WINDOWS\system32\cduninst.exe
    2006-10-31 13:57 0 --a------ C:\WINDOWS\system32\setup_02004.exe
    2006-10-31 09:48 0 --a------ C:\WINDOWS\system32\setup_52574.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
    "LBqERRdqP"="desrhook.exe"
    "Instant Access"="rundll32.exe EGACCESS4_1066.dll,InstantAccess"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"
    "ctpmon"="ctpmon.exe"
    "Win32"="zvlaau.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
    "nwiz"="nwiz.exe /install"
    "SoundMan"="SOUNDMAN.EXE"
    "Microsoft Works Update Detection"="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WkUFind.exe"
    "EoEngine"=""
    "EoComputer"=""
    "EPSON Stylus Photo RX520 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAGE.EXE /P31 \"EPSON Stylus Photo RX520 Series\" /O6 \"USB001\" /M \"Stylus Photo RX520\""
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
    "ixjapkwmbu"="c:\\windows\\system32\\ixjapkwmbu.exe ixjapkwmbu"
    "hrcopul.dll"="C:\\WINDOWS\\System32\\rundll32.exe \"C:\\Documents and Settings\\LocalService\\Local Settings\\Application Data\\hrcopul.dll\",vuljcec"
    "AutoSys"="C:\\WINDOWS\\System32\\autosys.exe"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "SvcManager"="kernelex6.exe"
    "MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
    "ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
    "Advanced Tools Check"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
    "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
    "Win32"="zvlaau.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\0]
    "Operation"=dword:00000001
    "Target"="\\??\\C:\\DOCUME~1\\Kevin\\LOCALS~1\\Temp\\h91746.exe"
    "Source"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\1]
    "Operation"=dword:00000001
    "Target"="\\??\\C:\\DOCUME~1\\Kevin\\LOCALS~1\\Temp\\gis2d4897"
    "Source"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\2]
    "Operation"=dword:00000001
    "Target"="C:\\WINDOWS\\SYSTEM32\\KERNEL~1.EXE"
    "Source"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "Win32"="zvlaau.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\InterVideo WinCinema Manager.lnk"
    "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
    "item"="InterVideo WinCinema Manager"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Lancement rapide d'Adobe Reader.lnk"
    "backup"="C:\\WINDOWS\\pss\\Lancement rapide d'Adobe Reader.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
    "item"="Lancement rapide d'Adobe Reader"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CAMTRAY"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="eBayTBDaemon"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mmtask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mm_tray"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GoogleToolbarNotifier"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ultimate Cleaner]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="App"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Ultimate Cleaner\\App.exe\" hide"
    "inimapping"="0"
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="dxclib303562752.dll,wbsys.dll"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{09F9FFD2-7232-4158-B29B-648FE4E9C85C}"=""

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Cccs"="\"C:\\PROGRA~1\\ASKS~1\\iexplore.exe\" -vt yazr"
    "WinInit"="\"C:\\WINDOWS\\TEMP\\241437.exe\" "
    "Win32"="zvlaau.exe"
    "ctpmon"="ctpmon.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Cccs"="\"C:\\PROGRA~1\\ASKS~1\\iexplore.exe\" -vt yazr"
    "WinInit"="\"C:\\WINDOWS\\TEMP\\241437.exe\" "
    "Win32"="zvlaau.exe"
    "ctpmon"="ctpmon.exe"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqq

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    Usnsvc REG_MULTI_SZ usnsvc\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
    C:\WINDOWS\tasks\Symantec NetDetect.job

    Completion time: 07-01-27 15:53:03

    ************************************************

    Voici le Rapport FixNavi

    Search Navipromo version 1.0.3 commencé le 27/01/2007 à 16:01:31,82

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Poster ce rapport sur le forum pour le faire analyser !!!
    !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

    Fix lancé depuis C:\Documents and Settings\Alexandre Dias\Bureau\navilog1
    Mise a jour le 26.01.2007 a 18h00 by IL-MAFIOSO

    Executé en mode normal

    *** Recherche Programmes installes ***


    Instant Access


    *** Recherche dossiers dans C:\WINDOWS ***




    *** Recherche dossiers dans C:\Program Files ***


    C:\Program Files\WebMediaPlayer trouvé !


    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




    *** Recherche dossiers dans C:\Documents and Settings\Alexandre Dias\Application Data ***



    *** Recherche avec BlackLight Engine/F-secure ***
    BlackLight Engine est un produit de F-secure, pour + d'infos :
    http://www.f-secure.com/blacklight/blacklight_help.html


    F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
    ======================================

    Copyright 2005-2006 F-Secure Corporation. All rights reserved.
    This is a beta version. It will expire on 1st of April, 2007.
    Version information: 2.2.1055.

    [+] Started on 01/27/07 at 16:01:35.
    [+] Initializing ...
    [+] Starting scan, press Ctrl-C to abort.
    [+] Scanning for hidden items ................................................................................................................
    [+] Scan complete.
    [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
    [+] Exited on 01/27/07 at 16:15:46 (return code = 0).


    *** Recherche fichiers ***


    C:\WINDOWS\tmlpcert2007 trouvé !
    C:\WINDOWS\system32\egaccess4_1064.dll trouvé !
    C:\WINDOWS\system32\nvs2.inf trouvé !


    *** Recherche cles registre ***


    Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]

    C:\WINDOWS\System32\egaccess4_1064.dll REG_DWORD 0x1
    C:\WINDOWS\System32\egaccess4_1066.dll REG_DWORD 0x1


    Recharche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage]

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/egaccess4_1064.dll
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/egaccess4_1066.dll


    Recherche Clé Magic Control

    HKEY_CURRENT_USER\Software\Lanconfig trouvé !


    *** Module de recherche complémentaire ***
    (recherche fichiers spécifiques)

    C:\WINDOWS\system32\ixjapkwmbu.dat


    *** Analyse Terminé le 27/01/2007 à 16:17:43,31 ***

    ***************************************************

    Voici le Rapport HijackThis

    Logfile of HijackThis v1.99.1
    Scan saved at 16:28:38, on 27/01/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\wpablan.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\kernelex6.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\zvlaau.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\ctpmon.exe
    C:\WINDOWS\System32\ctpmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\Rar$EX00.094\scanner.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - - (no file)
    O2 - BHO: (no name) - {09F9FFD2-7232-4158-B29B-648FE4E9C85C} - C:\WINDOWS\System32\xxyaxus.dll (file missing)
    O2 - BHO: (no name) - {4EAFF741-9C5C-437C-93CC-928CC099E4DA} - C:\WINDOWS\System32\vtsqq.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\mvgcmgew.dll (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ixjapkwmbu] c:\windows\system32\ixjapkwmbu.exe ixjapkwmbu
    O4 - HKLM\..\Run: [hrcopul.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\LocalService\Local Settings\Application Data\hrcopul.dll",vuljcec
    O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\System32\autosys.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SvcManager] kernelex6.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [Win32] zvlaau.exe
    O4 - HKLM\..\RunServices: [Win32] zvlaau.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [LBqERRdqP] desrhook.exe
    O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1066.dll,InstantAccess
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
    O4 - HKCU\..\Run: [Win32] zvlaau.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: WkCalRem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?dff67217d1bd45188cd2a6788b6b13c0
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?dff67217d1bd45188cd2a6788b6b13c0
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x....
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x...
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.c...
    O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://fr.pixaco.com/static/download/iedropupload.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoade...
    O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/20adb262ad2aca3c8017/netzip...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.misterclic.fr/Components/Upload/ImageUploade...
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPl...
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.sonypictures.com/games/thedavincicode/DVCDow...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools....
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_s...
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt....
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_10...
    O18 - Protocol: bw+0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: dxclib303562752.dll,wbsys.dll
    O20 - Winlogon Notify: vtsqq - C:\WINDOWS\System32\vtsqq.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Services IPSEC PolicyAgentNetlogon (PolicyAgentNetlogon) - Unknown owner - C:\WINDOWS\System32\23930.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Microsoft Windows Als Service (Windows Als Service) - Conexant Systems - (no file)
    O23 - Service: Microsoft Apache for Windows (Windows Apache Service) - Unknown owner - C:\WINDOWS\wpablin.exe (file missing)
    O23 - Service: Windows Atapi Driver - Unknown owner - (no file)

    ****************************************************

    Je pense que c'est pas encore fini :D  mais je te remerci déjà pour ce que tu fais
    Contenus similaires
    a b 8 Sécurité
    28 Janvier 2007 22:35:59

    Loin d'être fini :D 

    Redémarre en mode sans échec

    Double clique sur Navilog1.bat.
    Choisis maintenant l'option 2 puis valide.
    Laisse toi guider et réponds aux questions éventuelles.

    Réponds aux questions éventuelles.
    Ton bureau va disparaître, c'est normal !

    Patiente jusqu'à l'apparition de ce message :
    "*** Nettoyage Termine le ..... ***"

    Appuie sur une touche comme demandé, le Bloc-notes va s'ouvrir.
    Sauvegarde le rapport de manière à le retrouver en mode normal.
    Referme le Bloc-notes. Ton bureau va maintenant réapparaître.
    Redémarre normalement puis poste le rapport sauvegardé auparavant (C:\cleannavi.txt).
    **********
    Télécharge Look2Me-Destroyer.exe (par Atribune) sur ton Bureau.
  • Ferme toutes les fenêtres actives avant de passer à l'étape suivante.
  • Double-clique Look2Me-Destroyer.exe afin de lancer l'outil.
  • Coche Run this program as a task
  • Un message s'affichera, te disant ceci : "Look2Me-Destroyer will close and re-open in approximately 1 minute". Clique OK
  • Il se relancera après la minute, puis clique sur le bouton Scan for L2M; les icônes de ton Bureau vont disparaître : c'est normal.
  • Lorsque le scan termine, clique sur le bouton Remove L2M
  • Un message Done Scanning apparaîtra, clique OK.
  • Un nouveau message s'affichera : Done removing infected files! Look2Me-Destroyer will now shutdown your computer; clique OK.
  • Ton PC va maintenant s'éteindre.
  • Démarre ton PC normalement.
  • Colle le rapport généré (Look2Me-Destroyer.txt), situé sur le Bureau, ainsi qu'un nouveau rapport HijackThis! dans ta prochaine réponse.

    ** Si Look2Me-Destroyer ne se relance pas automatiquement après la minute, redémarre et essaie à nouveau.
    5 Février 2007 16:17:56

    Salut.
    Ca fait longtemps. Voici les différents rapports. Bonne Chance!
    *********

    Rapport Navilog :

    Clean Navipromo version 1.0.3 commencé le 30/01/2007 à 17:25:22,06

    Fix lancé depuis C:\Documents and Settings\Alexandre Dias\Bureau\navilog1
    Mise a jour le 26.01.2007 a 18h00 by IL-MAFIOSO

    Executé en mode sans echec

    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)


    *** Suppression dossiers dans C:\WINDOWS ***


    *** Suppression dossiers dans C:\Program Files ***

    C:\Program Files\WebMediaPlayer ...suppression...
    C:\Program Files\WebMediaPlayer supprimé !


    *** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


    *** Suppression dossiers dans C:\Documents and Settings\Alexandre Dias\Application Data ***



    *** Suppression fichiers ***

    C:\WINDOWS\tmlpcert2007 supprimé !
    C:\WINDOWS\system32\egaccess4_1064.dll supprimé !
    C:\WINDOWS\system32\nvs2.inf supprimé !

    *** Sauvegarde du registre vers dossier Backupnavi***


    sauvegarde du registre réalisée avec succès !


    *** Nettoyage registre ***


    Nettoyage registre Ok

    *** Module de recherche complémentaire ***
    (recherche fichiers spécifiques)
    Le fix ne traite pas ce résultat. Fichiers à supprimer si nécéssaire

    C:\WINDOWS\system32\ixjapkwmbu.dat


    *** Nettoyage termine le 30/01/2007 à 17:28:41,31 ***

    ****************************************************

    Rapport Look2me :


    Look2Me-Destroyer V1.0.12

    Scanning for infected files.....
    Scan started at 05/02/2007 15:54:21


    Attempting to delete infected files...

    Making registry repairs.


    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Administrateurs - Succeeded

    ******************************************************

    Rapport HijackThis

    Logfile of HijackThis v1.99.1
    Scan saved at 16:15:00, on 05/02/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\wpablan.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\WINDOWS\System32\kernelex6.exe
    C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\WINDOWS\System32\zvlaau.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
    C:\WINDOWS\System32\ctpmon.exe
    C:\WINDOWS\System32\ctpmon.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\Rar$EX00.125\scanner.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - - (no file)
    O2 - BHO: (no name) - {09F9FFD2-7232-4158-B29B-648FE4E9C85C} - C:\WINDOWS\System32\xxyaxus.dll (file missing)
    O2 - BHO: (no name) - {4EAFF741-9C5C-437C-93CC-928CC099E4DA} - C:\WINDOWS\System32\vtsqq.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\mvgcmgew.dll (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ixjapkwmbu] c:\windows\system32\ixjapkwmbu.exe ixjapkwmbu
    O4 - HKLM\..\Run: [hrcopul.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\LocalService\Local Settings\Application Data\hrcopul.dll",vuljcec
    O4 - HKLM\..\Run: [AutoSys] C:\WINDOWS\System32\autosys.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SvcManager] kernelex6.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [Win32] zvlaau.exe
    O4 - HKLM\..\RunServices: [Win32] zvlaau.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [LBqERRdqP] desrhook.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
    O4 - HKCU\..\Run: [Win32] zvlaau.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: WkCalRem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?dff67217d1bd45188cd2a6788b6b13c0
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?dff67217d1bd45188cd2a6788b6b13c0
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x....
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x...
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.c...
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://fr.pixaco.com/static/download/iedropupload.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoade...
    O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/20adb262ad2aca3c8017/netzip...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.misterclic.fr/Components/Upload/ImageUploade...
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPl...
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.sonypictures.com/games/thedavincicode/DVCDow...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools....
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_s...
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt....
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: bw+0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: dxclib303562752.dll,wbsys.dll
    O20 - Winlogon Notify: vtsqq - C:\WINDOWS\System32\vtsqq.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\System32\msasvc.exe (file missing)
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Services IPSEC PolicyAgentNetlogon (PolicyAgentNetlogon) - Unknown owner - C:\WINDOWS\System32\23930.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Microsoft Windows Als Service (Windows Als Service) - Conexant Systems - (no file)
    O23 - Service: Microsoft Apache for Windows (Windows Apache Service) - Unknown owner - C:\WINDOWS\wpablin.exe (file missing)
    O23 - Service: Windows Atapi Driver - Unknown owner - (no file)

    **************************************************

    Voila et Bonne Chance
    a b 8 Sécurité
    5 Février 2007 18:49:49

    Re,

    Télécharge Clean.zip (de Malekal),
    Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.

    Redémarre en mode sans échec

    Ouvre le dossier clean, double-clique sur clean.cmd.
    Choisis l'option 2 puis patiente.

    Redémarre normalement

    - Le rapport clean : Poste de travail / double clic sur disque C / double-clic sur rapport_clean.txt et copier/coller le contenu ici C:\rapport_clean.txt
    5 Février 2007 20:29:00

    Re,

    Pour Clean, je fais 2 tout de suite après 1 ou j'attend que tu m'ai répondu après avoir posté le rapport? Je n'ai pas envie de me tromper et de supprimer des trucs importants.

    Merci
    a b 8 Sécurité
    5 Février 2007 20:30:08

    Tu attends que je te réponde.
    5 Février 2007 21:41:52

    Re,

    Voici le Rapport Clean :

    Rapport clean par Malekal_morte - http://www.malekal.com
    Option 1, executee le 05/02/2007 a 21:39:18,25

    *** Recherche de fichiers sur C:
    C:\secure32.html FOUND

    *** Recherche des fichiers dans C:\WINDOWS\
    C:\WINDOWS\keyboard*.dat FOUND
    C:\WINDOWS\teller2.chk FOUND
    C:\WINDOWS\wpablan.exe FOUND
    C:\WINDOWS\teller2.chk FOUND

    *** Recherche des fichiers dans C:\WINDOWS\system32
    C:\WINDOWS\system32\ctpmon.exe FOUND
    C:\WINDOWS\system32\autosys.exe FOUND
    C:\WINDOWS\system32\i FOUND
    C:\WINDOWS\system32\kernel???.exe FOUND
    C:\WINDOWS\system32\kernel??.exe FOUND
    C:\WINDOWS\system32\mcrh.tmp FOUND
    C:\WINDOWS\system32\setup_?????.exe FOUND
    C:\WINDOWS\impborl.dll FOUND

    "C:\Program Files\Deskbar\" FOUND
    "C:\Program Files\Ultimate Cleaner\" FOUND
    *** Fin du rapport !
    *******************************************************
    a b 8 Sécurité
    6 Février 2007 17:41:57

    Passe en sans échec ;) 
    6 Février 2007 23:32:58

    Re,

    Ya un petit bug et j'ai du recommencé la manoeuvre par deux fois. En aperçevant à peu près ce qu'il y avait dans le premier rapport, je crois que le les élèments détéctes dans le premier rapport Clean ont été supprimer. Sinon j'ai ce rapport :

    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Option 2, executee le 06/02/2007 a 19:07:40,71

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression de fichiers sur C:

    *** Suppression des fichiers dans C:\WINDOWS\

    *** Suppression des fichiers dans C:\WINDOWS\system32
    tentative de suppression de C:\WINDOWS\system32\ctpmon.exe - ATTENTION il est recommandé d'utiliser SmitFraudfix!
    Impossible de supprimer C:\WINDOWS\system32\ctpmon.exe


    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !
    *****************************************************

    Rapport HijackThis

    Logfile of HijackThis v1.99.1
    Scan saved at 23:32:24, on 06/02/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\Rar$EX00.563\scanner.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - - (no file)
    O2 - BHO: (no name) - {09F9FFD2-7232-4158-B29B-648FE4E9C85C} - C:\WINDOWS\System32\xxyaxus.dll (file missing)
    O2 - BHO: (no name) - {4EAFF741-9C5C-437C-93CC-928CC099E4DA} - C:\WINDOWS\System32\vtsqq.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\mvgcmgew.dll (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ixjapkwmbu] c:\windows\system32\ixjapkwmbu.exe ixjapkwmbu
    O4 - HKLM\..\Run: [hrcopul.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\LocalService\Local Settings\Application Data\hrcopul.dll",vuljcec
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [LBqERRdqP] desrhook.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
    O4 - HKCU\..\Run: [Win32] zvlaau.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: WkCalRem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?dff67217d1bd45188cd2a6788b6b13c0
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?dff67217d1bd45188cd2a6788b6b13c0
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x....
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x...
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.c...
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://fr.pixaco.com/static/download/iedropupload.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoade...
    O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/20adb262ad2aca3c8017/netzip...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.misterclic.fr/Components/Upload/ImageUploade...
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPl...
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.sonypictures.com/games/thedavincicode/DVCDow...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools....
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_s...
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt....
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: bw+0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: dxclib303562752.dll,wbsys.dll
    O20 - Winlogon Notify: vtsqq - C:\WINDOWS\System32\vtsqq.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe (file missing)
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Services IPSEC PolicyAgentNetlogon (PolicyAgentNetlogon) - Unknown owner - C:\WINDOWS\System32\23930.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Microsoft Windows Als Service (Windows Als Service) - Conexant Systems - (no file)
    O23 - Service: Microsoft Apache for Windows (Windows Apache Service) - Unknown owner - C:\WINDOWS\wpablin.exe (file missing)
    O23 - Service: Windows Atapi Driver - Unknown owner - (no file)

    *****************************************************
    a b 8 Sécurité
    7 Février 2007 13:55:14

    Re,

    Télécharge Smitfraudfix (de S!ri).
    Enregistre-le sur ton bureau.
    Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
    Choisis l'Option 1 (Recherche)
    Poste le premier rapport ici.

    **Si le lien ne fonctionne pas, clique ici**
    7 Février 2007 14:10:33

    Re,

    Voici le Premier Rapport Smit...

    SmitFraudFix v2.140

    Rapport fait à 14:08:22,67, 07/02/2007
    Executé à partir de C:\Documents and Settings\Alexandre Dias\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\ctpmon.exe PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alexandre Dias


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alexandre Dias\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ALEXAN~1\Favoris


    »»»»»»»»»»»»»»»»»»»»»»»» Bureau


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"="dxclib303562752.dll,wbsys.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    *****************************************************
    a b 8 Sécurité
    7 Février 2007 14:23:21

    Re,

    Supprime ta version de Combofix.

    Télécharge Combofix
    Enregistre le sur ton bureau.

    Redémarre en mode sans échec

    Lance SmitfraudFix.exe et choisis cette fois l’Option 2 et réponds oui à la ou les questions.
    Sauvegarde le rapport sur ton Bureau.

    Double clique sur ComboFix.bat
    A la fin du scan, un rapport sera généré, enregistre le sur ton bureau.

    Redémarre normalement puis poste :
    * le rapport Combofix
    * un nouveau rapport Hijackthis
    * le rapport Smitfraudfix

    Note : Ne clique pas sur la fenêtre Combofix pendant qu'il est en train de scanner. Cela pourrait le faire planter.
    7 Février 2007 14:49:35

    Re,

    Rapport ComboFix :

    "Alexandre Dias" - 07-02-07 14:41:47 Service Pack 1
    ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Alexandre Dias\Bureau"

    /wow section not completed - STAGE #4

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
    Folders Quarantined:
    C:\qoobox\purity\Program Files\ASKS~1
    C:\qoobox\purity\Program Files\ASKS~1\?icrosoft.NET


    ((((((((((((((((((((((((((((((( Files Created from 2007-01-07 to 2007-02-07 ))))))))))))))))))))))))))))))))))


    2007-02-07 14:08 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
    2007-02-07 14:08 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-02-07 14:08 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-02-07 14:08 40,960 --a------ C:\WINDOWS\system32\swsc.exe
    2007-02-07 14:08 3,600 --a------ C:\WINDOWS\system32\tmp.reg
    2007-02-07 14:08 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-02-07 14:08 135,168 --a------ C:\WINDOWS\system32\swreg.exe
    2007-01-27 15:15 <REP> d----c--- C:\VundoFix Backups
    2007-01-27 15:05 <REP> d-------- C:\Program Files\Sunbelt Software
    2007-01-23 18:27 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
    2007-01-23 17:42 94,208 -r-hs---- C:\WINDOWS\system32\zvlaau.exe
    2007-01-23 17:42 390 --a--c--- C:\chemical.exe
    2007-01-23 17:41 94,208 -ra------ C:\WINDOWS\system32\msinnt.exe
    2007-01-20 18:51 0 --a--c--- C:\raxkkvo.exe
    2007-01-20 18:48 0 --a--c--- C:\amwapy.exe
    2007-01-20 18:48 0 --a--c--- C:\aklrkeh.exe
    2007-01-19 13:01 6,143 --a------ C:\WINDOWS\system32\3963185065.dll
    2007-01-19 12:52 49,152 --a--c--- C:\elljoi.exe
    2007-01-19 12:52 1,024 --a--c--- C:\ypcqmug.exe
    2007-01-14 14:20 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\SearchToolbarCorp
    2007-01-14 14:11 45,568 --a--c--- C:\mfye.exe
    2007-01-13 23:02 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\AdobeUM
    2007-01-13 22:58 23,552 --a--c--- C:\giicqk.exe
    2007-01-13 22:58 1,024 --a--c--- C:\jswaao.exe
    2007-01-13 18:12 1,024 --a--c--- C:\eimh.exe
    2007-01-13 17:21 <REP> d-------- C:\Program Files\SymNetDrv
    2007-01-13 17:10 34,578 --a------ C:\WINDOWS\system32\drivers\NPDRIVER.SYS
    2007-01-13 16:59 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2007-01-13 16:59 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-01-13 16:59 <REP> d-------- C:\Program Files\Norton AntiVirus
    2007-01-13 16:58 <REP> d-------- C:\Program Files\Symantec
    2007-01-10 18:09 44,032 --a--c--- C:\loder.exe
    2007-01-10 15:09 1,024 --a--c--- C:\wrncp.exe
    2007-01-09 16:45 42,692 --a------ C:\WINDOWS\system32\svhostz7.exe
    2007-01-09 13:01 1,024 --a--c--- C:\nsrat.exe
    2007-01-08 17:15 30,221 -----c--- C:\rmfi.exe
    2007-01-07 20:38 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\Symantec


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-23 18:51 -------- d----c--- C:\Program Files\Fichiers communs\symantec shared
    2007-01-13 16:59 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
    2007-01-06 22:25 0 --a--c--- C:\whmiqq.exe
    2007-01-06 22:25 0 --a--c--- C:\pjvatvux.exe
    2007-01-06 22:25 0 --a--c--- C:\omhran.exe
    2007-01-06 22:25 0 --a--c--- C:\ngaobk.exe
    2007-01-06 22:25 0 --a--c--- C:\doqic.exe
    2007-01-06 22:25 0 --a--c--- C:\cgpevf.exe
    2007-01-06 22:24 0 --a--c--- C:\ntbtggkm.exe
    2007-01-06 22:24 0 --a--c--- C:\jtcjyqpk.exe
    2007-01-06 22:03 -------- d-------- C:\Program Files\google
    2007-01-06 16:19 -------- d----c--- C:\DOCUME~1\ALEXAN~1\Application Data\ultimate cleaner
    2007-01-05 12:24 -------- d-------- C:\Program Files\msn messenger
    2007-01-04 20:16 656 --a------ C:\WINDOWS\system32\sfc_os.dll
    2007-01-03 16:35 -------- d-------- C:\Program Files\alwil software
    2007-01-03 16:23 -------- d----c--- C:\DOCUME~1\ALEXAN~1\Application Data\google
    2007-01-03 13:53 22016 --a------ C:\WINDOWS\system32\partizan.exe
    2007-01-03 13:52 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
    2007-01-03 10:11 0 --a------ C:\WINDOWS\system32\hrcopul.dll
    2007-01-02 15:11 0 --a------ C:\WINDOWS\internat.exe
    2007-01-02 15:11 -------- d-------- C:\Program Files\password recovery pro demo
    2007-01-02 14:54 0 --a--c--- C:\sdqmmkl.exe
    2007-01-02 14:52 133727 --a--c--- C:\ragh.exe
    2007-01-02 10:05 84480 -r-hs---- C:\WINDOWS\werecl.exe
    2006-12-22 11:09 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2006-12-22 10:48 -------- d----c--- C:\DOCUME~1\ALEXAN~1\Application Data\logitech
    2006-12-19 20:55 -------- d--h----- C:\Program Files\installshield installation information
    2006-12-19 20:55 -------- d-------- C:\Program Files\musicmatch
    2006-12-19 20:52 118784 -r------- C:\WINDOWS\bwunin-7.2.0.137-8876480sl.exe
    2006-12-19 20:52 -------- d-------- C:\Program Files\logitech
    2006-12-19 20:47 -------- d-------- C:\Program Files\Fichiers communs\logitech
    2006-12-03 12:07 483 --a--c--- C:\pnpID.dat
    2006-11-07 17:38 615 --a------ C:\WINDOWS\ereg.dat
    2006-11-07 13:27 675840 --a------ C:\WINDOWS\system32\cduninst.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
    "LBqERRdqP"="desrhook.exe"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"
    "Win32"="zvlaau.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
    "nwiz"="nwiz.exe /install"
    "SoundMan"="SOUNDMAN.EXE"
    "Microsoft Works Update Detection"="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WkUFind.exe"
    "EoEngine"=""
    "EoComputer"=""
    "EPSON Stylus Photo RX520 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAGE.EXE /P31 \"EPSON Stylus Photo RX520 Series\" /O6 \"USB001\" /M \"Stylus Photo RX520\""
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
    "ixjapkwmbu"="c:\\windows\\system32\\ixjapkwmbu.exe ixjapkwmbu"
    "hrcopul.dll"="C:\\WINDOWS\\System32\\rundll32.exe \"C:\\Documents and Settings\\LocalService\\Local Settings\\Application Data\\hrcopul.dll\",vuljcec"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
    "Advanced Tools Check"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
    "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
    "Win32"="zvlaau.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\0]
    "Operation"=dword:00000001
    "Target"="\\??\\C:\\DOCUME~1\\Kevin\\LOCALS~1\\Temp\\h91746.exe"
    "Source"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\1]
    "Operation"=dword:00000001
    "Target"="\\??\\C:\\DOCUME~1\\Kevin\\LOCALS~1\\Temp\\gis2d4897"
    "Source"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\2]
    "Operation"=dword:00000001
    "Target"="C:\\WINDOWS\\SYSTEM32\\KERNEL~1.EXE"
    "Source"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
    "Win32"="zvlaau.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\InterVideo WinCinema Manager.lnk"
    "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
    "item"="InterVideo WinCinema Manager"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Lancement rapide d'Adobe Reader.lnk"
    "backup"="C:\\WINDOWS\\pss\\Lancement rapide d'Adobe Reader.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
    "item"="Lancement rapide d'Adobe Reader"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CAMTRAY"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="eBayTBDaemon"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mmtask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mm_tray"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GoogleToolbarNotifier"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ultimate Cleaner]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="App"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Ultimate Cleaner\\App.exe\" hide"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="dxclib303562752.dll,wbsys.dll"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{09F9FFD2-7232-4158-B29B-648FE4E9C85C}"=""

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Cccs"="\"C:\\PROGRA~1\\ASKS~1\\iexplore.exe\" -vt yazr"
    "WinInit"="\"C:\\WINDOWS\\TEMP\\241437.exe\" "
    "Win32"="zvlaau.exe"
    "ctpmon"="ctpmon.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Cccs"="\"C:\\PROGRA~1\\ASKS~1\\iexplore.exe\" -vt yazr"
    "WinInit"="\"C:\\WINDOWS\\TEMP\\241437.exe\" "
    "Win32"="zvlaau.exe"
    "ctpmon"="ctpmon.exe"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqq

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    Usnsvc REG_MULTI_SZ usnsvc\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
    C:\WINDOWS\tasks\Symantec NetDetect.job


    ********************************************************************

    catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-02-07 14:45:25
    C:\ComboFix2.txt ... 07-01-27 15:53
    ******************************************************


    Voici le Rapport Smit :

    SmitFraudFix v2.140

    Rapport fait à 14:38:09,10, 07/02/2007
    Executé à partir de C:\Documents and Settings\Alexandre Dias\Bureau\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode sans echec

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus


    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    127.0.0.1 localhost





    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

    C:\WINDOWS\system32\ctpmon.exe supprimé

    »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

    Nettoyage terminé.

    »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» Fin

    *******************************************************

    Voici le Rapport Hijackthis :

    Logfile of HijackThis v1.99.1
    Scan saved at 14:47:46, on 07/02/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\Rar$EX00.203\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - - (no file)
    O2 - BHO: (no name) - {09F9FFD2-7232-4158-B29B-648FE4E9C85C} - C:\WINDOWS\System32\xxyaxus.dll (file missing)
    O2 - BHO: (no name) - {4EAFF741-9C5C-437C-93CC-928CC099E4DA} - C:\WINDOWS\System32\vtsqq.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\mvgcmgew.dll (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ixjapkwmbu] c:\windows\system32\ixjapkwmbu.exe ixjapkwmbu
    O4 - HKLM\..\Run: [hrcopul.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\LocalService\Local Settings\Application Data\hrcopul.dll",vuljcec
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [Win32] zvlaau.exe
    O4 - HKLM\..\RunServices: [Win32] zvlaau.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [LBqERRdqP] desrhook.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Win32] zvlaau.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: WkCalRem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?dff67217d1bd45188cd2a6788b6b13c0
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?dff67217d1bd45188cd2a6788b6b13c0
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x....
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x...
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.c...
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://fr.pixaco.com/static/download/iedropupload.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoade...
    O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/20adb262ad2aca3c8017/netzip...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.misterclic.fr/Components/Upload/ImageUploade...
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPl...
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.sonypictures.com/games/thedavincicode/DVCDow...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools....
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_s...
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt....
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: bw+0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: dxclib303562752.dll,wbsys.dll
    O20 - Winlogon Notify: vtsqq - C:\WINDOWS\System32\vtsqq.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe (file missing)
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Services IPSEC PolicyAgentNetlogon (PolicyAgentNetlogon) - Unknown owner - C:\WINDOWS\System32\23930.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Microsoft Windows Als Service (Windows Als Service) - Conexant Systems - (no file)
    O23 - Service: Microsoft Apache for Windows (Windows Apache Service) - Unknown owner - C:\WINDOWS\wpablin.exe (file missing)
    O23 - Service: Windows Atapi Driver - Unknown owner - (no file)

    ******************************************************

    Bonne Chance!
    a b 8 Sécurité
    7 Février 2007 14:53:28

    Re,

    Il y a encore du boulot...

    Télécharge puis installe AVG Anti-Spyware (AVG AS)
    Une fois AVG AS lancé, clique sur "Mise à jour"
    Ferme le programme.
    AIDE : Tuto sur AVG Antispyware (Malekal)

    Redémarre en mode sans échec

    Relance AVG AS puis choisis l'onglet "Analyse"
    Puis l'onglet "Paramètres"
    Sous la question "Comment réagir ?", clique sur "Actions recommandées" et choisis "Quarantaine"
    Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    /!\ Si un fichier est infecté en fin d'analyse /!\
    Clique sur "Appliquer toutes les actions "

    Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
    Enregistre ce fichier texte sur ton bureau.

    Redémarre normalement
    Copie/Colle le rapport AVG AS ainsi qu'un rapport Hijackthis.
    7 Février 2007 16:49:50

    Re,

    Voici les différents rapports :

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 16:45:08 07/02/2007

    + Résultat de l'analyse:



    HKU\S-1-5-21-1844237615-746137067-839522115-1002\Software\Apropos -> Adware.Apropos : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Program Files\DeluxeCommunications -> Adware.DeluxeCommunications : Nettoyé et sauvegardé (mise en quarantaine).
    HKU\.DEFAULT\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Nettoyé et sauvegardé (mise en quarantaine).
    HKU\.DEFAULT\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Nettoyé et sauvegardé (mise en quarantaine).
    HKU\S-1-5-18\Software\DeluxeCommunications -> Adware.DeluxeCommunications : Nettoyé et sauvegardé (mise en quarantaine).
    HKU\S-1-5-18\Software\DeluxeCommunications\Internet Explorer -> Adware.DeluxeCommunications : Nettoyé et sauvegardé (mise en quarantaine).
    C:\VundoFix Backups\awtqpnk.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
    C:\VundoFix Backups\awtstrq.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
    C:\VundoFix Backups\cbxvwww.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
    C:\VundoFix Backups\jkkiigg.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
    C:\VundoFix Backups\pmnonom.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
    C:\VundoFix Backups\qomjhfd.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
    C:\VundoFix Backups\qomljgg.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
    C:\VundoFix Backups\yayyvvu.dll.bad -> Adware.Virtumonde : Nettoyé et sauvegardé (mise en quarantaine).
    C:\WINDOWS\system32\msinnt.exe -> Backdoor.Rbot.bvz : Nettoyé et sauvegardé (mise en quarantaine).
    C:\WINDOWS\system32\zvlaau.exe -> Backdoor.Rbot.bvz : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\0ZI3YB21\iciefpcczr[1].txt -> Downloader.Obfuscated.bh : Nettoyé et sauvegardé (mise en quarantaine).
    C:\WINDOWS\system32\sfc_os.dll -> Downloader.SFC.os : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\838ZGJO7\flescyzjj[1].htm -> Downloader.Small.ddy : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KTWP4HMR\flescyzjj[1].htm -> Downloader.Small.ddy : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CF6PIDQH\loaded[1].exe -> Downloader.Small.edb : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZG6YRVTH\loadadv[1].exe -> Downloader.Small.edb : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\838ZGJO7\loaded[1].exe -> Downloader.Small.edb : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\8XEFSLYR\ml[1].htm -> Downloader.Small.efh : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\LRVZ194E\ml[1].exe -> Downloader.Small.efh : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KTWP4HMR\lfolv[1].htm -> Hijacker.Agent.is : Nettoyé et sauvegardé (mise en quarantaine).
    C:\mfye.exe -> Hijacker.Agent.is : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\QLOVMHKT\script-28[1].htm -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Kevin\Cookies\kevin@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@oasc02.247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.6:C:\Documents and Settings\Alexandre Dias\Application Data\Mozilla\Firefox\Profiles\napznp4f.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
    :mozilla.7:C:\Documents and Settings\Alexandre Dias\Application Data\Mozilla\Firefox\Profiles\napznp4f.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\Sabrina\Local Settings\Temp\Cookies\sabrina@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@adviva[2].txt -> TrackingCookie.Adviva : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@bfast[2].txt -> TrackingCookie.Bfast : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\Sabrina\Local Settings\Temp\Cookies\sabrina@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@banner.casinoking[2].txt -> TrackingCookie.Casinoking : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@casinoking[2].txt -> TrackingCookie.Casinoking : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    C:\Documents and Settings\Sabrina\Local Settings\Temp\Cookies\sabrina@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    :mozilla.10:C:\Documents and Settings\Alexandre Dias\Application Data\Mozilla\Firefox\Profiles\napznp4f.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
    :mozilla.11:C:\Documents and Settings\Alexandre Dias\Application Data\Mozilla\Firefox\Profiles\napznp4f.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
    :mozilla.12:C:\Documents and Settings\Alexandre Dias\Application Data\Mozilla\Firefox\Profiles\napznp4f.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
    :mozilla.13:C:\Documents and Settings\Alexandre Dias\Application Data\Mozilla\Firefox\Profiles\napznp4f.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
    :mozilla.8:C:\Documents and Settings\Alexandre Dias\Application Data\Mozilla\Firefox\Profiles\napznp4f.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
    :mozilla.9:C:\Documents and Settings\Alexandre Dias\Application Data\Mozilla\Firefox\Profiles\napznp4f.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@searchportal.information[1].txt -> TrackingCookie.Information : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@linksynergy[2].txt -> TrackingCookie.Linksynergy : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
    C:\Documents and Settings\Sabrina\Local Settings\Temp\Cookies\sabrina@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@overture[2].txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@revenue[2].txt -> TrackingCookie.Revenue : Nettoyé.
    C:\Documents and Settings\Sabrina\Local Settings\Temp\Cookies\sabrina@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\Sabrina\Local Settings\Temp\Cookies\sabrina@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\Sabrina\Local Settings\Temp\Cookies\sabrina@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\Sabrina\Local Settings\Temp\Cookies\sabrina@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\Kevin\Cookies\kevin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé.
    C:\WINDOWS\system32\3963185065.dll -> Trojan.Ceda.b : Nettoyé et sauvegardé (mise en quarantaine).
    C:\WINDOWS\system32\Com\install.bat -> Trojan.Drev : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CF6PIDQH\dwtmjkgh[1].htm -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CF6PIDQH\hgmslsbl[1].htm -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CF6PIDQH\hloptxakt[1].htm -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OJUYI0A3\syvspzzjtp[1].htm -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZG6YRVTH\puwgdnk[1].htm -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ZG6YRVTH\unxtdrnolu[1].htm -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\838ZGJO7\hgmslsbl[1].htm -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KTWP4HMR\unxtdrnolu[1].htm -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
    C:\eimh.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
    C:\jswaao.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
    C:\nsrat.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
    C:\wrncp.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).
    C:\ypcqmug.exe -> Trojan.ProcKill.DJ : Nettoyé et sauvegardé (mise en quarantaine).


    Fin du rapport

    *******************************************************

    Logfile of HijackThis v1.99.1
    Scan saved at 16:47:29, on 07/02/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\Rar$EX01.031\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - - (no file)
    O2 - BHO: (no name) - {09F9FFD2-7232-4158-B29B-648FE4E9C85C} - C:\WINDOWS\System32\xxyaxus.dll (file missing)
    O2 - BHO: (no name) - {4EAFF741-9C5C-437C-93CC-928CC099E4DA} - C:\WINDOWS\System32\vtsqq.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\mvgcmgew.dll (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ixjapkwmbu] c:\windows\system32\ixjapkwmbu.exe ixjapkwmbu
    O4 - HKLM\..\Run: [hrcopul.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\LocalService\Local Settings\Application Data\hrcopul.dll",vuljcec
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [LBqERRdqP] desrhook.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: WkCalRem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?dff67217d1bd45188cd2a6788b6b13c0
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?dff67217d1bd45188cd2a6788b6b13c0
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x....
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x...
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.c...
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://fr.pixaco.com/static/download/iedropupload.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoade...
    O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/20adb262ad2aca3c8017/netzip...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.misterclic.fr/Components/Upload/ImageUploade...
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPl...
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.sonypictures.com/games/thedavincicode/DVCDow...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools....
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_s...
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt....
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: bw+0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: dxclib303562752.dll,wbsys.dll
    O20 - Winlogon Notify: vtsqq - C:\WINDOWS\System32\vtsqq.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe (file missing)
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Services IPSEC PolicyAgentNetlogon (PolicyAgentNetlogon) - Unknown owner - C:\WINDOWS\System32\23930.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Microsoft Windows Als Service (Windows Als Service) - Conexant Systems - (no file)
    O23 - Service: Micros

    *******************************************************

    Voila, bonne chance ;) 

    a b 8 Sécurité
    7 Février 2007 16:55:49

    Poste un rapport Combofix.
    On passe aux choses sérieuses ;) 
    7 Février 2007 17:32:57

    Re,

    Alors si on passe aux choses sérieuses, je suis prêt...

    voici le Rapport Combo

    "Alexandre Dias" - 07-02-07 17:26:50 Service Pack 1
    ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Alexandre Dias\Bureau"

    /wow section not completed - STAGE #4

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
    Folders Quarantined:
    C:\qoobox\purity\Program Files\ASKS~1
    C:\qoobox\purity\Program Files\ASKS~1\?icrosoft.NET


    ((((((((((((((((((((((((((((((( Files Created from 2007-01-07 to 2007-02-07 ))))))))))))))))))))))))))))))))))


    2007-02-07 15:06 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-02-07 15:06 <REP> d-------- C:\Program Files\Grisoft
    2007-02-07 14:08 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
    2007-02-07 14:08 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-02-07 14:08 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-02-07 14:08 40,960 --a------ C:\WINDOWS\system32\swsc.exe
    2007-02-07 14:08 3,600 --a------ C:\WINDOWS\system32\tmp.reg
    2007-02-07 14:08 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-02-07 14:08 135,168 --a------ C:\WINDOWS\system32\swreg.exe
    2007-01-27 15:15 <REP> d----c--- C:\VundoFix Backups
    2007-01-27 15:05 <REP> d-------- C:\Program Files\Sunbelt Software
    2007-01-23 18:27 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
    2007-01-23 17:42 390 --a--c--- C:\chemical.exe
    2007-01-20 18:51 0 --a--c--- C:\raxkkvo.exe
    2007-01-20 18:48 0 --a--c--- C:\amwapy.exe
    2007-01-20 18:48 0 --a--c--- C:\aklrkeh.exe
    2007-01-19 12:52 49,152 --a--c--- C:\elljoi.exe
    2007-01-14 14:20 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\SearchToolbarCorp
    2007-01-13 23:02 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\AdobeUM
    2007-01-13 22:58 23,552 --a--c--- C:\giicqk.exe
    2007-01-13 17:21 <REP> d-------- C:\Program Files\SymNetDrv
    2007-01-13 17:10 34,578 --a------ C:\WINDOWS\system32\drivers\NPDRIVER.SYS
    2007-01-13 16:59 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2007-01-13 16:59 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-01-13 16:59 <REP> d-------- C:\Program Files\Norton AntiVirus
    2007-01-13 16:58 <REP> d-------- C:\Program Files\Symantec
    2007-01-10 18:09 44,032 --a--c--- C:\loder.exe
    2007-01-09 16:45 42,692 --a------ C:\WINDOWS\system32\svhostz7.exe
    2007-01-08 17:15 30,221 -----c--- C:\rmfi.exe
    2007-01-07 20:38 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\Symantec


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-23 18:51 -------- d----c--- C:\Program Files\Fichiers communs\symantec shared
    2007-01-13 16:59 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
    2007-01-06 22:25 0 --a--c--- C:\whmiqq.exe
    2007-01-06 22:25 0 --a--c--- C:\pjvatvux.exe
    2007-01-06 22:25 0 --a--c--- C:\omhran.exe
    2007-01-06 22:25 0 --a--c--- C:\ngaobk.exe
    2007-01-06 22:25 0 --a--c--- C:\doqic.exe
    2007-01-06 22:25 0 --a--c--- C:\cgpevf.exe
    2007-01-06 22:24 0 --a--c--- C:\ntbtggkm.exe
    2007-01-06 22:24 0 --a--c--- C:\jtcjyqpk.exe
    2007-01-06 22:03 -------- d-------- C:\Program Files\google
    2007-01-06 16:19 -------- d----c--- C:\DOCUME~1\ALEXAN~1\Application Data\ultimate cleaner
    2007-01-05 12:24 -------- d-------- C:\Program Files\msn messenger
    2007-01-03 16:35 -------- d-------- C:\Program Files\alwil software
    2007-01-03 16:23 -------- d----c--- C:\DOCUME~1\ALEXAN~1\Application Data\google
    2007-01-03 13:53 22016 --a------ C:\WINDOWS\system32\partizan.exe
    2007-01-03 13:52 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
    2007-01-03 10:11 0 --a------ C:\WINDOWS\system32\hrcopul.dll
    2007-01-02 15:11 0 --a------ C:\WINDOWS\internat.exe
    2007-01-02 15:11 -------- d-------- C:\Program Files\password recovery pro demo
    2007-01-02 14:54 0 --a--c--- C:\sdqmmkl.exe
    2007-01-02 14:52 133727 --a--c--- C:\ragh.exe
    2007-01-02 10:05 84480 -r-hs---- C:\WINDOWS\werecl.exe
    2006-12-22 11:09 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2006-12-22 10:48 -------- d----c--- C:\DOCUME~1\ALEXAN~1\Application Data\logitech
    2006-12-19 20:55 -------- d--h----- C:\Program Files\installshield installation information
    2006-12-19 20:55 -------- d-------- C:\Program Files\musicmatch
    2006-12-19 20:52 118784 -r------- C:\WINDOWS\bwunin-7.2.0.137-8876480sl.exe
    2006-12-19 20:52 -------- d-------- C:\Program Files\logitech
    2006-12-19 20:47 -------- d-------- C:\Program Files\Fichiers communs\logitech
    2006-12-03 12:07 483 --a--c--- C:\pnpID.dat
    2006-11-07 17:38 615 --a------ C:\WINDOWS\ereg.dat
    2006-11-07 13:27 675840 --a------ C:\WINDOWS\system32\cduninst.exe


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
    "LBqERRdqP"="desrhook.exe"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
    "nwiz"="nwiz.exe /install"
    "SoundMan"="SOUNDMAN.EXE"
    "Microsoft Works Update Detection"="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WkUFind.exe"
    "EoEngine"=""
    "EoComputer"=""
    "EPSON Stylus Photo RX520 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAGE.EXE /P31 \"EPSON Stylus Photo RX520 Series\" /O6 \"USB001\" /M \"Stylus Photo RX520\""
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
    "ixjapkwmbu"="c:\\windows\\system32\\ixjapkwmbu.exe ixjapkwmbu"
    "hrcopul.dll"="C:\\WINDOWS\\System32\\rundll32.exe \"C:\\Documents and Settings\\LocalService\\Local Settings\\Application Data\\hrcopul.dll\",vuljcec"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
    "Advanced Tools Check"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
    "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\0]
    "Operation"=dword:00000001
    "Target"="\\??\\C:\\DOCUME~1\\Kevin\\LOCALS~1\\Temp\\h91746.exe"
    "Source"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\1]
    "Operation"=dword:00000001
    "Target"="\\??\\C:\\DOCUME~1\\Kevin\\LOCALS~1\\Temp\\gis2d4897"
    "Source"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\2]
    "Operation"=dword:00000001
    "Target"="C:\\WINDOWS\\SYSTEM32\\KERNEL~1.EXE"
    "Source"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\InterVideo WinCinema Manager.lnk"
    "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
    "item"="InterVideo WinCinema Manager"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Lancement rapide d'Adobe Reader.lnk"
    "backup"="C:\\WINDOWS\\pss\\Lancement rapide d'Adobe Reader.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
    "item"="Lancement rapide d'Adobe Reader"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CAMTRAY"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="eBayTBDaemon"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mmtask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mm_tray"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GoogleToolbarNotifier"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ultimate Cleaner]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="App"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Ultimate Cleaner\\App.exe\" hide"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="dxclib303562752.dll,wbsys.dll"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{09F9FFD2-7232-4158-B29B-648FE4E9C85C}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Cccs"="\"C:\\PROGRA~1\\ASKS~1\\iexplore.exe\" -vt yazr"
    "WinInit"="\"C:\\WINDOWS\\TEMP\\241437.exe\" "
    "Win32"="zvlaau.exe"
    "ctpmon"="ctpmon.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Cccs"="\"C:\\PROGRA~1\\ASKS~1\\iexplore.exe\" -vt yazr"
    "WinInit"="\"C:\\WINDOWS\\TEMP\\241437.exe\" "
    "Win32"="zvlaau.exe"
    "ctpmon"="ctpmon.exe"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqq

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    Usnsvc REG_MULTI_SZ usnsvc\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
    C:\WINDOWS\tasks\Symantec NetDetect.job


    ********************************************************************

    catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-02-07 17:30:57
    C:\ComboFix2.txt ... 07-02-07 14:45
    C:\ComboFix3.txt ... 07-01-27 15:53
    a b 8 Sécurité
    7 Février 2007 18:34:43

    Re,

    Télécharge KillBox d'Option^Explicit.
    Dézippe le dans un dossier ou sur ton bureau (Clique droit puis Extraire Tout).

    Selectionne le texte dans le cadre :

    Citation :
    C:\chemical.exe
    C:\raxkkvo.exe
    C:\amwapy.exe
    C:\aklrkeh.exe
    C:\elljoi.exe
    C:\DOCUME~1\Kevin\Application Data\SearchToolbarCorp
    C:\giicqk.exe
    C:\WINDOWS\system32\svhostz7.exe
    C:\rmfi.exe
    C:\whmiqq.exe
    C:\pjvatvux.exe
    C:\omhran.exe
    C:\ngaobk.exe
    C:\doqic.exe
    C:\cgpevf.exe
    C:\ntbtggkm.exe
    C:\jtcjyqpk.exe
    C:\WINDOWS\system32\hrcopul.dll
    C:\sdqmmkl.exe
    C:\ragh.exe
    C:\WINDOWS\werecl.exe
    C:\WINDOWS\bwunin-7.2.0.137-8876480sl.exe


    ---> Clique Droit puis Copier.
    ----------

    -- Ouvre Killbox.exe
    -- Choisis "Delete on reboot"
    -- Clique sur :
    - " File " -> " Paste from Clipboard "
    - " All Files "

    Pour terminer clique sur [:angeldark:3]

    Une question te sera alors posée :
    " File will be Removed on Reboot, Do you want to reboot now ? "

    -- Répond par OUI, un compte à rebours s'enclenche, ton PC va redémarrer.
    -- Après redémarrage, relance Killbox puis clique sur le menu : Files -> Logs -> Actions History Log, poste ce rapport ici.

    NOTE: Si tu reçois le message "PendingFileRenameOperations Registry Data has been removed by external process!"
    Redémarre ton PC manuellement.

    AIDE : Tuto sur KillBox (Jesses)
    7 Février 2007 19:01:20

    ReSalut,

    Voila le rapport de Killbox, j'en ai fait un de Hijack, au cas ou :

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Alexandre Dias(Administrator)
    was started @ mercredi, février 07, 2007, 6:45 PM

    # 1 [Delete on Reboot]
    Path = C:\chemical.exe


    # 2 [Delete on Reboot]
    Path = C:\raxkkvo.exe


    # 3 [Delete on Reboot]
    Path = C:\amwapy.exe


    # 4 [Delete on Reboot]
    Path = C:\aklrkeh.exe


    # 5 [Delete on Reboot]
    Path = C:\elljoi.exe


    # 6 [Delete on Reboot]
    Path = C:\DOCUME~1\Kevin\Application Data\SearchToolbarCorp


    # 7 [Delete on Reboot]
    Path = C:\giicqk.exe


    # 8 [Delete on Reboot]
    Path = C:\WINDOWS\system32\svhostz7.exe


    # 9 [Delete on Reboot]
    Path = C:\rmfi.exe


    # 10 [Delete on Reboot]
    Path = C:\whmiqq.exe


    # 11 [Delete on Reboot]
    Path = C:\pjvatvux.exe


    # 12 [Delete on Reboot]
    Path = C:\omhran.exe


    # 13 [Delete on Reboot]
    Path = C:\ngaobk.exe


    # 14 [Delete on Reboot]
    Path = C:\doqic.exe


    # 15 [Delete on Reboot]
    Path = C:\cgpevf.exe


    # 16 [Delete on Reboot]
    Path = C:\ntbtggkm.exe


    # 17 [Delete on Reboot]
    Path = C:\jtcjyqpk.exe


    # 18 [Delete on Reboot]
    Path = C:\WINDOWS\system32\hrcopul.dll


    # 19 [Delete on Reboot]
    Path = C:\sdqmmkl.exe


    # 20 [Delete on Reboot]
    Path = C:\ragh.exe


    # 21 [Delete on Reboot]
    Path = C:\WINDOWS\werecl.exe


    # 22 [Delete on Reboot]
    Path = C:\WINDOWS\bwunin-7.2.0.137-8876480sl.exe


    I Rebooted @ 6:46:41 PM
    Killbox Closed(Exit) @ 6:46:41 PM
    __________________________________________________

    Pocket Killbox version 2.0.0.648
    Running on Windows XP as Alexandre Dias(Administrator)
    was started @ mercredi, février 07, 2007, 6:51 PM

    *******************************************************

    Logfile of HijackThis v1.99.1
    Scan saved at 18:58:11, on 07/02/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\dllhost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\System32\taskmgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
    C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    C:\Program Files\Fichiers communs\Logitech\KHAL\KHALMNPR.EXE
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\Rar$EX03.735\scanner.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\sprite6.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - - (no file)
    O2 - BHO: (no name) - {09F9FFD2-7232-4158-B29B-648FE4E9C85C} - C:\WINDOWS\System32\xxyaxus.dll (file missing)
    O2 - BHO: (no name) - {4EAFF741-9C5C-437C-93CC-928CC099E4DA} - C:\WINDOWS\System32\vtsqq.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\mvgcmgew.dll (file missing)
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [ixjapkwmbu] c:\windows\system32\ixjapkwmbu.exe ixjapkwmbu
    O4 - HKLM\..\Run: [hrcopul.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\LocalService\Local Settings\Application Data\hrcopul.dll",vuljcec
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [LBqERRdqP] desrhook.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.6962\GoogleToolbarNotifier.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
    O4 - Startup: WkCalRem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?dff67217d1bd45188cd2a6788b6b13c0
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?dff67217d1bd45188cd2a6788b6b13c0
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x....
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x...
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.c...
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://fr.pixaco.com/static/download/iedropupload.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoade...
    O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/20adb262ad2aca3c8017/netzip...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.misterclic.fr/Components/Upload/ImageUploade...
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPl...
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.sonypictures.com/games/thedavincicode/DVCDow...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools....
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_s...
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt....
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: bw+0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - AppInit_DLLs: dxclib303562752.dll,wbsys.dll
    O20 - Winlogon Notify: vtsqq - C:\WINDOWS\System32\vtsqq.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe (file missing)
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Services IPSEC PolicyAgentNetlogon (PolicyAgentNetlogon) - Unknown owner - C:\WINDOWS\System32\23930.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Microsoft Windows Als Service (Windows Als Service) - Conexant Systems - (no file)
    O23 - Service: Microsoft Apache for Windows (Windows Apache Service) - Unknown owner - C:\WINDOWS\wpablin.exe (file missing)
    O23 - Service: Windows Atapi Driver - Unknown owner - (no file)

    *******************************************************
    a b 8 Sécurité
    8 Février 2007 20:09:22

    Refais un scan Combofix maintenant.
    8 Février 2007 20:27:12

    Re,

    "Alexandre Dias" - 07-02-08 20:21:29 Service Pack 1
    ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Alexandre Dias\Bureau"

    /wow section not completed - STAGE #4

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
    Folders Quarantined:
    C:\qoobox\purity\Program Files\ASKS~1
    C:\qoobox\purity\Program Files\ASKS~1\?icrosoft.NET


    ((((((((((((((((((((((((((((((( Files Created from 2007-01-08 to 2007-02-08 ))))))))))))))))))))))))))))))))))


    2007-02-07 18:45 <REP> d----c--- C:\!KillBox
    2007-02-07 15:06 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-02-07 15:06 <REP> d-------- C:\Program Files\Grisoft
    2007-02-07 14:08 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
    2007-02-07 14:08 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2007-02-07 14:08 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2007-02-07 14:08 40,960 --a------ C:\WINDOWS\system32\swsc.exe
    2007-02-07 14:08 3,600 --a------ C:\WINDOWS\system32\tmp.reg
    2007-02-07 14:08 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2007-02-07 14:08 135,168 --a------ C:\WINDOWS\system32\swreg.exe
    2007-01-27 15:15 <REP> d----c--- C:\VundoFix Backups
    2007-01-27 15:05 <REP> d-------- C:\Program Files\Sunbelt Software
    2007-01-23 18:27 <REP> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Spybot - Search & Destroy
    2007-01-14 14:20 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\SearchToolbarCorp
    2007-01-13 23:02 <REP> d-------- C:\DOCUME~1\Kevin\Application Data\AdobeUM
    2007-01-13 17:21 <REP> d-------- C:\Program Files\SymNetDrv
    2007-01-13 17:10 34,578 --a------ C:\WINDOWS\system32\drivers\NPDRIVER.SYS
    2007-01-13 16:59 91,904 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
    2007-01-13 16:59 124,016 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
    2007-01-13 16:59 <REP> d-------- C:\Program Files\Norton AntiVirus
    2007-01-13 16:58 <REP> d-------- C:\Program Files\Symantec
    2007-01-10 18:09 44,032 --a--c--- C:\loder.exe


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2007-01-23 18:51 -------- d----c--- C:\Program Files\Fichiers communs\symantec shared
    2007-01-13 16:59 10344 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
    2007-01-06 22:03 -------- d-------- C:\Program Files\google
    2007-01-06 16:19 -------- d----c--- C:\DOCUME~1\ALEXAN~1\Application Data\ultimate cleaner
    2007-01-05 12:24 -------- d-------- C:\Program Files\msn messenger
    2007-01-03 16:35 -------- d-------- C:\Program Files\alwil software
    2007-01-03 16:23 -------- d----c--- C:\DOCUME~1\ALEXAN~1\Application Data\google
    2007-01-03 13:53 22016 --a------ C:\WINDOWS\system32\partizan.exe
    2007-01-03 13:52 25773 --a------ C:\WINDOWS\system32\drivers\regguard.sys
    2007-01-02 15:11 0 --a------ C:\WINDOWS\internat.exe
    2007-01-02 15:11 -------- d-------- C:\Program Files\password recovery pro demo
    2006-12-22 11:09 1100 --a------ C:\WINDOWS\system32\d3d8caps.dat
    2006-12-22 10:48 -------- d----c--- C:\DOCUME~1\ALEXAN~1\Application Data\logitech
    2006-12-19 20:55 -------- d--h----- C:\Program Files\installshield installation information
    2006-12-19 20:55 -------- d-------- C:\Program Files\musicmatch
    2006-12-19 20:52 -------- d-------- C:\Program Files\logitech
    2006-12-19 20:47 -------- d-------- C:\Program Files\Fichiers communs\logitech
    2006-12-03 12:07 483 --a--c--- C:\pnpID.dat


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries & legit default entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe"
    "LBqERRdqP"="desrhook.exe"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
    "swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize"
    "nwiz"="nwiz.exe /install"
    "SoundMan"="SOUNDMAN.EXE"
    "Microsoft Works Update Detection"="C:\\Program Files\\Fichiers communs\\Microsoft Shared\\Works Shared\\WkUFind.exe"
    "EoEngine"=""
    "EoComputer"=""
    "EPSON Stylus Photo RX520 Series"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\E_FATIAGE.EXE /P31 \"EPSON Stylus Photo RX520 Series\" /O6 \"USB001\" /M \"Stylus Photo RX520\""
    "KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
    65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
    "ixjapkwmbu"="c:\\windows\\system32\\ixjapkwmbu.exe ixjapkwmbu"
    "hrcopul.dll"="C:\\WINDOWS\\System32\\rundll32.exe \"C:\\Documents and Settings\\LocalService\\Local Settings\\Application Data\\hrcopul.dll\",vuljcec"
    "TkBellExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
    "Advanced Tools Check"="C:\\PROGRA~1\\NORTON~1\\AdvTools\\ADVCHK.EXE"
    "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
    "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\0]
    "Operation"=dword:00000001
    "Target"="\\??\\C:\\DOCUME~1\\Kevin\\LOCALS~1\\Temp\\h91746.exe"
    "Source"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\1]
    "Operation"=dword:00000001
    "Target"="\\??\\C:\\DOCUME~1\\Kevin\\LOCALS~1\\Temp\\gis2d4897"
    "Source"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce\ApprovedByRegRun2\AntiRepl\2]
    "Operation"=dword:00000001
    "Target"="C:\\WINDOWS\\SYSTEM32\\KERNEL~1.EXE"
    "Source"=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^InterVideo WinCinema Manager.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\InterVideo WinCinema Manager.lnk"
    "backup"="C:\\WINDOWS\\pss\\InterVideo WinCinema Manager.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\INTERV~1\\Common\\Bin\\WINCIN~1.EXE "
    "item"="InterVideo WinCinema Manager"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Lancement rapide d'Adobe Reader.lnk"
    "backup"="C:\\WINDOWS\\pss\\Lancement rapide d'Adobe Reader.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
    "item"="Lancement rapide d'Adobe Reader"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]
    "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Microsoft Office.lnk"
    "backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
    "location"="Common Startup"
    "command"="C:\\PROGRA~1\\MICROS~4\\Office10\\OSA.EXE -b -l"
    "item"="Microsoft Office"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="CAMTRAY"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="eBayTBDaemon"
    "hkey"="HKLM"
    "command"="C:\\Program Files\\eBay\\eBay Toolbar2\\eBayTBDaemon.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mmtask"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="mm_tray"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="NeroCheck"
    "hkey"="HKLM"
    "command"="C:\\WINDOWS\\System32\\NeroCheck.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="GoogleToolbarNotifier"
    "hkey"="HKCU"
    "command"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.6962\\GoogleToolbarNotifier.exe"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="realsched"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\realsched.exe\" -osboot"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ultimate Cleaner]
    "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
    "item"="App"
    "hkey"="HKLM"
    "command"="\"C:\\Program Files\\Ultimate Cleaner\\App.exe\" hide"
    "inimapping"="0"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "appinit_dlls"="dxclib303562752.dll,wbsys.dll"


    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{09F9FFD2-7232-4158-B29B-648FE4E9C85C}"=""
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Cccs"="\"C:\\PROGRA~1\\ASKS~1\\iexplore.exe\" -vt yazr"
    "WinInit"="\"C:\\WINDOWS\\TEMP\\241437.exe\" "
    "Win32"="zvlaau.exe"
    "ctpmon"="ctpmon.exe"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
    "Cccs"="\"C:\\PROGRA~1\\ASKS~1\\iexplore.exe\" -vt yazr"
    "WinInit"="\"C:\\WINDOWS\\TEMP\\241437.exe\" "
    "Win32"="zvlaau.exe"
    "ctpmon"="ctpmon.exe"

    HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\vtsqq

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
    LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
    NetworkService REG_MULTI_SZ DnsCache\0\0
    rpcss REG_MULTI_SZ RpcSs\0\0
    imgsvc REG_MULTI_SZ StiSvc\0\0
    termsvcs REG_MULTI_SZ TermService\0\0
    Usnsvc REG_MULTI_SZ usnsvc\0\0



    Contents of the 'Scheduled Tasks' folder
    C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
    C:\WINDOWS\tasks\Symantec NetDetect.job


    ********************************************************************

    catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
    http://www.gmer.net

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    ********************************************************************

    Completion time: 07-02-08 20:25:36
    C:\ComboFix2.txt ... 07-02-07 17:30
    C:\ComboFix3.txt ... 07-02-07 14:45
    a b 8 Sécurité
    8 Février 2007 20:37:51

    Re,

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Configurer le contrôle des ActiveX

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.

    Après on termine le travail avec Hijackthis.
    8 Février 2007 21:26:45

    Re,

    Je ne peux pas faire le scan car il affiche ce message quand j'essaye de démarrer Internet :

    "Cette application n'a pas pu démarrer car mscvrl.dll est introuvable. La réinstallation de cette application peut corriger ce problème".

    a b 8 Sécurité
    8 Février 2007 21:40:46

    re,

    - Lance Hijackthis ->Do a system scan only
    ->Coche les lignes ci-dessous :

    R3 - URLSearchHook: {EA551C00-2AE5-11d3-8592-00A0C98E9EA4} - - (no file)
    O2 - BHO: (no name) - {09F9FFD2-7232-4158-B29B-648FE4E9C85C} - C:\WINDOWS\System32\xxyaxus.dll (file missing)
    O2 - BHO: (no name) - {4EAFF741-9C5C-437C-93CC-928CC099E4DA} - C:\WINDOWS\System32\vtsqq.dll (file missing)
    O2 - BHO: (no name) - {7DA39570-5FD2-4f18-94B4-20730CB3F727} - C:\WINDOWS\System32\mvgcmgew.dll (file missing)
    O4 - HKLM\..\Run: [ixjapkwmbu] c:\windows\system32\ixjapkwmbu.exe ixjapkwmbu
    O4 - HKLM\..\Run: [hrcopul.dll] C:\WINDOWS\System32\rundll32.exe "C:\Documents and Settings\LocalService\Local Settings\Application Data\hrcopul.dll",vuljcec
    O4 - HKCU\..\Run: [LBqERRdqP] desrhook.exe
    O20 - AppInit_DLLs: dxclib303562752.dll,wbsys.dll
    O20 - Winlogon Notify: vtsqq - C:\WINDOWS\System32\vtsqq.dll (file missing)
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Microsoft Windows Als Service (Windows Als Service) - Conexant Systems - (no file)
    O23 - Service: Microsoft Apache for Windows (Windows Apache Service) - Unknown owner - C:\WINDOWS\wpablin.exe (file missing)
    O23 - Service: Windows Atapi Driver - Unknown owner - (no file)

    Clique sur Fix checked (en bas à gauche)

    ----------
    -> Démarrer
    -> Exécuter...
    Tape Services.msc puis valide
    Double clique sur " Boonty Games "
    Type de démarrage : " Désactiver "
    Clique en bas sur " Arrêter "
    Valide les changements.
    Fais pareil avec :
    Microsoft Windows Als Service
    Microsoft Apache for Windows
    Windows Atapi Driver
    -----
    Ouvre Hijackthis puis:
    -> Open the Misc Tools Section
    -> Delete an NT Service
    Tape " BOONTY " puis valide.
    Fais pareil avec :
    Windows Als Service
    Windows Apache Service
    Windows Atapi Driver
    ----------

    Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.
    Double-clique sur OTMoveIt.exe afin de le lancer.
    Sélectionne TOUS les emplacements suivant :

    C:\Program Files\Fichiers communs\BOONTY Shared
    C:\WINDOWS\wpablin.exe
    C:\WINDOWS\system32\desrhook.exe
    C:\WINDOWS\system32\dxclib303562752.dll


    ---> Clique-droit puis Copier

    Retourne sur OTMoveIt, fais un Clique-droit sur le cadre de gauche puis chosis Coller.
    Clique maintenant sur [#ff0000]MoveIt![/#f]

    Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
    Le nom du rapport est la date de sa création.

    Note: Si un fichier ou dossier ne peut être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
    8 Février 2007 22:19:30

    Re,

    Voici le rapport,

    C:\Program Files\Fichiers Communs\BOONTY Shared\Service moved successfully.
    C:\Program Files\Fichiers Communs\BOONTY Shared moved successfully.
    File/Folder C:\WINDOWS\wpablin.exe not found.
    File/Folder C:\WINDOWS\system32\desrhook.exe not found.
    File/Folder C:\WINDOWS\system32\dxclib303562752.dll not found.

    Created on 02/08/2007 22:03:26

    Bonne chance pour la suite :D 
    a b 8 Sécurité
    8 Février 2007 22:34:33

    Reposte un rapport Hijackthis.
    9 Février 2007 11:44:57

    Logfile of HijackThis v1.99.1
    Scan saved at 11:43:20, on 09/02/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\Rar$EX01.250\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\RunOnce: [BrandClearStubs] RUNDLL32 IEDKCS32.DLL,BrandCleanInstallStubs >{E6ADCC3A-CB21-4988-8404-4AEE38B7B316}
    O4 - HKLM\..\RunOnce: [RunOnceEx] rundll32.exe iernonce.dll,RunOnceExProcess
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Startup: WkCalRem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?dff67217d1bd45188cd2a6788b6b13c0
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?dff67217d1bd45188cd2a6788b6b13c0
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x....
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x...
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.c...
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://fr.pixaco.com/static/download/iedropupload.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoade...
    O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/20adb262ad2aca3c8017/netzip...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.misterclic.fr/Components/Upload/ImageUploade...
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPl...
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.sonypictures.com/games/thedavincicode/DVCDow...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools....
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_s...
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt....
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: bw+0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe (file missing)
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Services IPSEC PolicyAgentNetlogon (PolicyAgentNetlogon) - Unknown owner - C:\WINDOWS\System32\23930.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

    a b 8 Sécurité
    9 Février 2007 17:50:17

    Encore des problèmes ?
    9 Février 2007 18:42:25

    Re,

    Pas au virus en tout cas si tu n'en détectes pas. Mais j'ai deux problèmes de dll : mscvrl.dll et sfc_os.dll.
    Je dois créer un autre sujet pour ça ou on peut le régler ensemble?

    A plus et encore merci
    a b 8 Sécurité
    9 Février 2007 18:47:43

    Commence par installer le SP2.
    9 Février 2007 18:59:31

    Je crois que j'ai le CD mais la dernière fois que je l'ai fait j'ai du tout formater.
    9 Février 2007 20:00:32

    Merci
    Je fais ca tout de suite
    9 Février 2007 22:13:26

    Re,
    Je viens de l'installer, l'installation s'est très bien déroulé.
    A mon avis, il reste encore quelques virus car en faisant un début de scan j'en ai trouve quelque uns. Au cas ou je te les listerai pour qu'on puisse les régler au cas ou.
    Sinon j'ai toujours un problème au niveau du sfc_os.dll. Est ca ce passe quand j'essaye d'acceder au Poste de Travail.

    Voila, si t'a une idée, n'hésites pas.
    a b 8 Sécurité
    10 Février 2007 13:16:32

    Reposte un rapport Hijackthis.
    10 Février 2007 15:58:00

    Re

    Logfile of HijackThis v1.99.1
    Scan saved at 15:56:53, on 10/02/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\ALEXAN~1\LOCALS~1\Temp\Rar$EX00.047\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.free.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.free.fr/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Barre d'outils MSN Search - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo RX520 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAGE.EXE /P31 "EPSON Stylus Photo RX520 Series" /O6 "USB001" /M "Stylus Photo RX520"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Startup: WkCalRem.LNK = C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkCalRem.exe
    O4 - Startup: Y'z ToolBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\fr-fr\bin\WindowsSearch.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1105\fr-fr\msntb.dll/search.htm
    O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download web site with Free Download Manager - file://C:\Program Files\Free Download Manager\dlpage.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/229?dff67217d1bd45188cd2a6788b6b13c0
    O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0000.1105\fr-fr\msntabres.dll/230?dff67217d1bd45188cd2a6788b6b13c0
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
    O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x....
    O16 - DPF: Yahoo! Fleet - http://download.games.yahoo.com/games/clients/y/fltt3_x...
    O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt3_x.c...
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
    O16 - DPF: {27FA5271-12D2-43E3-9424-365A43236EE7} (PIXACO upload plugin) - http://fr.pixaco.com/static/download/iedropupload.cab
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} (CR64Loader Object) - http://www.miniclip.com/puzzlepirates/miniclipGameLoade...
    O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/20adb262ad2aca3c8017/netzip...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {92E7E45A-D8C8-480E-AF99-176E43997CAA} (Aurigma Image Uploader 3.5 Combo Control) - http://www.misterclic.fr/Components/Upload/ImageUploade...
    O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPl...
    O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVC Download Control) - http://www.sonypictures.com/games/thedavincicode/DVCDow...
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDown...
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/4h/player.virtools....
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
    O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
    O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) - http://www2.incredimail.com/contents/setup/downloader_s...
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by103fd.bay103.hotmail.msn.com/activex/HMAtchmt....
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown....
    O18 - Protocol: bw+0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {73C29EF7-E79F-4431-B381-6495F8E5CD44} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Install Driver Manager (Install Driver Table Manager) - Unknown owner - C:\WINDOWS\wpablan.exe (file missing)
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Planificateur LiveUpdate automatique - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
    O23 - Service: Services IPSEC PolicyAgentNetlogon (PolicyAgentNetlogon) - Unknown owner - C:\WINDOWS\System32\23930.exe (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

    a b 8 Sécurité
    10 Février 2007 16:55:45

    C'est ok.
    10 Février 2007 19:03:57

    Ok. Je vais poster un petit rapport que j'ai éffectué avec Norton. Regarde si il y a quelquechose de grave, STP. Merci!

    gchbpbav.dll.bad --> C:\VundoFix Backups\gchbpbav.dll.bad

    loaded[1].exe --> C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\IL0NOT6X\loaded[1].exe

    secure32[1].htm --> C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\838ZGJO7\secure32[1].htm

    ddcccbx.dll.bad-->C:\VundoFix Backups\ddcccbx.dll.bad

    fccawxu.dll.bad-->C:\VundoFix Backups\fccawxu.dll.bad

    gchbpbav.dll.bad-->C:\VundoFix Backups\gchbpbav.dll.bad

    loaded.exe--> C:\!KillBox\ragh.exe

    rmfi[1].exe--> C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\OJUYI0A3\rmfi[1].exe

    rmfi[1].exe--> C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\KTWP4HMR\rmfi[1].exe

    rqrpnki.dll.bad--> C:\VundoFix Backups\rqrpnki.dll.bad

    xxyaxus.dll.bad--> C:\VundoFix Backups\xxyaxus.dll.bad
    a b 8 Sécurité
    11 Février 2007 14:22:31

    Rien de méchant.

    Supprime ces dossiers :
    C:\VundoFix Backups\
    C:\!KillBox\

    Vide ces dossiers :
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\
    11 Février 2007 16:51:32

    Merci encore pour toute ton aide sur ce fichu ordi. Mais je dois faire quelquiechose pour le dll : sfc_os.dll ou pas? Je sais pas.
    Merci
    a b 8 Sécurité
    11 Février 2007 17:24:00

    Ce n'est pas un problème de virus.
    11 Février 2007 17:30:30

    Je te remercie pour tout ce que tu a fait.
    A bientot
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS