Zone alarm n'aime pas aurora et mnpol
bigbang
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour tout le monde !
Je viens ici car j'ai installer zone alarm il y a environ 3 semaine et j'ai souvent une fenetre qui s'ouvre pour me dire que Aurora ou mnpol.exe veulent acceder a internet. Au début, j'accepter mais j'ai trouvé leur nom bizarre donc maintenant, je les refuse. Ca change absolument rien donc je me demande ce que c'est.
Voici quelques infos tiré de zone alarm
Aurora :
Nom du produit Buddy Window
Nom du fichier C:\WINDOWS\vkaaaqltxu.exe
Dernière mise à jour de la stratégie Aucune
Version 1.0.2.8
Date de dernière modification 04/08/2004 18:04:48
Taille du fichier 77 KB
Mnpol.exe :
Nom du produit
Nom du fichier C:\WINDOWS\system32\mnpol.exe
Dernière mise à jour de la stratégie Aucune
Version 3, 0, 0, 23
Date de dernière modification 22/07/2005 13:53:56
Taille du fichier 89 KB
En regardant le control des programme de mon cher firewall, j'ai aussi remarquer quelques trucs avec un nom bizarre. Est-ce que "jdcweiq.exe" ou bien "jikzsj" vous dit quelque chose ? Vousaurez compris que les noms imprononcable ou les programme qui veulent tout le temps acceder a internet m'inquiète un peu...
Je precise que je lance regulierement des analyses ad-aware, spybot et a². Mon antivirus est norton 2005.
Merci de votre aide ^^
Je viens ici car j'ai installer zone alarm il y a environ 3 semaine et j'ai souvent une fenetre qui s'ouvre pour me dire que Aurora ou mnpol.exe veulent acceder a internet. Au début, j'accepter mais j'ai trouvé leur nom bizarre donc maintenant, je les refuse. Ca change absolument rien donc je me demande ce que c'est.
Voici quelques infos tiré de zone alarm
Aurora :
Nom du produit Buddy Window
Nom du fichier C:\WINDOWS\vkaaaqltxu.exe
Dernière mise à jour de la stratégie Aucune
Version 1.0.2.8
Date de dernière modification 04/08/2004 18:04:48
Taille du fichier 77 KB
Mnpol.exe :
Nom du produit
Nom du fichier C:\WINDOWS\system32\mnpol.exe
Dernière mise à jour de la stratégie Aucune
Version 3, 0, 0, 23
Date de dernière modification 22/07/2005 13:53:56
Taille du fichier 89 KB
En regardant le control des programme de mon cher firewall, j'ai aussi remarquer quelques trucs avec un nom bizarre. Est-ce que "jdcweiq.exe" ou bien "jikzsj" vous dit quelque chose ? Vousaurez compris que les noms imprononcable ou les programme qui veulent tout le temps acceder a internet m'inquiète un peu...
Je precise que je lance regulierement des analyses ad-aware, spybot et a². Mon antivirus est norton 2005.
Merci de votre aide ^^
A voir également:
- Zone alarm n'aime pas aurora et mnpol
- Alternative zone telechargement - Accueil - Outils
- Zone alarm - Télécharger - Pare-feu
- Alarm clock pro - Télécharger - Organisation
- Aurora logiciel - Télécharger - Bureautique
- Aurora store - Télécharger - Utilitaires
18 réponses
salut
alors surrement spywares; trojans...
On verifie pour nettoyer?
télécharge HijackThis ici:
http://www.hijackthis.de/downloads/hijackthis_199.zip
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (merci à balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
Bon courage
A+
alors surrement spywares; trojans...
On verifie pour nettoyer?
télécharge HijackThis ici:
http://www.hijackthis.de/downloads/hijackthis_199.zip
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (merci à balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm
Bon courage
A+
Ce que je craingnais ! J'aime pas hijack, c'est trop compliqué ^^.
En tout cas, merci de t'interresser a mon problème !
Je sais pas si c'esr normal mais j'ai un message d'erreur quand je lance hijack :
HijackThis appears to have been started from a temporary folder. Since temp folder tend to be be emptied regulary it's wise to copy Hijackthis.exe to a folder of its own, for instance c:\Program files\HijackThis.
This way any backups that will be made of fixed items won't be lost.
Please quit HijackThis and copy it to a separate folder before fixing any item.
Il me demande de le mettre dans program files d'après ce que j'ai compris.
Voici le log !
Logfile of HijackThis v1.99.1
Scan saved at 00:01:11, on 25/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\jikzsj.exe
C:\PROGRA~1\Chic does bat\error cake.exe
C:\windows\system32\mnpol.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\HDD Temperature\HDDTSvc.exe
C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HDD Temperature\HDDTemperature.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\advmon32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2internet.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F3 - REG:win.ini: run=c:\windows\system32\advmon32.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TChkBHO Class - {90519EBE-C004-4226-B146-DCF595375AD5} - C:\WINDOWS\system32\thblkm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BibBurn] C:\PROGRA~1\Chic does bat\error cake.exe
O4 - HKLM\..\Run: [MNPol] c:\windows\system32\mnpol.exe /nocomm
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SiS Tray] C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [bedksmr] C:\WINDOWS\system32\jikzsj.exe r
O4 - HKLM\..\Run: [Advmon32] c:\windows\system32\advmon32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advmon32] c:\windows\system32\advmon32.exe
O4 - Startup: HDD temperature.lnk = C:\Program Files\HDD Temperature\HDDTemperature.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm41443FR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2internet.fr
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_1028_XP.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylom.tf1.fr/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.tf1.fr/activex/zylomloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?325
O16 - DPF: {F1154108-FB75-47EB-9A7E-4DD28DBDAF34} - http://www.threedegrees.com/td_netd.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://install.wildtangent.com/bgn/partners/wildgames/blasterball2/install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{464160B6-D397-48A0-A218-A38ED7FE6FA1}: NameServer = 212.151.137.166 130.244.127.161
O18 - Protocol: bw+0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WB - C:\DOCUME~1\ANNEGO~1\MESDOC~1\Franck\THMES~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\HDD Temperature\HDDTSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
J'éspère que c'est pas trop grave !
En tout cas, merci de t'interresser a mon problème !
Je sais pas si c'esr normal mais j'ai un message d'erreur quand je lance hijack :
HijackThis appears to have been started from a temporary folder. Since temp folder tend to be be emptied regulary it's wise to copy Hijackthis.exe to a folder of its own, for instance c:\Program files\HijackThis.
This way any backups that will be made of fixed items won't be lost.
Please quit HijackThis and copy it to a separate folder before fixing any item.
Il me demande de le mettre dans program files d'après ce que j'ai compris.
Voici le log !
Logfile of HijackThis v1.99.1
Scan saved at 00:01:11, on 25/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\jikzsj.exe
C:\PROGRA~1\Chic does bat\error cake.exe
C:\windows\system32\mnpol.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\HDD Temperature\HDDTSvc.exe
C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\HDD Temperature\HDDTemperature.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\advmon32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2internet.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F3 - REG:win.ini: run=c:\windows\system32\advmon32.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TChkBHO Class - {90519EBE-C004-4226-B146-DCF595375AD5} - C:\WINDOWS\system32\thblkm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BibBurn] C:\PROGRA~1\Chic does bat\error cake.exe
O4 - HKLM\..\Run: [MNPol] c:\windows\system32\mnpol.exe /nocomm
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SiS Tray] C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [bedksmr] C:\WINDOWS\system32\jikzsj.exe r
O4 - HKLM\..\Run: [Advmon32] c:\windows\system32\advmon32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advmon32] c:\windows\system32\advmon32.exe
O4 - Startup: HDD temperature.lnk = C:\Program Files\HDD Temperature\HDDTemperature.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm41443FR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2internet.fr
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_1028_XP.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylom.tf1.fr/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.tf1.fr/activex/zylomloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?325
O16 - DPF: {F1154108-FB75-47EB-9A7E-4DD28DBDAF34} - http://www.threedegrees.com/td_netd.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://install.wildtangent.com/bgn/partners/wildgames/blasterball2/install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{464160B6-D397-48A0-A218-A38ED7FE6FA1}: NameServer = 212.151.137.166 130.244.127.161
O18 - Protocol: bw+0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WB - C:\DOCUME~1\ANNEGO~1\MESDOC~1\Franck\THMES~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\HDD Temperature\HDDTSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
J'éspère que c'est pas trop grave !
Ouch !
Je viens de faire une analyse kapersky en ligne et j'ai 37 virus et 232 objets inféctés !
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, September 25, 2005 10:21:12
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 25/09/2005
Kaspersky Anti-Virus database records: 141987
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 95384
Number of viruses found: 37
Number of infected objects: 232
Number of suspicious objects: 13
Duration of the scan process: 7053 sec
Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz19.zip/polall1r.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz19.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz2.zip/ofnnwr.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz2.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz22.zip/polall1r.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz22.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz25.zip/polall1r.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz25.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz34.zip/ofnnwr.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz34.zip Suspicious: Password-protected-EXE
C:\Program Files\Chic does bat\error cake.exe Infected: Trojan-Downloader.Win32.Swizzor.ct
C:\Program Files\eMule\Incoming\All Microsoft Software Key_gen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron serials cracks.zip/All Microsoft Software Key_gen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron serials cracks.ace/All Microsoft Software Keygen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron.non Infected: Backdoor.Win32.Bionet.405
C:\Program Files\eMule\Incoming\All Microsoft Software Key_gen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron serials cracks.zip/All Microsoft Software Key_gen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron serials cracks.ace Infected: Backdoor.Win32.Bionet.405
C:\Program Files\eMule\Incoming\All Microsoft Software Key_gen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron serials cracks.zip Infected: Backdoor.Win32.Bionet.405
C:\Program Files\Norton AntiVirus\Quarantine\063D6089.exe Infected: Backdoor.Win32.SdBot.gen
C:\Program Files\Norton AntiVirus\Quarantine\0668025B.exe Infected: Backdoor.Win32.SdBot.gen
C:\Program Files\Norton AntiVirus\Quarantine\06901A71.EXE Infected: IM-Flooder.Win32.Lipun.a
C:\Program Files\Norton AntiVirus\Quarantine\07EC17DB.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\13A35D43.exe Infected: Virus.Win32.Parite.b
C:\Program Files\Norton AntiVirus\Quarantine\15E1013B.exe Infected: Backdoor.Win32.Blarul.a
C:\Program Files\Norton AntiVirus\Quarantine\165607F4.dat Infected: P2P-Worm.Win32.SdDrop.c
C:\Program Files\Norton AntiVirus\Quarantine\18090841.dll Infected: Trojan-Downloader.Win32.Wintrim.ai
C:\Program Files\Norton AntiVirus\Quarantine\1E293D7E.com Infected: EICAR-Test-File
C:\Program Files\Norton AntiVirus\Quarantine\1E3A0F6C.txt Infected: EICAR-Test-File
C:\Program Files\Norton AntiVirus\Quarantine\22BF6AD4.EXE Infected: Email-Flooder.Win32.QuickFyre
C:\Program Files\Norton AntiVirus\Quarantine\25D27859 Infected: Trojan-Downloader.Win32.Small.en
C:\Program Files\Norton AntiVirus\Quarantine\283B70CB.EXE Infected: Email-Flooder.Win32.QuickFyre
C:\Program Files\Norton AntiVirus\Quarantine\289335CB.dat Infected: Virus.Win32.HLLP.Hantaner.a
C:\Program Files\Norton AntiVirus\Quarantine\28EC4C09 Infected: Email-Flooder.Win32.QuickFyre
C:\Program Files\Norton AntiVirus\Quarantine\2F1F4525 Infected: Virus.Win9x.CIH.dam
C:\Program Files\Norton AntiVirus\Quarantine\321A73A8.EXE Infected: Email-Flooder.Win32.QuickFyre
C:\Program Files\Norton AntiVirus\Quarantine\357869B5.dat Infected: P2P-Worm.Win32.Tanked.14
C:\Program Files\Norton AntiVirus\Quarantine\362C6EF0.dat Infected: P2P-Worm.Win32.Tanked.11
C:\Program Files\Norton AntiVirus\Quarantine\41781A78.cab/spike.exe Infected: Trojan.Win32.Agent.cb
C:\Program Files\Norton AntiVirus\Quarantine\41781A78.cab Infected: Trojan.Win32.Agent.cb
C:\Program Files\Norton AntiVirus\Quarantine\471D478A.dat Infected: P2P-Worm.Win32.Specx.b
C:\Program Files\Norton AntiVirus\Quarantine\4D344869 Infected: Trojan.JS.ExitW.b
C:\Program Files\Norton AntiVirus\Quarantine\4D6C122C Infected: Email-Flooder.Win32.XMas.40
C:\Program Files\Norton AntiVirus\Quarantine\4FDF0F7A Infected: Email-Flooder.Win32.Aenima.20
C:\Program Files\Norton AntiVirus\Quarantine\52D84634.HTM Infected: Trojan.JS.ExitW.b
C:\Program Files\Norton AntiVirus\Quarantine\5A2D726A Infected: Email-Flooder.Win32.QuickFyre
C:\Program Files\Norton AntiVirus\Quarantine\5B660F71.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5DC65C79.part Infected: P2P-Worm.Win32.Tibick.d
C:\Program Files\Norton AntiVirus\Quarantine\5EA35981.EXE Infected: Email-Flooder.Win32.QuickFyre
C:\Program Files\Norton AntiVirus\Quarantine\62616873.dll Infected: Trojan-Downloader.Win32.Wintrim.ai
C:\Program Files\Norton AntiVirus\Quarantine\662924F1 Infected: Trojan.JS.ExitW.b
C:\Program Files\Norton AntiVirus\Quarantine\664374D4 Infected: Email-Flooder.Win32.XMas.40
C:\Program Files\Norton AntiVirus\Quarantine\6EBA53D1.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\72AA2AFD.dat Infected: P2P-Worm.Win32.SdDrop.c
C:\Program Files\Norton AntiVirus\Quarantine\73D960C7.dat Infected: Email-Worm.Win32.Kindal
C:\Program Files\Norton AntiVirus\Quarantine\75AC6F85.exe Infected: Backdoor.Win32.Blarul.a
C:\Program Files\Norton AntiVirus\Quarantine\77B50AD3.dat Infected: P2P-Worm.Win32.Tanked.14
C:\Program Files\Norton AntiVirus\Quarantine\78F7300E.dat Infected: Virus.Win32.HLLP.Hantaner.a
C:\Program Files\Norton AntiVirus\Quarantine\796D178C.dat Infected: Virus.Win32.HLLP.Hantaner.a
C:\Program Files\Norton AntiVirus\Quarantine\7BA81741.cab/alchem.exe Infected: Trojan-Downloader.Win32.Alchemic
C:\Program Files\Norton AntiVirus\Quarantine\7BA81741.cab Infected: Trojan-Downloader.Win32.Alchemic
C:\Program Files\Norton AntiVirus\Quarantine\7BAE6B3A.dll Infected: Trojan.Win32.P2E.l
C:\Program Files\Norton AntiVirus\Quarantine\7BB21537.exe Infected: Trojan-Downloader.Win32.Stubby.d
C:\Program Files\Norton AntiVirus\Quarantine\7C244265.dll Infected: Trojan-Downloader.Win32.Dyfuca.cu
C:\Program Files\Norton AntiVirus\Quarantine\7C2A165E.exe Infected: Trojan-Downloader.Win32.Stubby.d
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP656\A0192523.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP656\A0193521.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP660\A0193784.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP663\A0194839.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP666\A0195263.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP667\A0196403.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP667\A0196404.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP669\A0203447.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP671\A0203537.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP674\A0203995.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP674\A0204010.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP675\A0205038.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP677\A0205164.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP679\A0205586.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP681\A0206733.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP684\A0206839.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP685\A0206881.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP685\A0206882.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP687\A0206951.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP690\A0207143.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP694\A0208708.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP695\A0208746.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP700\A0208976.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP700\A0209007.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP701\A0209018.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP702\A0209100.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP704\A0209274.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP706\A0209318.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP707\A0209399.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP708\A0209524.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP710\A0209641.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP714\A0209881.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP715\A0209935.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP716\A0209963.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP718\A0210088.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP720\A0210146.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP722\A0210241.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP722\A0210242.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0211606.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0214603.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0214612.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0214621.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0214622.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0214631.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0214632.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP724\A0215095.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP724\A0215101.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP725\A0215109.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP725\A0215116.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP725\A0215536.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP727\A0215581.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP727\A0215597.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP727\A0215603.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP727\A0215720.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP727\A0215724.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP729\A0216102.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP729\A0216123.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP729\A0216128.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP729\A0216136.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP730\A0216209.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP730\A0216210.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP731\A0216254.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP731\A0216260.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP732\A0216279.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP732\A0216280.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP732\A0216309.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP733\A0216339.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP733\A0216357.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP733\A0216358.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP733\A0216374.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP734\A0216430.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP734\A0216436.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP735\A0216532.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP735\A0217202.exe Infected: Trojan.Win32.Stervis.f
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP735\A0217203.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP735\A0217220.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP735\A0217307.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217346.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217347.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217356.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217357.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217368.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217584.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217593.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP738\A0217615.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP738\A0217621.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP738\A0217636.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP739\A0218636.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP741\A0219025.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP742\A0219125.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP742\A0219136.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP743\A0219168.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP744\A0219185.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP745\A0219211.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP746\A0219225.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP746\A0220225.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP746\A0220239.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP747\A0220250.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP748\A0220366.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP749\A0220379.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP749\A0220388.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP749\A0220432.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP749\A0220446.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP749\A0220447.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP749\A0220466.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP750\A0220476.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP750\A0220482.exe Infected: Trojan.Win32.Agent.ay
C:\WINDOWS\svcproc.exe Infected: Trojan.Win32.Stervis.g
C:\WINDOWS\system32\advmon32.exe Infected: Trojan-Downloader.Win32.Crypt
C:\WINDOWS\system32\bbtogrcz.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\bhpzwqpq.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\bojduxyg.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\bsadlbca.exe Infected: Trojan-Downloader.Win32.Dluca.ag
C:\WINDOWS\system32\ccrvcglj.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\ctcursyf.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\cwktfyon.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\depvzgb.exe Infected: Trojan.Win32.Agent.ay
C:\WINDOWS\system32\dhwpehoh.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\dkktzfpy.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\dlotjfac.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\dondehdq.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\DrPMon.dll Infected: Trojan.Win32.Agent.ic
C:\WINDOWS\system32\dsjzngni.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\ehbkthek.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\fogcbgay.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\fzlouclo.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\fzqicwdz.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\gktffmhb.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\hdjuqueb.exe Infected: Trojan-Downloader.Win32.Dluca.ae
C:\WINDOWS\system32\hgjlurfg.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\imrxeegd.exe Infected: Trojan-Downloader.Win32.Dluca.ag
C:\WINDOWS\system32\inkamknt.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\iwgkvlev.exe Infected: Trojan-Downloader.Win32.Dluca.ag
C:\WINDOWS\system32\jdvmddiy.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\jekrdygl.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\jznehxfn.exe Infected: Trojan-Downloader.Win32.Dluca.ag
C:\WINDOWS\system32\kcxpmjou.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\kvocozoc.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\lcizhlgs.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\lgbjibrs.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\lktafwvj.exe Infected: Trojan-Downloader.Win32.Dluca.ag
C:\WINDOWS\system32\lzjekiqf.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\lzysltbx.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\momyzolp.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\ngljgatd.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\nhhmyxgz.exe Infected: Trojan-Downloader.Win32.Dluca.ag
C:\WINDOWS\system32\npegzosr.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\nzphchvc.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\pbvtyxuk.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\pkrrxbdx.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\pmiwdwmq.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\pqovywqg.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\ptehjxhj.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\pvcxrefu.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\pyhvcelr.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\qbxggmyj.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\qmazpyoe.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\qxxeoudj.exe Infected: Trojan-Downloader.Win32.Dluca.ae
C:\WINDOWS\system32\rvkubvjg.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\rwcerkzd.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\shufkjsa.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\sleytchc.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\ssphjntw.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\sufefrrk.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\syazwcdd.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\txxaccov.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\uaofgjvw.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\uuifrqer.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\uyutsxag.exe Infected: Trojan-Downloader.Win32.Dluca.ag
C:\WINDOWS\system32\wjpqucwa.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\wpmveakg.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\wsxklfyy.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\xechjgts.exe Infected: Trojan-Downloader.Win32.Dluca.ae
C:\WINDOWS\system32\xhtdfgkl.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\xzfpjpxw.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\yggaoflo.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\ymrjfvvm.exe Infected: Trojan-Downloader.Win32.Dluca.ae
C:\WINDOWS\system32\yqmumutv.exe Infected: Trojan-Downloader.Win32.Dluca.ag
C:\WINDOWS\system32\yvlpvinj.exe Infected: Trojan-Downloader.Win32.Dluca.ag
C:\WINDOWS\system32\yzvzyyqi.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\zcrphsjy.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\zlhnsegi.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\zmyhwhdj.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\zrslyxxo.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\zsdxybyl.exe Infected: Trojan-Downloader.Win32.Dluca.gen
Scan process completed.
Je viens de faire une analyse kapersky en ligne et j'ai 37 virus et 232 objets inféctés !
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Sunday, September 25, 2005 10:21:12
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 25/09/2005
Kaspersky Anti-Virus database records: 141987
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 95384
Number of viruses found: 37
Number of infected objects: 232
Number of suspicious objects: 13
Duration of the scan process: 7053 sec
Infected Object Name - Virus Name
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz19.zip/polall1r.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz19.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz2.zip/ofnnwr.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz2.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz22.zip/polall1r.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz22.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz25.zip/polall1r.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz25.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz34.zip/ofnnwr.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CallingHomebiz34.zip Suspicious: Password-protected-EXE
C:\Program Files\Chic does bat\error cake.exe Infected: Trojan-Downloader.Win32.Swizzor.ct
C:\Program Files\eMule\Incoming\All Microsoft Software Key_gen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron serials cracks.zip/All Microsoft Software Key_gen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron serials cracks.ace/All Microsoft Software Keygen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron.non Infected: Backdoor.Win32.Bionet.405
C:\Program Files\eMule\Incoming\All Microsoft Software Key_gen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron serials cracks.zip/All Microsoft Software Key_gen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron serials cracks.ace Infected: Backdoor.Win32.Bionet.405
C:\Program Files\eMule\Incoming\All Microsoft Software Key_gen (Nearly All) Windows (98,Me,2000,2kserver,Xp,2003 Server) Office (2000,Xp,2003), Picture It, Fron serials cracks.zip Infected: Backdoor.Win32.Bionet.405
C:\Program Files\Norton AntiVirus\Quarantine\063D6089.exe Infected: Backdoor.Win32.SdBot.gen
C:\Program Files\Norton AntiVirus\Quarantine\0668025B.exe Infected: Backdoor.Win32.SdBot.gen
C:\Program Files\Norton AntiVirus\Quarantine\06901A71.EXE Infected: IM-Flooder.Win32.Lipun.a
C:\Program Files\Norton AntiVirus\Quarantine\07EC17DB.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\13A35D43.exe Infected: Virus.Win32.Parite.b
C:\Program Files\Norton AntiVirus\Quarantine\15E1013B.exe Infected: Backdoor.Win32.Blarul.a
C:\Program Files\Norton AntiVirus\Quarantine\165607F4.dat Infected: P2P-Worm.Win32.SdDrop.c
C:\Program Files\Norton AntiVirus\Quarantine\18090841.dll Infected: Trojan-Downloader.Win32.Wintrim.ai
C:\Program Files\Norton AntiVirus\Quarantine\1E293D7E.com Infected: EICAR-Test-File
C:\Program Files\Norton AntiVirus\Quarantine\1E3A0F6C.txt Infected: EICAR-Test-File
C:\Program Files\Norton AntiVirus\Quarantine\22BF6AD4.EXE Infected: Email-Flooder.Win32.QuickFyre
C:\Program Files\Norton AntiVirus\Quarantine\25D27859 Infected: Trojan-Downloader.Win32.Small.en
C:\Program Files\Norton AntiVirus\Quarantine\283B70CB.EXE Infected: Email-Flooder.Win32.QuickFyre
C:\Program Files\Norton AntiVirus\Quarantine\289335CB.dat Infected: Virus.Win32.HLLP.Hantaner.a
C:\Program Files\Norton AntiVirus\Quarantine\28EC4C09 Infected: Email-Flooder.Win32.QuickFyre
C:\Program Files\Norton AntiVirus\Quarantine\2F1F4525 Infected: Virus.Win9x.CIH.dam
C:\Program Files\Norton AntiVirus\Quarantine\321A73A8.EXE Infected: Email-Flooder.Win32.QuickFyre
C:\Program Files\Norton AntiVirus\Quarantine\357869B5.dat Infected: P2P-Worm.Win32.Tanked.14
C:\Program Files\Norton AntiVirus\Quarantine\362C6EF0.dat Infected: P2P-Worm.Win32.Tanked.11
C:\Program Files\Norton AntiVirus\Quarantine\41781A78.cab/spike.exe Infected: Trojan.Win32.Agent.cb
C:\Program Files\Norton AntiVirus\Quarantine\41781A78.cab Infected: Trojan.Win32.Agent.cb
C:\Program Files\Norton AntiVirus\Quarantine\471D478A.dat Infected: P2P-Worm.Win32.Specx.b
C:\Program Files\Norton AntiVirus\Quarantine\4D344869 Infected: Trojan.JS.ExitW.b
C:\Program Files\Norton AntiVirus\Quarantine\4D6C122C Infected: Email-Flooder.Win32.XMas.40
C:\Program Files\Norton AntiVirus\Quarantine\4FDF0F7A Infected: Email-Flooder.Win32.Aenima.20
C:\Program Files\Norton AntiVirus\Quarantine\52D84634.HTM Infected: Trojan.JS.ExitW.b
C:\Program Files\Norton AntiVirus\Quarantine\5A2D726A Infected: Email-Flooder.Win32.QuickFyre
C:\Program Files\Norton AntiVirus\Quarantine\5B660F71.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\5DC65C79.part Infected: P2P-Worm.Win32.Tibick.d
C:\Program Files\Norton AntiVirus\Quarantine\5EA35981.EXE Infected: Email-Flooder.Win32.QuickFyre
C:\Program Files\Norton AntiVirus\Quarantine\62616873.dll Infected: Trojan-Downloader.Win32.Wintrim.ai
C:\Program Files\Norton AntiVirus\Quarantine\662924F1 Infected: Trojan.JS.ExitW.b
C:\Program Files\Norton AntiVirus\Quarantine\664374D4 Infected: Email-Flooder.Win32.XMas.40
C:\Program Files\Norton AntiVirus\Quarantine\6EBA53D1.htm Suspicious: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\72AA2AFD.dat Infected: P2P-Worm.Win32.SdDrop.c
C:\Program Files\Norton AntiVirus\Quarantine\73D960C7.dat Infected: Email-Worm.Win32.Kindal
C:\Program Files\Norton AntiVirus\Quarantine\75AC6F85.exe Infected: Backdoor.Win32.Blarul.a
C:\Program Files\Norton AntiVirus\Quarantine\77B50AD3.dat Infected: P2P-Worm.Win32.Tanked.14
C:\Program Files\Norton AntiVirus\Quarantine\78F7300E.dat Infected: Virus.Win32.HLLP.Hantaner.a
C:\Program Files\Norton AntiVirus\Quarantine\796D178C.dat Infected: Virus.Win32.HLLP.Hantaner.a
C:\Program Files\Norton AntiVirus\Quarantine\7BA81741.cab/alchem.exe Infected: Trojan-Downloader.Win32.Alchemic
C:\Program Files\Norton AntiVirus\Quarantine\7BA81741.cab Infected: Trojan-Downloader.Win32.Alchemic
C:\Program Files\Norton AntiVirus\Quarantine\7BAE6B3A.dll Infected: Trojan.Win32.P2E.l
C:\Program Files\Norton AntiVirus\Quarantine\7BB21537.exe Infected: Trojan-Downloader.Win32.Stubby.d
C:\Program Files\Norton AntiVirus\Quarantine\7C244265.dll Infected: Trojan-Downloader.Win32.Dyfuca.cu
C:\Program Files\Norton AntiVirus\Quarantine\7C2A165E.exe Infected: Trojan-Downloader.Win32.Stubby.d
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP656\A0192523.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP656\A0193521.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP660\A0193784.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP663\A0194839.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP666\A0195263.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP667\A0196403.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP667\A0196404.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP669\A0203447.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP671\A0203537.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP674\A0203995.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP674\A0204010.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP675\A0205038.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP677\A0205164.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP679\A0205586.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP681\A0206733.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP684\A0206839.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP685\A0206881.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP685\A0206882.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP687\A0206951.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP690\A0207143.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP694\A0208708.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP695\A0208746.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP700\A0208976.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP700\A0209007.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP701\A0209018.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP702\A0209100.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP704\A0209274.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP706\A0209318.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP707\A0209399.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP708\A0209524.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP710\A0209641.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP714\A0209881.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP715\A0209935.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP716\A0209963.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP718\A0210088.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP720\A0210146.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP722\A0210241.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP722\A0210242.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0211606.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0214603.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0214612.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0214621.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0214622.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0214631.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP723\A0214632.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP724\A0215095.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP724\A0215101.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP725\A0215109.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP725\A0215116.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP725\A0215536.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP727\A0215581.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP727\A0215597.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP727\A0215603.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP727\A0215720.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP727\A0215724.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP729\A0216102.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP729\A0216123.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP729\A0216128.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP729\A0216136.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP730\A0216209.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP730\A0216210.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP731\A0216254.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP731\A0216260.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP732\A0216279.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP732\A0216280.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP732\A0216309.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP733\A0216339.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP733\A0216357.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP733\A0216358.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP733\A0216374.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP734\A0216430.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP734\A0216436.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP735\A0216532.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP735\A0217202.exe Infected: Trojan.Win32.Stervis.f
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP735\A0217203.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP735\A0217220.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP735\A0217307.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217346.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217347.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217356.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217357.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217368.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217584.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP737\A0217593.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP738\A0217615.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP738\A0217621.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP738\A0217636.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP739\A0218636.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP741\A0219025.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP742\A0219125.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP742\A0219136.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP743\A0219168.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP744\A0219185.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP745\A0219211.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP746\A0219225.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP746\A0220225.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP746\A0220239.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP747\A0220250.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP748\A0220366.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP749\A0220379.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP749\A0220388.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP749\A0220432.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP749\A0220446.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP749\A0220447.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP749\A0220466.exe Infected: Trojan-Downloader.Win32.Crypt
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP750\A0220476.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{1DBABD58-3B3E-4B2C-A4DF-30452737A624}\RP750\A0220482.exe Infected: Trojan.Win32.Agent.ay
C:\WINDOWS\svcproc.exe Infected: Trojan.Win32.Stervis.g
C:\WINDOWS\system32\advmon32.exe Infected: Trojan-Downloader.Win32.Crypt
C:\WINDOWS\system32\bbtogrcz.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\bhpzwqpq.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\bojduxyg.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\bsadlbca.exe Infected: Trojan-Downloader.Win32.Dluca.ag
C:\WINDOWS\system32\ccrvcglj.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\ctcursyf.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\cwktfyon.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\depvzgb.exe Infected: Trojan.Win32.Agent.ay
C:\WINDOWS\system32\dhwpehoh.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\dkktzfpy.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\dlotjfac.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\dondehdq.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\DrPMon.dll Infected: Trojan.Win32.Agent.ic
C:\WINDOWS\system32\dsjzngni.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\ehbkthek.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\fogcbgay.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\fzlouclo.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\fzqicwdz.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\gktffmhb.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\hdjuqueb.exe Infected: Trojan-Downloader.Win32.Dluca.ae
C:\WINDOWS\system32\hgjlurfg.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\imrxeegd.exe Infected: Trojan-Downloader.Win32.Dluca.ag
C:\WINDOWS\system32\inkamknt.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\iwgkvlev.exe Infected: Trojan-Downloader.Win32.Dluca.ag
C:\WINDOWS\system32\jdvmddiy.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\jekrdygl.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\jznehxfn.exe Infected: Trojan-Downloader.Win32.Dluca.ag
C:\WINDOWS\system32\kcxpmjou.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\kvocozoc.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\lcizhlgs.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\lgbjibrs.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\lktafwvj.exe Infected: Trojan-Downloader.Win32.Dluca.ag
C:\WINDOWS\system32\lzjekiqf.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\lzysltbx.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\momyzolp.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\ngljgatd.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\nhhmyxgz.exe Infected: Trojan-Downloader.Win32.Dluca.ag
C:\WINDOWS\system32\npegzosr.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\nzphchvc.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\pbvtyxuk.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\pkrrxbdx.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\pmiwdwmq.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\pqovywqg.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\ptehjxhj.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\pvcxrefu.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\pyhvcelr.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\qbxggmyj.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\qmazpyoe.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\qxxeoudj.exe Infected: Trojan-Downloader.Win32.Dluca.ae
C:\WINDOWS\system32\rvkubvjg.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\rwcerkzd.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\shufkjsa.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\sleytchc.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\ssphjntw.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\sufefrrk.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\syazwcdd.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\txxaccov.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\uaofgjvw.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\uuifrqer.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\uyutsxag.exe Infected: Trojan-Downloader.Win32.Dluca.ag
C:\WINDOWS\system32\wjpqucwa.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\wpmveakg.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\wsxklfyy.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\xechjgts.exe Infected: Trojan-Downloader.Win32.Dluca.ae
C:\WINDOWS\system32\xhtdfgkl.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\xzfpjpxw.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\yggaoflo.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\ymrjfvvm.exe Infected: Trojan-Downloader.Win32.Dluca.ae
C:\WINDOWS\system32\yqmumutv.exe Infected: Trojan-Downloader.Win32.Dluca.ag
C:\WINDOWS\system32\yvlpvinj.exe Infected: Trojan-Downloader.Win32.Dluca.ag
C:\WINDOWS\system32\yzvzyyqi.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\zcrphsjy.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\zlhnsegi.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\zmyhwhdj.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\zrslyxxo.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\system32\zsdxybyl.exe Infected: Trojan-Downloader.Win32.Dluca.gen
Scan process completed.
Bon !
A partir du tutorial de Zebulon, J'ai trouvé :
Name Status Command description
MNPol X mnpol.exe Added by the DLUCA.B TROJAN!
advmon32 X advmon32.exe Added by a variant of the CRYPTER.C TROJAN!
ctfmon.exe X ctfmon.exe Added by the RAIDYS TROJAN!
Je ne sais pas si je dois enlever :
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
La majorité des lignes O16 (je les connais pas tous)
La ligne O17
Lignes O18 : J'ai 50 fois les mêmes choses !
La ligne O20 : C'est dans "mes doc" donc je pense qu'il faut supprimer mais je suis pas sur.
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (norton ne m'a jamais bloqué de script)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Je ne connais aucune de ces lignes et c'est dans des lieus bizarre avec des noms bizarre.
J'ai fait ce que j'ai pu mais j'ai jamais fait ca avant donc j'aimerais beaucoup que quelqu'un me dise si il y a des trucs a supprimer ou non dans "je ne sais pas si je dois enlever ou non". En tout cas, j'ai rien sur Aurora mais Mnpol ést bien un trojan.
A partir du tutorial de Zebulon, J'ai trouvé :
Name Status Command description
MNPol X mnpol.exe Added by the DLUCA.B TROJAN!
advmon32 X advmon32.exe Added by a variant of the CRYPTER.C TROJAN!
ctfmon.exe X ctfmon.exe Added by the RAIDYS TROJAN!
Je ne sais pas si je dois enlever :
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
La majorité des lignes O16 (je les connais pas tous)
La ligne O17
Lignes O18 : J'ai 50 fois les mêmes choses !
La ligne O20 : C'est dans "mes doc" donc je pense qu'il faut supprimer mais je suis pas sur.
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe (norton ne m'a jamais bloqué de script)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Je ne connais aucune de ces lignes et c'est dans des lieus bizarre avec des noms bizarre.
J'ai fait ce que j'ai pu mais j'ai jamais fait ca avant donc j'aimerais beaucoup que quelqu'un me dise si il y a des trucs a supprimer ou non dans "je ne sais pas si je dois enlever ou non". En tout cas, j'ai rien sur Aurora mais Mnpol ést bien un trojan.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
salut
1/vide ta quarantaine de norton
C:\Program Files\Norton AntiVirus\Quarantine <---ce que se trouve dedans
2/supprime les quarantaines de spybot
lance spybot, sauvegarde, et purges tout
3/¤Désactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique
4/fais ce scan
http://www.bitdefender.com/scan/licence.php
Copie/colle le rapport
a+
1/vide ta quarantaine de norton
C:\Program Files\Norton AntiVirus\Quarantine <---ce que se trouve dedans
2/supprime les quarantaines de spybot
lance spybot, sauvegarde, et purges tout
3/¤Désactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique
4/fais ce scan
http://www.bitdefender.com/scan/licence.php
Copie/colle le rapport
a+
J'ai viré tous ce qu'il y avait en quarantaine, j'ai desactiver la restauration système et voici mon rapport bitdefender :
BitDefender Online Scanner
Rapport d'analyse généré à: Sun, Sep 25, 2005 - 19:28:20
Voie d'analyse: A:\;C:\;D:\;E:\;F:\;
Statistiques
Temps
00:54:37
Fichiers
244821
Directoires
6238
Secteurs de boot
2
Archives
2399
Paquets programmes
24687
Résultats
Virus identifiés
13
Fichiers infectés
84
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
79
Info sur les moteurs
Définition virus
212772
Version des moteurs
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Analyse des plugins
13
Archive des plugins
39
Unpack des plugins
4
E-mail plugins
6
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\Program Files\Windows ControlAd\WinCtlAdShift.dll
Détecté avec: Adware.WinAD.F
C:\Program Files\Windows ControlAd\WinCtlAdShift.dll
Echec de la désinfection
C:\Program Files\Windows ControlAd\WinCtlAdShift.dll
Echec de la suppression
C:\WINDOWS\aoessbv.exe
Infecté par: BehavesLike:Win32.ExplorerHijack
C:\WINDOWS\aoessbv.exe
Echec de la désinfection
C:\WINDOWS\aoessbv.exe
Supprimé
C:\WINDOWS\Downloaded Program Files\retro64_loader.dll
Infecté par: Trojan.Downloader.Agent.DE
C:\WINDOWS\Downloaded Program Files\retro64_loader.dll
Echec de la désinfection
C:\WINDOWS\Downloaded Program Files\retro64_loader.dll
Supprimé
C:\WINDOWS\svcproc.exe
Infecté par: Trojan.Stervis.G
C:\WINDOWS\svcproc.exe
Supprimé
C:\WINDOWS\system32\advmon32.exe
Infecté par: Trojan.Downloader.Crypt
C:\WINDOWS\system32\advmon32.exe
Echec de la désinfection
C:\WINDOWS\system32\advmon32.exe
Echec de la suppression
C:\WINDOWS\system32\bbtogrcz.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\bbtogrcz.exe
Echec de la désinfection
C:\WINDOWS\system32\bbtogrcz.exe
Supprimé
C:\WINDOWS\system32\bhpzwqpq.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\bhpzwqpq.exe
Echec de la désinfection
C:\WINDOWS\system32\bhpzwqpq.exe
Supprimé
C:\WINDOWS\system32\bojduxyg.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\bojduxyg.exe
Supprimé
C:\WINDOWS\system32\bsadlbca.exe
Infecté par: Trojan.Downloader.Dluca.AG
C:\WINDOWS\system32\bsadlbca.exe
Echec de la désinfection
C:\WINDOWS\system32\bsadlbca.exe
Supprimé
C:\WINDOWS\system32\ccrvcglj.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\ccrvcglj.exe
Echec de la désinfection
C:\WINDOWS\system32\ccrvcglj.exe
Supprimé
C:\WINDOWS\system32\ctcursyf.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\ctcursyf.exe
Supprimé
C:\WINDOWS\system32\cwktfyon.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\cwktfyon.exe
Echec de la désinfection
C:\WINDOWS\system32\cwktfyon.exe
Supprimé
C:\WINDOWS\system32\depvzgb.exe
Infecté par: GenPack:Trojan.Agent.AY
C:\WINDOWS\system32\depvzgb.exe
Echec de la désinfection
C:\WINDOWS\system32\depvzgb.exe
Echec de la suppression
C:\WINDOWS\system32\dhwpehoh.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\dhwpehoh.exe
Echec de la désinfection
C:\WINDOWS\system32\dhwpehoh.exe
Supprimé
C:\WINDOWS\system32\dkktzfpy.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\dkktzfpy.exe
Supprimé
C:\WINDOWS\system32\dlotjfac.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\dlotjfac.exe
Supprimé
C:\WINDOWS\system32\dondehdq.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\dondehdq.exe
Supprimé
C:\WINDOWS\system32\DrPMon.dll
Infecté par: Trojan.Agent.IC
C:\WINDOWS\system32\DrPMon.dll
Echec de la désinfection
C:\WINDOWS\system32\DrPMon.dll
Echec de la suppression
C:\WINDOWS\system32\dsjzngni.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\dsjzngni.exe
Echec de la désinfection
C:\WINDOWS\system32\dsjzngni.exe
Supprimé
C:\WINDOWS\system32\ehbkthek.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\ehbkthek.exe
Echec de la désinfection
C:\WINDOWS\system32\ehbkthek.exe
Supprimé
C:\WINDOWS\system32\f3PSSavr.scr
Détecté avec: Application.Adware.Funweb.A
C:\WINDOWS\system32\f3PSSavr.scr
Echec de la désinfection
C:\WINDOWS\system32\f3PSSavr.scr
Supprimé
C:\WINDOWS\system32\fogcbgay.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\fogcbgay.exe
Echec de la désinfection
C:\WINDOWS\system32\fogcbgay.exe
Supprimé
C:\WINDOWS\system32\fzlouclo.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\fzlouclo.exe
Echec de la désinfection
C:\WINDOWS\system32\fzlouclo.exe
Supprimé
C:\WINDOWS\system32\fzqicwdz.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\fzqicwdz.exe
Echec de la désinfection
C:\WINDOWS\system32\fzqicwdz.exe
Supprimé
C:\WINDOWS\system32\gktffmhb.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\gktffmhb.exe
Echec de la désinfection
C:\WINDOWS\system32\gktffmhb.exe
Supprimé
C:\WINDOWS\system32\hdjuqueb.exe
Infecté par: Trojan.Downloader.Dluca.AE
C:\WINDOWS\system32\hdjuqueb.exe
Echec de la désinfection
C:\WINDOWS\system32\hdjuqueb.exe
Supprimé
C:\WINDOWS\system32\hgjlurfg.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\hgjlurfg.exe
Echec de la désinfection
C:\WINDOWS\system32\hgjlurfg.exe
Supprimé
C:\WINDOWS\system32\imrxeegd.exe
Infecté par: Trojan.Downloader.Dluca.AG
C:\WINDOWS\system32\imrxeegd.exe
Echec de la désinfection
C:\WINDOWS\system32\imrxeegd.exe
Supprimé
C:\WINDOWS\system32\inkamknt.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\inkamknt.exe
Echec de la désinfection
C:\WINDOWS\system32\inkamknt.exe
Supprimé
C:\WINDOWS\system32\iwgkvlev.exe
Infecté par: Trojan.Downloader.Dluca.AG
C:\WINDOWS\system32\iwgkvlev.exe
Echec de la désinfection
C:\WINDOWS\system32\iwgkvlev.exe
Supprimé
C:\WINDOWS\system32\jdvmddiy.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\jdvmddiy.exe
Echec de la désinfection
C:\WINDOWS\system32\jdvmddiy.exe
Supprimé
C:\WINDOWS\system32\jekrdygl.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\jekrdygl.exe
Echec de la désinfection
C:\WINDOWS\system32\jekrdygl.exe
Supprimé
C:\WINDOWS\system32\jznehxfn.exe
Infecté par: Trojan.Downloader.Dluca.AG
C:\WINDOWS\system32\jznehxfn.exe
Echec de la désinfection
C:\WINDOWS\system32\jznehxfn.exe
Supprimé
C:\WINDOWS\system32\kcxpmjou.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\kcxpmjou.exe
Echec de la désinfection
C:\WINDOWS\system32\kcxpmjou.exe
Supprimé
C:\WINDOWS\system32\kvocozoc.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\kvocozoc.exe
Supprimé
C:\WINDOWS\system32\lcizhlgs.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\lcizhlgs.exe
Echec de la désinfection
C:\WINDOWS\system32\lcizhlgs.exe
Supprimé
C:\WINDOWS\system32\lgbjibrs.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\lgbjibrs.exe
Supprimé
C:\WINDOWS\system32\lktafwvj.exe
Infecté par: Trojan.Downloader.Dluca.AG
C:\WINDOWS\system32\lktafwvj.exe
Echec de la désinfection
C:\WINDOWS\system32\lktafwvj.exe
Supprimé
C:\WINDOWS\system32\lzjekiqf.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\lzjekiqf.exe
Echec de la désinfection
C:\WINDOWS\system32\lzjekiqf.exe
Supprimé
C:\WINDOWS\system32\lzysltbx.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\lzysltbx.exe
Echec de la désinfection
C:\WINDOWS\system32\lzysltbx.exe
Supprimé
C:\WINDOWS\system32\momyzolp.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\momyzolp.exe
Echec de la désinfection
C:\WINDOWS\system32\momyzolp.exe
Supprimé
C:\WINDOWS\system32\mos.exe=>wise0018
Détecté avec: Application.WurldMedia.A
C:\WINDOWS\system32\mos.exe=>wise0018
Echec de la désinfection
C:\WINDOWS\system32\mos.exe=>wise0018
Supprimé
C:\WINDOWS\system32\mos.exe
Echec de la mise à jour
C:\WINDOWS\system32\ngljgatd.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\ngljgatd.exe
Echec de la désinfection
C:\WINDOWS\system32\ngljgatd.exe
Supprimé
C:\WINDOWS\system32\nhhmyxgz.exe
Infecté par: Trojan.Downloader.Dluca.AG
C:\WINDOWS\system32\nhhmyxgz.exe
Echec de la désinfection
C:\WINDOWS\system32\nhhmyxgz.exe
Supprimé
C:\WINDOWS\system32\npegzosr.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\npegzosr.exe
Echec de la désinfection
C:\WINDOWS\system32\npegzosr.exe
Supprimé
C:\WINDOWS\system32\nzphchvc.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\nzphchvc.exe
Supprimé
C:\WINDOWS\system32\pbvtyxuk.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\pbvtyxuk.exe
Echec de la désinfection
C:\WINDOWS\system32\pbvtyxuk.exe
Supprimé
C:\WINDOWS\system32\pkrrxbdx.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\pkrrxbdx.exe
Supprimé
C:\WINDOWS\system32\pmiwdwmq.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\pmiwdwmq.exe
Supprimé
C:\WINDOWS\system32\pqovywqg.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\pqovywqg.exe
Echec de la désinfection
C:\WINDOWS\system32\pqovywqg.exe
Supprimé
C:\WINDOWS\system32\ptehjxhj.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\ptehjxhj.exe
Echec de la désinfection
C:\WINDOWS\system32\ptehjxhj.exe
Supprimé
C:\WINDOWS\system32\pvcxrefu.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\pvcxrefu.exe
Echec de la désinfection
C:\WINDOWS\system32\pvcxrefu.exe
Supprimé
C:\WINDOWS\system32\pyhvcelr.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\pyhvcelr.exe
Echec de la désinfection
C:\WINDOWS\system32\pyhvcelr.exe
Supprimé
C:\WINDOWS\system32\qbxggmyj.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\qbxggmyj.exe
Echec de la désinfection
C:\WINDOWS\system32\qbxggmyj.exe
Supprimé
C:\WINDOWS\system32\qmazpyoe.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\qmazpyoe.exe
Echec de la désinfection
C:\WINDOWS\system32\qmazpyoe.exe
Supprimé
C:\WINDOWS\system32\qxxeoudj.exe
Infecté par: Trojan.Downloader.Dluca.AE
C:\WINDOWS\system32\qxxeoudj.exe
Echec de la désinfection
C:\WINDOWS\system32\qxxeoudj.exe
Supprimé
C:\WINDOWS\system32\rvkubvjg.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\rvkubvjg.exe
Echec de la désinfection
C:\WINDOWS\system32\rvkubvjg.exe
Supprimé
C:\WINDOWS\system32\rwcerkzd.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\rwcerkzd.exe
Supprimé
C:\WINDOWS\system32\shufkjsa.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\shufkjsa.exe
Echec de la désinfection
C:\WINDOWS\system32\shufkjsa.exe
Supprimé
C:\WINDOWS\system32\sleytchc.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\sleytchc.exe
Echec de la désinfection
C:\WINDOWS\system32\sleytchc.exe
Supprimé
C:\WINDOWS\system32\ssphjntw.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\ssphjntw.exe
Echec de la désinfection
C:\WINDOWS\system32\ssphjntw.exe
Supprimé
C:\WINDOWS\system32\sufefrrk.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\sufefrrk.exe
Echec de la désinfection
C:\WINDOWS\system32\sufefrrk.exe
Supprimé
C:\WINDOWS\system32\syazwcdd.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\syazwcdd.exe
Supprimé
C:\WINDOWS\system32\thblkm.dll
Détecté avec: Application.WurldMedia.A
C:\WINDOWS\system32\thblkm.dll
Echec de la désinfection
C:\WINDOWS\system32\thblkm.dll
Echec de la suppression
C:\WINDOWS\system32\txxaccov.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\txxaccov.exe
Echec de la désinfection
C:\WINDOWS\system32\txxaccov.exe
Supprimé
C:\WINDOWS\system32\uaofgjvw.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\uaofgjvw.exe
Echec de la désinfection
C:\WINDOWS\system32\uaofgjvw.exe
Supprimé
C:\WINDOWS\system32\uuifrqer.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\uuifrqer.exe
Supprimé
C:\WINDOWS\system32\uyutsxag.exe
Infecté par: Trojan.Downloader.Dluca.AG
C:\WINDOWS\system32\uyutsxag.exe
Echec de la désinfection
C:\WINDOWS\system32\uyutsxag.exe
Supprimé
C:\WINDOWS\system32\wjpqucwa.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\wjpqucwa.exe
Supprimé
C:\WINDOWS\system32\wpmveakg.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\wpmveakg.exe
Echec de la désinfection
C:\WINDOWS\system32\wpmveakg.exe
Supprimé
C:\WINDOWS\system32\wsxklfyy.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\wsxklfyy.exe
Echec de la désinfection
C:\WINDOWS\system32\wsxklfyy.exe
Supprimé
C:\WINDOWS\system32\xechjgts.exe
Infecté par: Trojan.Downloader.Dluca.AE
C:\WINDOWS\system32\xechjgts.exe
Echec de la désinfection
C:\WINDOWS\system32\xechjgts.exe
Supprimé
C:\WINDOWS\system32\xhtdfgkl.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\xhtdfgkl.exe
Echec de la désinfection
C:\WINDOWS\system32\xhtdfgkl.exe
Supprimé
C:\WINDOWS\system32\xzfpjpxw.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\xzfpjpxw.exe
Echec de la désinfection
C:\WINDOWS\system32\xzfpjpxw.exe
Supprimé
C:\WINDOWS\system32\yggaoflo.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\yggaoflo.exe
Echec de la désinfection
C:\WINDOWS\system32\yggaoflo.exe
Supprimé
C:\WINDOWS\system32\ymrjfvvm.exe
Infecté par: Trojan.Downloader.Dluca.AE
C:\WINDOWS\system32\ymrjfvvm.exe
Echec de la désinfection
C:\WINDOWS\system32\ymrjfvvm.exe
Supprimé
C:\WINDOWS\system32\yqmumutv.exe
Infecté par: Trojan.Downloader.Dluca.AG
C:\WINDOWS\system32\yqmumutv.exe
Echec de la désinfection
C:\WINDOWS\system32\yqmumutv.exe
Supprimé
C:\WINDOWS\system32\yvlpvinj.exe
Infecté par: Trojan.Downloader.Dluca.AG
C:\WINDOWS\system32\yvlpvinj.exe
Echec de la désinfection
C:\WINDOWS\system32\yvlpvinj.exe
Supprimé
C:\WINDOWS\system32\yzvzyyqi.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\yzvzyyqi.exe
Supprimé
C:\WINDOWS\system32\zcrphsjy.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\zcrphsjy.exe
Supprimé
Voila voila ! Merci encore de m'aider !
BitDefender Online Scanner
Rapport d'analyse généré à: Sun, Sep 25, 2005 - 19:28:20
Voie d'analyse: A:\;C:\;D:\;E:\;F:\;
Statistiques
Temps
00:54:37
Fichiers
244821
Directoires
6238
Secteurs de boot
2
Archives
2399
Paquets programmes
24687
Résultats
Virus identifiés
13
Fichiers infectés
84
Fichiers suspects
0
Avertissements
0
Désinfectés
0
Fichiers effacés
79
Info sur les moteurs
Définition virus
212772
Version des moteurs
AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)
Analyse des plugins
13
Archive des plugins
39
Unpack des plugins
4
E-mail plugins
6
Système plugins
1
Paramètres d'analyse
Première action
Désinfecté
Seconde Action
Supprimé
Heuristique
Oui
Acceptez les avertissements
Oui
Extensions analysées
exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;
Excludez les extensions
Analyse d'emails
Oui
Analyse des Archives
Oui
Analyser paquets programmes
Oui
Analyse des fichiers
Oui
Analyse de boot
Oui
Fichier analysé
Statut
C:\Program Files\Windows ControlAd\WinCtlAdShift.dll
Détecté avec: Adware.WinAD.F
C:\Program Files\Windows ControlAd\WinCtlAdShift.dll
Echec de la désinfection
C:\Program Files\Windows ControlAd\WinCtlAdShift.dll
Echec de la suppression
C:\WINDOWS\aoessbv.exe
Infecté par: BehavesLike:Win32.ExplorerHijack
C:\WINDOWS\aoessbv.exe
Echec de la désinfection
C:\WINDOWS\aoessbv.exe
Supprimé
C:\WINDOWS\Downloaded Program Files\retro64_loader.dll
Infecté par: Trojan.Downloader.Agent.DE
C:\WINDOWS\Downloaded Program Files\retro64_loader.dll
Echec de la désinfection
C:\WINDOWS\Downloaded Program Files\retro64_loader.dll
Supprimé
C:\WINDOWS\svcproc.exe
Infecté par: Trojan.Stervis.G
C:\WINDOWS\svcproc.exe
Supprimé
C:\WINDOWS\system32\advmon32.exe
Infecté par: Trojan.Downloader.Crypt
C:\WINDOWS\system32\advmon32.exe
Echec de la désinfection
C:\WINDOWS\system32\advmon32.exe
Echec de la suppression
C:\WINDOWS\system32\bbtogrcz.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\bbtogrcz.exe
Echec de la désinfection
C:\WINDOWS\system32\bbtogrcz.exe
Supprimé
C:\WINDOWS\system32\bhpzwqpq.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\bhpzwqpq.exe
Echec de la désinfection
C:\WINDOWS\system32\bhpzwqpq.exe
Supprimé
C:\WINDOWS\system32\bojduxyg.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\bojduxyg.exe
Supprimé
C:\WINDOWS\system32\bsadlbca.exe
Infecté par: Trojan.Downloader.Dluca.AG
C:\WINDOWS\system32\bsadlbca.exe
Echec de la désinfection
C:\WINDOWS\system32\bsadlbca.exe
Supprimé
C:\WINDOWS\system32\ccrvcglj.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\ccrvcglj.exe
Echec de la désinfection
C:\WINDOWS\system32\ccrvcglj.exe
Supprimé
C:\WINDOWS\system32\ctcursyf.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\ctcursyf.exe
Supprimé
C:\WINDOWS\system32\cwktfyon.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\cwktfyon.exe
Echec de la désinfection
C:\WINDOWS\system32\cwktfyon.exe
Supprimé
C:\WINDOWS\system32\depvzgb.exe
Infecté par: GenPack:Trojan.Agent.AY
C:\WINDOWS\system32\depvzgb.exe
Echec de la désinfection
C:\WINDOWS\system32\depvzgb.exe
Echec de la suppression
C:\WINDOWS\system32\dhwpehoh.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\dhwpehoh.exe
Echec de la désinfection
C:\WINDOWS\system32\dhwpehoh.exe
Supprimé
C:\WINDOWS\system32\dkktzfpy.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\dkktzfpy.exe
Supprimé
C:\WINDOWS\system32\dlotjfac.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\dlotjfac.exe
Supprimé
C:\WINDOWS\system32\dondehdq.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\dondehdq.exe
Supprimé
C:\WINDOWS\system32\DrPMon.dll
Infecté par: Trojan.Agent.IC
C:\WINDOWS\system32\DrPMon.dll
Echec de la désinfection
C:\WINDOWS\system32\DrPMon.dll
Echec de la suppression
C:\WINDOWS\system32\dsjzngni.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\dsjzngni.exe
Echec de la désinfection
C:\WINDOWS\system32\dsjzngni.exe
Supprimé
C:\WINDOWS\system32\ehbkthek.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\ehbkthek.exe
Echec de la désinfection
C:\WINDOWS\system32\ehbkthek.exe
Supprimé
C:\WINDOWS\system32\f3PSSavr.scr
Détecté avec: Application.Adware.Funweb.A
C:\WINDOWS\system32\f3PSSavr.scr
Echec de la désinfection
C:\WINDOWS\system32\f3PSSavr.scr
Supprimé
C:\WINDOWS\system32\fogcbgay.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\fogcbgay.exe
Echec de la désinfection
C:\WINDOWS\system32\fogcbgay.exe
Supprimé
C:\WINDOWS\system32\fzlouclo.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\fzlouclo.exe
Echec de la désinfection
C:\WINDOWS\system32\fzlouclo.exe
Supprimé
C:\WINDOWS\system32\fzqicwdz.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\fzqicwdz.exe
Echec de la désinfection
C:\WINDOWS\system32\fzqicwdz.exe
Supprimé
C:\WINDOWS\system32\gktffmhb.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\gktffmhb.exe
Echec de la désinfection
C:\WINDOWS\system32\gktffmhb.exe
Supprimé
C:\WINDOWS\system32\hdjuqueb.exe
Infecté par: Trojan.Downloader.Dluca.AE
C:\WINDOWS\system32\hdjuqueb.exe
Echec de la désinfection
C:\WINDOWS\system32\hdjuqueb.exe
Supprimé
C:\WINDOWS\system32\hgjlurfg.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\hgjlurfg.exe
Echec de la désinfection
C:\WINDOWS\system32\hgjlurfg.exe
Supprimé
C:\WINDOWS\system32\imrxeegd.exe
Infecté par: Trojan.Downloader.Dluca.AG
C:\WINDOWS\system32\imrxeegd.exe
Echec de la désinfection
C:\WINDOWS\system32\imrxeegd.exe
Supprimé
C:\WINDOWS\system32\inkamknt.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\inkamknt.exe
Echec de la désinfection
C:\WINDOWS\system32\inkamknt.exe
Supprimé
C:\WINDOWS\system32\iwgkvlev.exe
Infecté par: Trojan.Downloader.Dluca.AG
C:\WINDOWS\system32\iwgkvlev.exe
Echec de la désinfection
C:\WINDOWS\system32\iwgkvlev.exe
Supprimé
C:\WINDOWS\system32\jdvmddiy.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\jdvmddiy.exe
Echec de la désinfection
C:\WINDOWS\system32\jdvmddiy.exe
Supprimé
C:\WINDOWS\system32\jekrdygl.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\jekrdygl.exe
Echec de la désinfection
C:\WINDOWS\system32\jekrdygl.exe
Supprimé
C:\WINDOWS\system32\jznehxfn.exe
Infecté par: Trojan.Downloader.Dluca.AG
C:\WINDOWS\system32\jznehxfn.exe
Echec de la désinfection
C:\WINDOWS\system32\jznehxfn.exe
Supprimé
C:\WINDOWS\system32\kcxpmjou.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\kcxpmjou.exe
Echec de la désinfection
C:\WINDOWS\system32\kcxpmjou.exe
Supprimé
C:\WINDOWS\system32\kvocozoc.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\kvocozoc.exe
Supprimé
C:\WINDOWS\system32\lcizhlgs.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\lcizhlgs.exe
Echec de la désinfection
C:\WINDOWS\system32\lcizhlgs.exe
Supprimé
C:\WINDOWS\system32\lgbjibrs.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\lgbjibrs.exe
Supprimé
C:\WINDOWS\system32\lktafwvj.exe
Infecté par: Trojan.Downloader.Dluca.AG
C:\WINDOWS\system32\lktafwvj.exe
Echec de la désinfection
C:\WINDOWS\system32\lktafwvj.exe
Supprimé
C:\WINDOWS\system32\lzjekiqf.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\lzjekiqf.exe
Echec de la désinfection
C:\WINDOWS\system32\lzjekiqf.exe
Supprimé
C:\WINDOWS\system32\lzysltbx.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\lzysltbx.exe
Echec de la désinfection
C:\WINDOWS\system32\lzysltbx.exe
Supprimé
C:\WINDOWS\system32\momyzolp.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\momyzolp.exe
Echec de la désinfection
C:\WINDOWS\system32\momyzolp.exe
Supprimé
C:\WINDOWS\system32\mos.exe=>wise0018
Détecté avec: Application.WurldMedia.A
C:\WINDOWS\system32\mos.exe=>wise0018
Echec de la désinfection
C:\WINDOWS\system32\mos.exe=>wise0018
Supprimé
C:\WINDOWS\system32\mos.exe
Echec de la mise à jour
C:\WINDOWS\system32\ngljgatd.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\ngljgatd.exe
Echec de la désinfection
C:\WINDOWS\system32\ngljgatd.exe
Supprimé
C:\WINDOWS\system32\nhhmyxgz.exe
Infecté par: Trojan.Downloader.Dluca.AG
C:\WINDOWS\system32\nhhmyxgz.exe
Echec de la désinfection
C:\WINDOWS\system32\nhhmyxgz.exe
Supprimé
C:\WINDOWS\system32\npegzosr.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\npegzosr.exe
Echec de la désinfection
C:\WINDOWS\system32\npegzosr.exe
Supprimé
C:\WINDOWS\system32\nzphchvc.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\nzphchvc.exe
Supprimé
C:\WINDOWS\system32\pbvtyxuk.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\pbvtyxuk.exe
Echec de la désinfection
C:\WINDOWS\system32\pbvtyxuk.exe
Supprimé
C:\WINDOWS\system32\pkrrxbdx.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\pkrrxbdx.exe
Supprimé
C:\WINDOWS\system32\pmiwdwmq.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\pmiwdwmq.exe
Supprimé
C:\WINDOWS\system32\pqovywqg.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\pqovywqg.exe
Echec de la désinfection
C:\WINDOWS\system32\pqovywqg.exe
Supprimé
C:\WINDOWS\system32\ptehjxhj.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\ptehjxhj.exe
Echec de la désinfection
C:\WINDOWS\system32\ptehjxhj.exe
Supprimé
C:\WINDOWS\system32\pvcxrefu.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\pvcxrefu.exe
Echec de la désinfection
C:\WINDOWS\system32\pvcxrefu.exe
Supprimé
C:\WINDOWS\system32\pyhvcelr.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\pyhvcelr.exe
Echec de la désinfection
C:\WINDOWS\system32\pyhvcelr.exe
Supprimé
C:\WINDOWS\system32\qbxggmyj.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\qbxggmyj.exe
Echec de la désinfection
C:\WINDOWS\system32\qbxggmyj.exe
Supprimé
C:\WINDOWS\system32\qmazpyoe.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\qmazpyoe.exe
Echec de la désinfection
C:\WINDOWS\system32\qmazpyoe.exe
Supprimé
C:\WINDOWS\system32\qxxeoudj.exe
Infecté par: Trojan.Downloader.Dluca.AE
C:\WINDOWS\system32\qxxeoudj.exe
Echec de la désinfection
C:\WINDOWS\system32\qxxeoudj.exe
Supprimé
C:\WINDOWS\system32\rvkubvjg.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\rvkubvjg.exe
Echec de la désinfection
C:\WINDOWS\system32\rvkubvjg.exe
Supprimé
C:\WINDOWS\system32\rwcerkzd.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\rwcerkzd.exe
Supprimé
C:\WINDOWS\system32\shufkjsa.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\shufkjsa.exe
Echec de la désinfection
C:\WINDOWS\system32\shufkjsa.exe
Supprimé
C:\WINDOWS\system32\sleytchc.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\sleytchc.exe
Echec de la désinfection
C:\WINDOWS\system32\sleytchc.exe
Supprimé
C:\WINDOWS\system32\ssphjntw.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\ssphjntw.exe
Echec de la désinfection
C:\WINDOWS\system32\ssphjntw.exe
Supprimé
C:\WINDOWS\system32\sufefrrk.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\sufefrrk.exe
Echec de la désinfection
C:\WINDOWS\system32\sufefrrk.exe
Supprimé
C:\WINDOWS\system32\syazwcdd.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\syazwcdd.exe
Supprimé
C:\WINDOWS\system32\thblkm.dll
Détecté avec: Application.WurldMedia.A
C:\WINDOWS\system32\thblkm.dll
Echec de la désinfection
C:\WINDOWS\system32\thblkm.dll
Echec de la suppression
C:\WINDOWS\system32\txxaccov.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\txxaccov.exe
Echec de la désinfection
C:\WINDOWS\system32\txxaccov.exe
Supprimé
C:\WINDOWS\system32\uaofgjvw.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\uaofgjvw.exe
Echec de la désinfection
C:\WINDOWS\system32\uaofgjvw.exe
Supprimé
C:\WINDOWS\system32\uuifrqer.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\uuifrqer.exe
Supprimé
C:\WINDOWS\system32\uyutsxag.exe
Infecté par: Trojan.Downloader.Dluca.AG
C:\WINDOWS\system32\uyutsxag.exe
Echec de la désinfection
C:\WINDOWS\system32\uyutsxag.exe
Supprimé
C:\WINDOWS\system32\wjpqucwa.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\wjpqucwa.exe
Supprimé
C:\WINDOWS\system32\wpmveakg.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\wpmveakg.exe
Echec de la désinfection
C:\WINDOWS\system32\wpmveakg.exe
Supprimé
C:\WINDOWS\system32\wsxklfyy.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\wsxklfyy.exe
Echec de la désinfection
C:\WINDOWS\system32\wsxklfyy.exe
Supprimé
C:\WINDOWS\system32\xechjgts.exe
Infecté par: Trojan.Downloader.Dluca.AE
C:\WINDOWS\system32\xechjgts.exe
Echec de la désinfection
C:\WINDOWS\system32\xechjgts.exe
Supprimé
C:\WINDOWS\system32\xhtdfgkl.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\xhtdfgkl.exe
Echec de la désinfection
C:\WINDOWS\system32\xhtdfgkl.exe
Supprimé
C:\WINDOWS\system32\xzfpjpxw.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\xzfpjpxw.exe
Echec de la désinfection
C:\WINDOWS\system32\xzfpjpxw.exe
Supprimé
C:\WINDOWS\system32\yggaoflo.exe
Infecté par: Trojan.Downloader.Dluca.I
C:\WINDOWS\system32\yggaoflo.exe
Echec de la désinfection
C:\WINDOWS\system32\yggaoflo.exe
Supprimé
C:\WINDOWS\system32\ymrjfvvm.exe
Infecté par: Trojan.Downloader.Dluca.AE
C:\WINDOWS\system32\ymrjfvvm.exe
Echec de la désinfection
C:\WINDOWS\system32\ymrjfvvm.exe
Supprimé
C:\WINDOWS\system32\yqmumutv.exe
Infecté par: Trojan.Downloader.Dluca.AG
C:\WINDOWS\system32\yqmumutv.exe
Echec de la désinfection
C:\WINDOWS\system32\yqmumutv.exe
Supprimé
C:\WINDOWS\system32\yvlpvinj.exe
Infecté par: Trojan.Downloader.Dluca.AG
C:\WINDOWS\system32\yvlpvinj.exe
Echec de la désinfection
C:\WINDOWS\system32\yvlpvinj.exe
Supprimé
C:\WINDOWS\system32\yzvzyyqi.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\yzvzyyqi.exe
Supprimé
C:\WINDOWS\system32\zcrphsjy.exe
Infecté par: Trojan.Downloader.Dluca.Q
C:\WINDOWS\system32\zcrphsjy.exe
Supprimé
Voila voila ! Merci encore de m'aider !
Ok !
Logfile of HijackThis v1.99.1
Scan saved at 19:59:11, on 25/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system32\advmon32.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\depvzgb.exe
C:\PROGRA~1\Chic does bat\error cake.exe
C:\windows\system32\mnpol.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\HDD Temperature\HDDTSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HDD Temperature\HDDTemperature.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MSN Apps\Updater\01.05.0000.1009\fr\msnappau.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2internet.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F3 - REG:win.ini: run=c:\windows\system32\advmon32.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TChkBHO Class - {90519EBE-C004-4226-B146-DCF595375AD5} - C:\WINDOWS\system32\thblkm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BibBurn] C:\PROGRA~1\Chic does bat\error cake.exe
O4 - HKLM\..\Run: [MNPol] c:\windows\system32\mnpol.exe /nocomm
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SiS Tray] C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Advmon32] c:\windows\system32\advmon32.exe
O4 - HKLM\..\Run: [dwcedec] C:\WINDOWS\system32\depvzgb.exe r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advmon32] c:\windows\system32\advmon32.exe
O4 - Startup: HDD temperature.lnk = C:\Program Files\HDD Temperature\HDDTemperature.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm41443FR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2internet.fr
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_1028_XP.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylom.tf1.fr/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.tf1.fr/activex/zylomloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?325
O16 - DPF: {F1154108-FB75-47EB-9A7E-4DD28DBDAF34} - http://www.threedegrees.com/td_netd.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://install.wildtangent.com/bgn/partners/wildgames/blasterball2/install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{464160B6-D397-48A0-A218-A38ED7FE6FA1}: NameServer = 212.151.136.242 130.244.127.169
O18 - Protocol: bw+0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WB - C:\DOCUME~1\ANNEGO~1\MESDOC~1\Franck\THMES~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\HDD Temperature\HDDTSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ca me met toujours le message d'erreur au début.
Logfile of HijackThis v1.99.1
Scan saved at 19:59:11, on 25/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system32\advmon32.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\depvzgb.exe
C:\PROGRA~1\Chic does bat\error cake.exe
C:\windows\system32\mnpol.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\HDD Temperature\HDDTSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
C:\Program Files\Windows ControlAd\WinCtlAd.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\HDD Temperature\HDDTemperature.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\MSN Apps\Updater\01.05.0000.1009\fr\msnappau.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2internet.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F3 - REG:win.ini: run=c:\windows\system32\advmon32.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: TChkBHO Class - {90519EBE-C004-4226-B146-DCF595375AD5} - C:\WINDOWS\system32\thblkm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BibBurn] C:\PROGRA~1\Chic does bat\error cake.exe
O4 - HKLM\..\Run: [MNPol] c:\windows\system32\mnpol.exe /nocomm
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SiS Tray] C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Advmon32] c:\windows\system32\advmon32.exe
O4 - HKLM\..\Run: [dwcedec] C:\WINDOWS\system32\depvzgb.exe r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advmon32] c:\windows\system32\advmon32.exe
O4 - Startup: HDD temperature.lnk = C:\Program Files\HDD Temperature\HDDTemperature.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm41443FR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2internet.fr
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_1028_XP.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylom.tf1.fr/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.tf1.fr/activex/zylomloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?325
O16 - DPF: {F1154108-FB75-47EB-9A7E-4DD28DBDAF34} - http://www.threedegrees.com/td_netd.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://install.wildtangent.com/bgn/partners/wildgames/blasterball2/install.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{464160B6-D397-48A0-A218-A38ED7FE6FA1}: NameServer = 212.151.136.242 130.244.127.169
O18 - Protocol: bw+0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WB - C:\DOCUME~1\ANNEGO~1\MESDOC~1\Franck\THMES~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\HDD Temperature\HDDTSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Ca me met toujours le message d'erreur au début.
Bonjour,
Méthode à suivre dans l'ordre...
ds ajout/supp de programme desinstalle si tu trouves Chic does bat
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:
1/
Spybot S&D 1.4 <<nouvelle version.
http://www.safer-networking.org/fr/index.html
Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
2/
Ad-Aware SE 1.06 <<nouvelle version.
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
http://pageperso.aol.fr/balltrap34/adawrevid.asf
----------------------------------------------------------------------------
¤Désactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique.
----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage
Coche « afficher les fichiers et dossiers cachés »
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.
Et appliquer !
----------------------------------------------------------------------------
¤Vide tes fichiers temps et tempory internet file:
:: Supprimer les fichiers temporaires ::
vider tout le contenu de ces dossiers.
* C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Windows\Temp
:: Le contenu du dossier prefetch ::
* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini
* Ne pas oublier de vider la corbeille !
----------------------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F3 - REG:win.ini: run=c:\windows\system32\advmon32.exe
O2 - BHO: TChkBHO Class - {90519EBE-C004-4226-B146-DCF595375AD5} - C:\WINDOWS\system32\thblkm.dll
O4 - HKLM\..\Run: [BibBurn] C:\PROGRA~1\Chic does bat\error cake.exe
O4 - HKLM\..\Run: [MNPol] c:\windows\system32\mnpol.exe /nocomm
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [Advmon32] c:\windows\system32\advmon32.exe
O4 - HKLM\..\Run: [dwcedec] C:\WINDOWS\system32\depvzgb.exe r
O4 - HKCU\..\Run: [Advmon32] c:\windows\system32\advmon32.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm41443FR
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_1028_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylom.tf1.fr/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.tf1.fr/activex/zylomloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?325
O16 - DPF: {F1154108-FB75-47EB-9A7E-4DD28DBDAF34} - http://www.threedegrees.com/td_netd.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://install.wildtangent.com/bgn/partners/wildgames/blasterball2/install.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing)
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).
C:\WINDOWS\Nail.exe
c:\windows\system32\advmon32.exe
C:\PROGRA~1\Chic does bat
c:\windows\system32\mnpol.exe /nocomm
C:\Program Files\Windows ControlAd
C:\WINDOWS\system32\depvzgb.exe r
c:\windows\SvcProc.exe
----------------------------------------------------------------------------
¤Arrête ces services :
Clique sur Démarrer->exécuter->tape: services.msc
Double-clique: Service: System Startup Service (SvcProc)
Règle-le sur "Arrêté" et "Désactivé".
----------------------------------------------------------------------------
¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Vide ta Corbeille.
----------------------------------------------------------------------------
¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.
Précise tes soucis s’il en reste....
Tiens-moi au courant
A+
Méthode à suivre dans l'ordre...
ds ajout/supp de programme desinstalle si tu trouves Chic does bat
----------------------------------------------------------------------------
¤Télécharge ces logiciels mais que tu n‘utilises pas tout de suite:
1/
Spybot S&D 1.4 <<nouvelle version.
http://www.safer-networking.org/fr/index.html
Démo d’utilisation (merci à Balltrap34 pour cette réalisation).
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
2/
Ad-Aware SE 1.06 <<nouvelle version.
http://www.lavasoftusa.com/software/adaware/
-Une aide:
http://www.tutopat.com/viewtopic.php?t=1191
- installe le patch français, tu pourras le trouver ici:
http://download.lavasoft.de.edgesuite.net/public/pllangs.exe
et une petite vidéo d'utilisation ici:(merci à Moe31 pour cette réalisation).
http://pageperso.aol.fr/balltrap34/adawrevid.asf
----------------------------------------------------------------------------
¤Désactive ta restauration système (uniquement si tu es sous XP):
Clic droit sur poste de travail puis,
propriété, tu cliques sur onglet restauration système
tu coches la case « désactiver la restauration » et applique.
----------------------------------------------------------------------------
¤Démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal !
(Si F8 ne marche pas utilise la touche F5).
----------------------------------------------------------------------------
¤Affiche tous les fichiers et dossiers :
Clique sur démarrer/panneau de configuration/outil/option des dossiers/affichage
Coche « afficher les fichiers et dossiers cachés »
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décoche « masquer les extensions dont le type est connu »
Puis fais «Ok» pour valider les changements.
Et appliquer !
----------------------------------------------------------------------------
¤Vide tes fichiers temps et tempory internet file:
:: Supprimer les fichiers temporaires ::
vider tout le contenu de ces dossiers.
* C:\Documents and Settings\ton compte\Local Settings\Temp
* C:\Documents and Settings\tous les autres comptes\Local Settings\Temp
* C:\Windows\Temp
:: Le contenu du dossier prefetch ::
* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini
* Ne pas oublier de vider la corbeille !
----------------------------------------------------------------------------
¤Relance HijackThis, coche les cases devant ces lignes et ensuite clique sur fix checked :
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
F3 - REG:win.ini: run=c:\windows\system32\advmon32.exe
O2 - BHO: TChkBHO Class - {90519EBE-C004-4226-B146-DCF595375AD5} - C:\WINDOWS\system32\thblkm.dll
O4 - HKLM\..\Run: [BibBurn] C:\PROGRA~1\Chic does bat\error cake.exe
O4 - HKLM\..\Run: [MNPol] c:\windows\system32\mnpol.exe /nocomm
O4 - HKLM\..\Run: [Windows ControlAd] C:\Program Files\Windows ControlAd\WinCtlAd.exe
O4 - HKLM\..\Run: [Advmon32] c:\windows\system32\advmon32.exe
O4 - HKLM\..\Run: [dwcedec] C:\WINDOWS\system32\depvzgb.exe r
O4 - HKCU\..\Run: [Advmon32] c:\windows\system32\advmon32.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm41443FR
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://fr.encyclopedia.yahoo.com/rsc/tdserver.cab
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} - http://akamai.downloadv3.com/binaries/IA/dtc32_FR_XP.cab
O16 - DPF: {1EB17D1C-141D-4D9D-91CB-24D99215851D} - http://akamai.downloadv3.com/binaries/IA/netia32_FR_XP.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/bestfriends/retro64_loader.dll
O16 - DPF: {2ABE804B-4D3A-41BF-A172-304627874B45} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_1028_XP.cab
O16 - DPF: {469C7080-8EC8-43A6-AD97-45848113743C} - http://akamai.downloadv3.com/binaries/IA/nethv32_FR_XP.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game18.zylom.tf1.fr/activex/zylomgamesplayer.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://game16.zylom.tf1.fr/activex/zylomloader.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://anu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/fr/check/qdiagh.cab?325
O16 - DPF: {F1154108-FB75-47EB-9A7E-4DD28DBDAF34} - http://www.threedegrees.com/td_netd.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://install.wildtangent.com/bgn/partners/wildgames/blasterball2/install.cab
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe (file missing)
----------------------------------------------------------------------------
¤Recherche et supprime ceci:
attention seulement les fichiers (si présents).
C:\WINDOWS\Nail.exe
c:\windows\system32\advmon32.exe
C:\PROGRA~1\Chic does bat
c:\windows\system32\mnpol.exe /nocomm
C:\Program Files\Windows ControlAd
C:\WINDOWS\system32\depvzgb.exe r
c:\windows\SvcProc.exe
----------------------------------------------------------------------------
¤Arrête ces services :
Clique sur Démarrer->exécuter->tape: services.msc
Double-clique: Service: System Startup Service (SvcProc)
Règle-le sur "Arrêté" et "Désactivé".
----------------------------------------------------------------------------
¤ Passe Ad-Aware et supprime tout ce qu’il trouve + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Passe Spybot et corrige tout ce qu’il trouve + vaccine + supprime les quarantaines…
----------------------------------------------------------------------------
¤ Vide ta Corbeille.
----------------------------------------------------------------------------
¤ Redémarre en mode normal, relance Hijackthis et copie/colle un nouveau rapport sur le forum.
Précise tes soucis s’il en reste....
Tiens-moi au courant
A+
Merci de m'aider !
J'ai pas trouvé :
O4 - HKLM\..\Run: [dwcedec] C:\WINDOWS\system32\depvzgb.exe r
c:\windows\system32\advmon32.exe
C:\WINDOWS\system32\depvzgb.exe r
c:\windows\SvcProc.exe
J'ai supprimer tout le reste.
Ad-Aware m'a trouvé 130 objet dont 79 critique, spybot a trouvé 5 entrées et m'a vacciné de 5790. Je sais pas pourquoi mais j'ai l'impression que c'était utile !
mon nouveau log :
Logfile of HijackThis v1.99.1
Scan saved at 13:33:33, on 26/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ktlvss.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\HDD Temperature\HDDTSvc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\HDD Temperature\HDDTemperature.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2internet.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SiS Tray] C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lfljqay] C:\WINDOWS\system32\ktlvss.exe r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HDD temperature.lnk = C:\Program Files\HDD Temperature\HDDTemperature.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2internet.fr
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Protocol: bw+0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WB - C:\DOCUME~1\ANNEGO~1\MESDOC~1\Franck\THMES~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\HDD Temperature\HDDTSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Zone alarm vient de me demander pour Aurora. Voici les infos :
Nom du programme Aurora Programme installé sur votre ordinateur qui a tenté d'envoyer un paquet IP via Internet ou qui attend de recevoir un paquet entrant.
Nom du fichier vkaaaqltxu.exe Nom du fichier du programme que ZoneAlarm a trouvé sur votre ordinateur.
Version du programme 1.0.3.1 Version de Aurora installée sur votre ordinateur.
Taille du programme 84480 Taille (en octets) du fichier exécutable du programme.
MD5 du programme 36221c7b6a619ef0c58a58bff0dae06e Hachage MD5, ou numéro, qui identifie de façon unique le programme exécutable.
Smart Checksum 8adee8f8792d9733c4c4c4ffbd1c26b5 Hachage SKIMP, ou numéro, qui identifie de façon unique le programme exécutable.
Date de modification May-06-2004 09:57:24 AM Date de dernière modification de vkaaaqltxu.exe.
Type de connexion Accès Cette valeur peut être Accès, qui est une tentative de connexion à Internet de la part de Aurora ou Serveur, qui indique que Aurora attend des connexions entrantes provenant d'Internet.
Port distant 1135 Port utilisé par Aurora sur l'ordinateur distant.
Adresse IP distante 127.0.0.1 Adresse IP de l'ordinateur distant qui est à l'origine de l'alerte.
Au fait, je peux reactiver la restauration système ou c'est une grosse faille de sécurité ?
J'ai pas trouvé :
O4 - HKLM\..\Run: [dwcedec] C:\WINDOWS\system32\depvzgb.exe r
c:\windows\system32\advmon32.exe
C:\WINDOWS\system32\depvzgb.exe r
c:\windows\SvcProc.exe
J'ai supprimer tout le reste.
Ad-Aware m'a trouvé 130 objet dont 79 critique, spybot a trouvé 5 entrées et m'a vacciné de 5790. Je sais pas pourquoi mais j'ai l'impression que c'était utile !
mon nouveau log :
Logfile of HijackThis v1.99.1
Scan saved at 13:33:33, on 26/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ktlvss.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\HDD Temperature\HDDTSvc.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\HDD Temperature\HDDTemperature.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2internet.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SiS Tray] C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [lfljqay] C:\WINDOWS\system32\ktlvss.exe r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HDD temperature.lnk = C:\Program Files\HDD Temperature\HDDTemperature.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2internet.fr
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Protocol: bw+0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WB - C:\DOCUME~1\ANNEGO~1\MESDOC~1\Franck\THMES~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\HDD Temperature\HDDTSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Zone alarm vient de me demander pour Aurora. Voici les infos :
Nom du programme Aurora Programme installé sur votre ordinateur qui a tenté d'envoyer un paquet IP via Internet ou qui attend de recevoir un paquet entrant.
Nom du fichier vkaaaqltxu.exe Nom du fichier du programme que ZoneAlarm a trouvé sur votre ordinateur.
Version du programme 1.0.3.1 Version de Aurora installée sur votre ordinateur.
Taille du programme 84480 Taille (en octets) du fichier exécutable du programme.
MD5 du programme 36221c7b6a619ef0c58a58bff0dae06e Hachage MD5, ou numéro, qui identifie de façon unique le programme exécutable.
Smart Checksum 8adee8f8792d9733c4c4c4ffbd1c26b5 Hachage SKIMP, ou numéro, qui identifie de façon unique le programme exécutable.
Date de modification May-06-2004 09:57:24 AM Date de dernière modification de vkaaaqltxu.exe.
Type de connexion Accès Cette valeur peut être Accès, qui est une tentative de connexion à Internet de la part de Aurora ou Serveur, qui indique que Aurora attend des connexions entrantes provenant d'Internet.
Port distant 1135 Port utilisé par Aurora sur l'ordinateur distant.
Adresse IP distante 127.0.0.1 Adresse IP de l'ordinateur distant qui est à l'origine de l'alerte.
Au fait, je peux reactiver la restauration système ou c'est une grosse faille de sécurité ?
Je viens de voir que dans HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
La clé shell, il y a ça : Explorer.exe C:\WINDOWS\Nail.exe
Le nail.exe me derange quelque peu !
Je doit l'enlever ou pas ?
La clé shell, il y a ça : Explorer.exe C:\WINDOWS\Nail.exe
Le nail.exe me derange quelque peu !
Je doit l'enlever ou pas ?
Alors pour la suite, imprime ce poste car la manip est longue et il faut beaucoup de rigeur.
IMPORTANT:
ne pas laisser redemarrer l'ordi en mode normal entre chaque manip. (au risque de repartir à zéro).
2) telecharge ceci
http://www.downloads.subratam.org/l2mfix.exe
clean up
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
Telecharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe
regarde la video sur l’utilisation avec le block note, on va s’en servire plus tard:
http://pageperso.aol.fr/balltrap34/killbox.htm
nailfix, telecharge le ici:
http://www.noidea.us/easyfile/file.php?download=20050515010747824
mais ne fais rien de plus.
3) désactive ta restauration système
pour ça tu fais clic droit sur poste de travail
propriété tu cliques sur onglet restauration système
tu coches la case désactiver la restauration et applique
► assure toi de ceci
Affiche tous les fichiers et dossiers :
cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer
► vide tes fichiers temps et tempory internet file sur tous les utilisateur
utilise ceci pour le faire
♪http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
4) Lance L2mfix
decompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 2
à la fin le prog devrait redémarrer ton système, des le lancement du bios, tapote sur la touche F8 afin de basculer en mode sans échec (attention c’est important)
5) Killbox
1- Double-clic sur KillBox.exe
2- ouvre le bloc notes et copie la liste en gras ci-dessous
3- Sélectionne "Delete on Reboot"
4- reviens sur le bloc-notes et surligne toute la liste, puis clic droit dessus et clic sur copier
5- revient sur killbox, et dans le menu du haut clic sur File, puis sur paste from clipboard
5- clic sur le rond rouge
6- une fenêtre va apparaître pour confirmation clic sur OUI
7- une seconde fenêtre te demande si tu veux redémarrer clic sur OUI
liste
C:\WINDOWS\Nail.exe
C:\WINDOWS\system32\ktlvss.exe r
quand killbox redémarre le pc, appuie immédiatement sur F8, pour passer en mode sans échec
6) lance hijackthis et fixe :
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [lfljqay] C:\WINDOWS\system32\ktlvss.exe r
7) passe nailfix
8) repasse l2mfix option 2, laisse redemarrer normalement et refait un log hijack
bon travail et à toute...
IMPORTANT:
ne pas laisser redemarrer l'ordi en mode normal entre chaque manip. (au risque de repartir à zéro).
2) telecharge ceci
http://www.downloads.subratam.org/l2mfix.exe
clean up
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
Telecharge: Pocket Killbox ici
http://www.downloads.subratam.org/KillBox.exe
regarde la video sur l’utilisation avec le block note, on va s’en servire plus tard:
http://pageperso.aol.fr/balltrap34/killbox.htm
nailfix, telecharge le ici:
http://www.noidea.us/easyfile/file.php?download=20050515010747824
mais ne fais rien de plus.
3) désactive ta restauration système
pour ça tu fais clic droit sur poste de travail
propriété tu cliques sur onglet restauration système
tu coches la case désactiver la restauration et applique
► assure toi de ceci
Affiche tous les fichiers et dossiers :
cliquer sur démarrer/panneau de configuration/option des dossiers/affichage
Cocher afficher les dossiers cacher
Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"
Décocher masquer les extensions dont le type est connu
Puis fais «Ok» pour valider les changements.
Et appliquer
► vide tes fichiers temps et tempory internet file sur tous les utilisateur
utilise ceci pour le faire
♪http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
4) Lance L2mfix
decompresse le double clik sur l2mfix.bat appuie sur n importe quelle touche et ensuite choisi l option 2
à la fin le prog devrait redémarrer ton système, des le lancement du bios, tapote sur la touche F8 afin de basculer en mode sans échec (attention c’est important)
5) Killbox
1- Double-clic sur KillBox.exe
2- ouvre le bloc notes et copie la liste en gras ci-dessous
3- Sélectionne "Delete on Reboot"
4- reviens sur le bloc-notes et surligne toute la liste, puis clic droit dessus et clic sur copier
5- revient sur killbox, et dans le menu du haut clic sur File, puis sur paste from clipboard
5- clic sur le rond rouge
6- une fenêtre va apparaître pour confirmation clic sur OUI
7- une seconde fenêtre te demande si tu veux redémarrer clic sur OUI
liste
C:\WINDOWS\Nail.exe
C:\WINDOWS\system32\ktlvss.exe r
quand killbox redémarre le pc, appuie immédiatement sur F8, pour passer en mode sans échec
6) lance hijackthis et fixe :
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [lfljqay] C:\WINDOWS\system32\ktlvss.exe r
7) passe nailfix
8) repasse l2mfix option 2, laisse redemarrer normalement et refait un log hijack
bon travail et à toute...
Me revoila !
J'ai fait toutes les manips mais ni killbox, ni HijackThis ne detectait C:\WINDOWS\system32\ktlvss
Voici le dernier log hijack :
Logfile of HijackThis v1.99.1
Scan saved at 19:04:04, on 26/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\HDD Temperature\HDDTSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2internet.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SiS Tray] C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [tmklrbv] C:\WINDOWS\system32\xvcejdq.exe r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HDD temperature.lnk = C:\Program Files\HDD Temperature\HDDTemperature.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2internet.fr
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Protocol: bw+0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WB - C:\DOCUME~1\ANNEGO~1\MESDOC~1\Franck\THMES~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\HDD Temperature\HDDTSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
J'ai vérifié, la clé shell n'a plus nail.exe
J'éspère que c'est clean maintenant ! J'aurais jamais pensé que mon ordi était aussi infecté que ca ! Comme quoi, la défense 100% est loin d'existé !
Et maintenant, je peux reactiver la restauration windows ou pas ?
Et franchement, un grand bravo et un enorme merci a regis59 parce que t'es un vrai génie !
J'ai fait toutes les manips mais ni killbox, ni HijackThis ne detectait C:\WINDOWS\system32\ktlvss
Voici le dernier log hijack :
Logfile of HijackThis v1.99.1
Scan saved at 19:04:04, on 26/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\HDD Temperature\HDDTSvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tele2internet.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fr\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [FLMLABTECMOUSE] C:\Program Files\Labtec\Labtec Mouse Software\2.0\mouse32a.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SiS Tray] C:\Documents and Settings\Anne Gourgouilhon\Mes documents\Franck\mise a jour\630_209_winxp (chipset video)\Utility\sistray.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [tmklrbv] C:\WINDOWS\system32\xvcejdq.exe r
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: HDD temperature.lnk = C:\Program Files\HDD Temperature\HDDTemperature.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tele2internet.fr
O16 - DPF: Interface Chat Wanadoo - http://chat14.x-echo.com/version3/Applet/wchatsign.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Protocol: bw+0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {61DB6B68-884E-435D-9267-730B12A1E8C1} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WB - C:\DOCUME~1\ANNEGO~1\MESDOC~1\Franck\THMES~1\WINDOW~1\fastload.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\HDD Temperature\HDDTSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
J'ai vérifié, la clé shell n'a plus nail.exe
J'éspère que c'est clean maintenant ! J'aurais jamais pensé que mon ordi était aussi infecté que ca ! Comme quoi, la défense 100% est loin d'existé !
Et maintenant, je peux reactiver la restauration windows ou pas ?
Et franchement, un grand bravo et un enorme merci a regis59 parce que t'es un vrai génie !
re,
pas tout a fait clean
tu relance hijack this et fixe ceci
O4 - HKLM\..\Run: [tmklrbv] C:\WINDOWS\system32\xvcejdq.exe r
tu relance killbox comme auparavant et tu trouve ceci
C:\WINDOWS\system32\xvcejdq.exe r (celui que tu auras fixer ds hijack this)
Il se peut que tu ne trouve pas celui la mais dans tous les cas dans hijack this, il se nomme en 04 avec lettres alletaires entre [ ] , il est dans le systeme 32 et il se termine comme ceci xxx.exe r
pas trop confus?
a+
pas tout a fait clean
tu relance hijack this et fixe ceci
O4 - HKLM\..\Run: [tmklrbv] C:\WINDOWS\system32\xvcejdq.exe r
tu relance killbox comme auparavant et tu trouve ceci
C:\WINDOWS\system32\xvcejdq.exe r (celui que tu auras fixer ds hijack this)
Il se peut que tu ne trouve pas celui la mais dans tous les cas dans hijack this, il se nomme en 04 avec lettres alletaires entre [ ] , il est dans le systeme 32 et il se termine comme ceci xxx.exe r
pas trop confus?
a+
