Virus msn photo vacnaces ... encore
Tony9286
Messages postés
11
Statut
Membre
-
Profil bloqué -
Profil bloqué -
Bonjour,
Je suis tombé aussi dans le panneau de ce fameux message msn. J'ai utilisé msnfix pour une première analyse mais
aucun virus n'a été détecté. Du coup j'ai utilisé hijackThis pour avoir le statu. J'ai le .log, mais ne voulant pas faire de mauvaises manipulations, je voudrais savoir si quelqu'un pourrait m'aider à sujet.
Merci d'avance.
Je suis tombé aussi dans le panneau de ce fameux message msn. J'ai utilisé msnfix pour une première analyse mais
aucun virus n'a été détecté. Du coup j'ai utilisé hijackThis pour avoir le statu. J'ai le .log, mais ne voulant pas faire de mauvaises manipulations, je voudrais savoir si quelqu'un pourrait m'aider à sujet.
Merci d'avance.
A voir également:
- Isass exe
- Google photo - Télécharger - Albums photo
- Photo filtre 7 gratuit - Télécharger - Retouche d'image
- Virus mcafee - Accueil - Piratage
- Google maps photo maison - Guide
- Partage photo - Guide
7 réponses
Ok
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Quittes tous les scan en temps réel avast et tout... (si il en reste il te le marquera)
Executes, laisse faire sans toucher a la souris ni au clavier (sauf pour cliquer sur ok)
Et attends qu'il redemarres 2 fois je crois (1ere pour finir nettoyage)
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Quittes tous les scan en temps réel avast et tout... (si il en reste il te le marquera)
Executes, laisse faire sans toucher a la souris ni au clavier (sauf pour cliquer sur ok)
Et attends qu'il redemarres 2 fois je crois (1ere pour finir nettoyage)
Ok ! J'ai lancé l'exe une première vois. En effet il restais un scan que j'ai desactivé.
Maintenant il me dit qu'il ne peut pas renommer Combofix en combofix[1]. Mais je ne retrouve pas le programme dans "ajouter/supprimer des programmes" afin de le supprimer et de recommencer proprement !
Qu'en penses tu ?
Maintenant il me dit qu'il ne peut pas renommer Combofix en combofix[1]. Mais je ne retrouve pas le programme dans "ajouter/supprimer des programmes" afin de le supprimer et de recommencer proprement !
Qu'en penses tu ?
C'est bon en fait, ma question etait ridicule. Donc j'ai bien lancé l'exe.
J'ai le log mais il n'a redemaré qu'une seule fois :
ComboFix 09-09-06.02 - Antoine 06/09/2009 20:45.1.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.511.252 [GMT 1:00]
Running from: d:\virus_msn\ComboFix.exe
AV: AntiVirus Firewall 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: AntiVirus Firewall 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Antoine\LOCALS~1\Temp\IadHide4.dll
c:\documents and settings\Antoine\Local Settings\Temp\IadHide4.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\c9e435.msp
c:\windows\system32\muzapp.exe
.
((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.
2009-09-03 22:44 . 2002-01-05 14:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-09-03 22:43 . 2009-09-03 22:44 -------- d-----w- c:\program files\Fichiers communs\DVDVideoSoft
2009-09-03 22:43 . 2009-09-03 22:44 -------- d-----w- c:\program files\DVDVideoSoft
2009-08-14 17:57 . 2004-08-19 15:09 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-13 18:16 . 2009-06-05 08:46 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 10:06 . 2002-12-11 23:14 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:56 . 2002-10-07 17:14 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2008-04-08 06:02 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-08 21:28 . 2009-06-11 22:49 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-07-03 17:57 . 2002-10-07 17:15 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:44 . 2002-10-07 17:15 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2002-10-07 17:15 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2002-10-07 17:15 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2002-10-07 17:15 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2002-10-07 17:15 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2002-10-07 16:15 731136 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-22 11:34 . 2002-10-07 17:15 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 15:54 . 2002-10-07 17:15 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 15:54 . 2002-10-07 17:15 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 12:33 . 2002-10-07 17:15 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-11 22:49 . 2002-10-07 17:16 53512 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-11 22:49 . 2002-10-07 17:16 378058 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-10 15:23 . 2002-10-07 17:14 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:30 . 2002-10-07 17:15 132096 ----a-w- c:\windows\system32\wkssvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-04-07 20480]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="c:\windows\ATK0100\Hcontrol.exe" [2004-01-19 65536]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 172032]
"Power_Gear"="c:\progra~1\ASUS\Power4 Gear\BatteryLife.exe" [2004-01-19 81920]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-23 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-23 618496]
"ATIPTA"="c:\progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-25 335872]
"PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-02-05 86016]
"WMAAD"="c:\program files\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-16 110592]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"F-Secure Manager"="c:\program files\AntivirusFirewall\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2004-04-01 28672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ASUS ChkMail.lnk - c:\program files\Asus\Asus ChkMail\ChkMail.exe [2008-4-7 32768]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-4-7 450560]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-03-03 15:48 110592 ----a-w- c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TUWinStylerThemeSvc"=2 (0x2)
"TapiSrv"=3 (0x3)
"matlabserver"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [11/06/2009 23:49 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [11/06/2009 23:48 79872]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\AntivirusFirewall\HIPS\drivers\fshs.sys [11/06/2009 23:48 67808]
R2 RTWTKRNL;Real-Time Windows Target;c:\windows\system32\drivers\RTWTKRNL.sys [08/09/2007 21:31 27200]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [11/06/2009 23:47 100472]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\AntivirusFirewall\ORSP Client\fsorsp.exe [11/06/2009 23:48 55904]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [08/04/2008 19:32 5824]
S3 EAGLE2RC;Analog/DVB-T Hybrid Tv Infrared Receiver;c:\windows\system32\DRIVERS\Eagle2RC.sys --> c:\windows\system32\DRIVERS\Eagle2RC.sys [?]
S3 Eagle2TV;TV tuner device;c:\windows\system32\Drivers\eagle2tv_B.sys --> c:\windows\system32\Drivers\eagle2tv_B.sys [?]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [07/04/2008 23:13 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [07/04/2008 23:13 67760]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [11/06/2009 23:47 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [11/06/2009 23:47 25184]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-01 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-01 18:04]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://id.orange.fr/auth_user/bin/auth_user.cgi?origine=wg
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Transfert par Image Converter 3 - c:\program files\SONY\IMAGE CONVERTER 3\menu.htm
LSP: c:\program files\AntivirusFirewall\FSPS\program\FSLSP.DLL
Trusted Zone: secuser.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-06 20:52
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(880)
c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll
c:\windows\System32\LgNotify.dll
- - - - - - - > 'lsass.exe'(936)
c:\program files\AntivirusFirewall\FSPS\program\FSLSP.DLL
c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll
- - - - - - - > 'explorer.exe'(1244)
c:\docume~1\Antoine\LOCALS~1\Temp\IadHide4.dll
c:\program files\AntivirusFirewall\Spam Control\fsscoepl.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
- - - - - - - > 'csrss.exe'(856)
c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\SYSTEM32\S24EVMON.EXE
c:\program files\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSGK32ST.EXE
c:\program files\ANTIVIRUSFIREWALL\COMMON\FSMA32.EXE
c:\program files\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSGK32.EXE
c:\program files\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\program files\ANTIVIRUSFIREWALL\COMMON\FSMB32.EXE
c:\windows\SYSTEM32\REGSRVC.EXE
c:\program files\ANTIVIRUSFIREWALL\COMMON\FCH32.EXE
c:\program files\ANTIVIRUSFIREWALL\COMMON\FAMEH32.EXE
c:\program files\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSQH.EXE
c:\program files\ANTIVIRUSFIREWALL\FSAUA\PROGRAM\FSAUA.EXE
c:\program files\ANTIVIRUSFIREWALL\FWES\PROGRAM\FSDFWD.EXE
c:\program files\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSSM32.EXE
c:\program files\ANTIVIRUSFIREWALL\FSAUA\PROGRAM\FSUS.EXE
c:\program files\AntivirusFirewall\Anti-Virus\fsav32.exe
c:\windows\system32\ZCfgSvc.exe
c:\windows\System32\1XConfig.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\AntivirusFirewall\FSGUI\fsguidll.exe
c:\program files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Completion time: 2009-09-06 20:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-06 19:58
Pre-Run: 22 945 923 072 octets libres
Post-Run: 23 274 979 328 octets libres
194 --- E O F --- 2009-08-30 02:01
J'ai le log mais il n'a redemaré qu'une seule fois :
ComboFix 09-09-06.02 - Antoine 06/09/2009 20:45.1.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.511.252 [GMT 1:00]
Running from: d:\virus_msn\ComboFix.exe
AV: AntiVirus Firewall 8.01 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: AntiVirus Firewall 8.01 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Antoine\LOCALS~1\Temp\IadHide4.dll
c:\documents and settings\Antoine\Local Settings\Temp\IadHide4.dll
c:\windows\Downloaded Program Files\bdcore.dll
c:\windows\Downloaded Program Files\libfn.dll
c:\windows\Installer\c9e435.msp
c:\windows\system32\muzapp.exe
.
((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.
2009-09-03 22:44 . 2002-01-05 14:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2009-09-03 22:43 . 2009-09-03 22:44 -------- d-----w- c:\program files\Fichiers communs\DVDVideoSoft
2009-09-03 22:43 . 2009-09-03 22:44 -------- d-----w- c:\program files\DVDVideoSoft
2009-08-14 17:57 . 2004-08-19 15:09 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-08-13 18:16 . 2009-06-05 08:46 655872 ------w- c:\windows\system32\dllcache\mstscax.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 10:06 . 2002-12-11 23:14 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:56 . 2002-10-07 17:14 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 22:43 . 2008-04-08 06:02 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-07-08 21:28 . 2009-06-11 22:49 33920 ----a-w- c:\windows\system32\drivers\fsbts.sys
2009-07-03 17:57 . 2002-10-07 17:15 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:44 . 2002-10-07 17:15 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2002-10-07 17:15 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2002-10-07 17:15 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:44 . 2002-10-07 17:15 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:44 . 2002-10-07 17:15 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2002-10-07 16:15 731136 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-22 11:34 . 2002-10-07 17:15 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 15:54 . 2002-10-07 17:15 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 15:54 . 2002-10-07 17:15 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 12:33 . 2002-10-07 17:15 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-11 22:49 . 2002-10-07 17:16 53512 ----a-w- c:\windows\system32\perfc00C.dat
2009-06-11 22:49 . 2002-10-07 17:16 378058 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-10 15:23 . 2002-10-07 17:14 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:30 . 2002-10-07 17:15 132096 ----a-w- c:\windows\system32\wkssvc.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" [2008-04-07 20480]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-01-18 196608]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hcontrol"="c:\windows\ATK0100\Hcontrol.exe" [2004-01-19 65536]
"ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2003-09-19 172032]
"Power_Gear"="c:\progra~1\ASUS\Power4 Gear\BatteryLife.exe" [2004-01-19 81920]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-10-23 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-10-23 618496]
"ATIPTA"="c:\progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-08-25 335872]
"PRONoMgr.exe"="c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe" [2004-02-05 86016]
"WMAAD"="c:\program files\Sony\WALKMAN Launcher\WMAAD.exe" [2007-02-16 110592]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LVCOMSX"="c:\windows\System32\LVCOMSX.EXE" [2004-10-08 221184]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2005-01-18 458752]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-01-18 217088]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"SMSTray"="c:\program files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 132624]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"F-Secure Manager"="c:\program files\AntivirusFirewall\Common\FSM32.EXE" [2008-12-04 182936]
"F-Secure TNB"="c:\program files\AntivirusFirewall\FSGUI\TNBUtil.exe" [2008-12-04 957024]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2004-04-01 28672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-19 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
ASUS ChkMail.lnk - c:\program files\Asus\Asus ChkMail\ChkMail.exe [2008-4-7 32768]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2008-4-7 450560]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-03-03 15:48 110592 ----a-w- c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TUWinStylerThemeSvc"=2 (0x2)
"TapiSrv"=3 (0x3)
"matlabserver"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [11/06/2009 23:49 33920]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [11/06/2009 23:48 79872]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\AntivirusFirewall\HIPS\drivers\fshs.sys [11/06/2009 23:48 67808]
R2 RTWTKRNL;Real-Time Windows Target;c:\windows\system32\drivers\RTWTKRNL.sys [08/09/2007 21:31 27200]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\AntivirusFirewall\Anti-Virus\minifilter\fsgk.sys [11/06/2009 23:47 100472]
R3 FSORSPClient;F-Secure ORSP Client;c:\program files\AntivirusFirewall\ORSP Client\fsorsp.exe [11/06/2009 23:48 55904]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [08/04/2008 19:32 5824]
S3 EAGLE2RC;Analog/DVB-T Hybrid Tv Infrared Receiver;c:\windows\system32\DRIVERS\Eagle2RC.sys --> c:\windows\system32\DRIVERS\Eagle2RC.sys [?]
S3 Eagle2TV;TV tuner device;c:\windows\system32\Drivers\eagle2tv_B.sys --> c:\windows\system32\Drivers\eagle2tv_B.sys [?]
S3 ICScsiSV;Image Converter SCSI Service;c:\program files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe [07/04/2008 23:13 75952]
S3 IcVzMonLauncher;IcVzMonLauncher;c:\program files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe [07/04/2008 23:13 67760]
S4 F-Secure Filter;F-Secure File System Filter;c:\program files\AntivirusFirewall\Anti-Virus\win2k\fsfilter.sys [11/06/2009 23:47 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\AntivirusFirewall\Anti-Virus\win2k\fsrec.sys [11/06/2009 23:47 25184]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-01 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-01 18:04]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://id.orange.fr/auth_user/bin/auth_user.cgi?origine=wg
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Transfert par Image Converter 3 - c:\program files\SONY\IMAGE CONVERTER 3\menu.htm
LSP: c:\program files\AntivirusFirewall\FSPS\program\FSLSP.DLL
Trusted Zone: secuser.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab
DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-06 20:52
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(880)
c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll
c:\windows\System32\LgNotify.dll
- - - - - - - > 'lsass.exe'(936)
c:\program files\AntivirusFirewall\FSPS\program\FSLSP.DLL
c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll
- - - - - - - > 'explorer.exe'(1244)
c:\docume~1\Antoine\LOCALS~1\Temp\IadHide4.dll
c:\program files\AntivirusFirewall\Spam Control\fsscoepl.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
- - - - - - - > 'csrss.exe'(856)
c:\program files\AntivirusFirewall\FWES\Program\fsdc32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\SYSTEM32\S24EVMON.EXE
c:\program files\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSGK32ST.EXE
c:\program files\ANTIVIRUSFIREWALL\COMMON\FSMA32.EXE
c:\program files\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSGK32.EXE
c:\program files\FICHIERS COMMUNS\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\program files\ANTIVIRUSFIREWALL\COMMON\FSMB32.EXE
c:\windows\SYSTEM32\REGSRVC.EXE
c:\program files\ANTIVIRUSFIREWALL\COMMON\FCH32.EXE
c:\program files\ANTIVIRUSFIREWALL\COMMON\FAMEH32.EXE
c:\program files\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSQH.EXE
c:\program files\ANTIVIRUSFIREWALL\FSAUA\PROGRAM\FSAUA.EXE
c:\program files\ANTIVIRUSFIREWALL\FWES\PROGRAM\FSDFWD.EXE
c:\program files\ANTIVIRUSFIREWALL\ANTI-VIRUS\FSSM32.EXE
c:\program files\ANTIVIRUSFIREWALL\FSAUA\PROGRAM\FSUS.EXE
c:\program files\AntivirusFirewall\Anti-Virus\fsav32.exe
c:\windows\system32\ZCfgSvc.exe
c:\windows\System32\1XConfig.exe
c:\windows\ATK0100\ATKOSD.exe
c:\program files\AntivirusFirewall\FSGUI\fsguidll.exe
c:\program files\Logitech\Video\FxSvr2.exe
.
**************************************************************************
.
Completion time: 2009-09-06 20:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-06 19:58
Pre-Run: 22 945 923 072 octets libres
Post-Run: 23 274 979 328 octets libres
194 --- E O F --- 2009-08-30 02:01
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Je m'attendais à une réponse aussi rapide, merci à toi.
Voici le .log :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:01:31, on 06/09/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\FSGK32.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\AntivirusFirewall\Common\FSMB32.EXE
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AntivirusFirewall\Common\FCH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fssm32.exe
C:\Program Files\AntivirusFirewall\Common\FAMEH32.EXE
C:\Program Files\AntivirusFirewall\Anti-Virus\fsqh.exe
C:\Program Files\AntivirusFirewall\FSAUA\program\fsaua.exe
C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
C:\Program Files\AntivirusFirewall\FSAUA\program\fsus.exe
C:\Program Files\AntivirusFirewall\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\ATK0100\Hcontrol.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\AntivirusFirewall\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\AntivirusFirewall\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.orange.fr/captcha?origin=wg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Progra~1\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Hcontrol] C:\WINDOWS\ATK0100\Hcontrol.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Progra~1\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Progra~1\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [WMAAD] C:\Program Files\Sony\WALKMAN Launcher\WMAAD.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SMSTray] C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\AntivirusFirewall\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\AntivirusFirewall\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\Asus\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Transfert par Image Converter 3 - C:\PROGRAM FILES\SONY\IMAGE CONVERTER 3\menu.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www.asus.com/tw/
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files\AntivirusFirewall\ORSP Client\fsorsp.exe
O23 - Service: Image Converter SCSI Service (ICScsiSV) - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\ICScsiSV.exe
O23 - Service: IcVzMonLauncher - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMonLauncher.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\IMAGE CONVERTER 3\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe