Marre de toute les pubs

freds30 Messages postés 13 Statut Membre -  
freds30 Messages postés 13 Statut Membre -
Bonjour,
Bonjour,
je sais que je ne suis pas le seul dans ce cas et pourtant moi hormis le fait que j'ai beaucoups de pub qui s'affichent et de tout les styles
sexe,voyance,casino ,svexla etc etc bref aujourd'hui je tire la sonnette d'alarme et je recherche une ame charitable qui saura me depatouillé de tout cela de plus mon winrar ne marche plus c est la misere ni mon ad-aware se a chaque fois que j'essai d'ouvrir cela me met que ca a rencontré un probleme et que mes programmes doivent etre fermé grrrrr j'ai tout tenté j ai meme essayer de retelecharger mais rien n y fait je suis desesperé que faire
Configuration: Windows XP
Internet Explorer 6.0
Configuration: Windows XP
Internet Explorer 6.0

10 réponses

  1. Zerocoole
     
    Bonjour,

    Comme pour tous les autres,

    N'utiliser pas internet explorer / Mais firefox avec un plug in tierce adblock plus

    En ce qui concerne ta machine il est fort probable qu'elle soit infecté de spyware.

    va sur le site de filehippo.com et recupere hijackthis

    et post le resultat

    Merci
    0
  2. freds30 Messages postés 13 Statut Membre
     
    ok merci je te fait cela de suite
    0
  3. freds30 Messages postés 13 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:34:08, on 09/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Avast\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avast\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\Program Files\Avast\ashMaiSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Avast\ashWebSv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\PROGRA~1\WinRAR\WinRAR.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4URSC81Q\HiJackThis[1].exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
    O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-018845CDF059} - C:\Program Files\Invyyifm\elstwaal.dll
    O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7EFF4F77-8C6F-49BC-B6BA-BD693C496DF0} - C:\WINDOWS\system32\mllih.dll (file missing)
    O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\fphkgghw.dll
    O2 - BHO: (no name) - {8DC13F33-719B-46C9-A590-6FA097E0570F} - C:\WINDOWS\system32\opnkhig.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {B8CFE439-3388-46A6-94D8-5D67F1719D24} - C:\WINDOWS\system32\opnop.dll
    O2 - BHO: CAdBlocker Object - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\ovkwnroy.dll",sitypnow
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: º£ÐÅÎÞÏßÍø¿¨ÉèÖóÌÐò.url
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Micro Application Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - (no file)
    O20 - Winlogon Notify: iifgeec - iifgeec.dll (file missing)
    O20 - Winlogon Notify: mllih - C:\WINDOWS\system32\mllih.dll (file missing)
    O20 - Winlogon Notify: opnkhig - C:\WINDOWS\SYSTEM32\opnkhig.dll
    O20 - Winlogon Notify: opnop - C:\WINDOWS\system32\opnop.dll
    O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
    O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
    O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\kslmkvge.exe (file missing)
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF
    0
  4. Zerocoole
     
    Bonjour,

    Ouaaa ya du monde ,,

    Relance hijackthis et coche ceci
    et click sur fix checked

    O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-018845CDF059} - C:\Program Files\Invyyifm\elstwaal.dll
    O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: (no name) - {7EFF4F77-8C6F-49BC-B6BA-BD693C496DF0} - C:\WINDOWS\system32\mllih.dll (file missing)
    O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\system32\fphkgghw.dll
    O2 - BHO: (no name) - {8DC13F33-719B-46C9-A590-6FA097E0570F} - C:\WINDOWS\system32\opnkhig.dll
    O2 - BHO: (no name) - {B8CFE439-3388-46A6-94D8-5D67F1719D24} - C:\WINDOWS\system32\opnop.dll

    As tu windows defender ?
    Lance le

    Fais un scan nettoye et re post un log d'hijackthis

    Merci
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt peux tu aussi nous coller les resultats suivant svp

    scan avec vundofix

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    Double cliquez VundoFix.exe pour l'exécuter.
    Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
    Une fois le scan fini, cliquez sur le bouton Remove Vundo.
    Vous recevrez un avertissement vous demandant si vous voulez effacer ces
    fichiers répondez en cliquant sur YES
    Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
    enlève Vundo.

    Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
    OK.

    puis :

    ---------

    virtumondebegone

    http://secured2k.home.comcast.net/tools/VirtumundoBeGone.exe

    ----------

    combofix (colle le rapport)

    http://mickael.barroux.free.fr/securite/combofix.php

    _____________

    recolle ensuite un hijackhtis mais il ne faut pas qu'il soit dans un fichier temporaire
    0
  7. freds30 Messages postés 13 Statut Membre
     
    euh en relancant le hijackthis j'ai recherché les clé precedement cité mais je ne les trouve pas on dirais que le rapport a changer regardé !

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:15:10, on 09/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avast\aswUpdSv.exe
    C:\Program Files\Avast\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Avast\ashMaiSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Avast\ashWebSv.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\etnbggdb.dll",sitypnow
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: º£ÐÅÎÞÏßÍø¿¨ÉèÖóÌÐò.url
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Micro Application Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - (no file)
    O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
    O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Avast\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Avast\ashWebSv.exe
    O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\kslmkvge.exe (file missing)
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    c'est par ce que tu as une infection vundo et que tu n'as pas renommer hijackthis

    et que tu as peut etre fixé des cases

    renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."

    colle les rapports de mon message 5

    a plus
    0
  9. freds30 Messages postés 13 Statut Membre
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:20:46, on 10/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\wifi\CW210Cfg.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\etnbggdb.dll",sitypnow
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: º£ÐÅÎÞÏßÍø¿¨ÉèÖóÌÐò.url
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Micro Application Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - (no file)
    O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
    O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\kslmkvge.exe (file missing)
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF
    0
  10. freds30 Messages postés 13 Statut Membre
     
    c est la galere
    0
  11. freds30 Messages postés 13 Statut Membre
     
    rapport combofix

    ComboFix 07-10-10.1 - Administrateur 2007-10-10 1:32:51.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.196 [GMT 2:00]
    * Created a new restore point
    .
    [color=red][b] Le Rootkit driver pe386 est présent... tentative de désinfection [/b][/color]
    [color=blue] pe386 ...... driver déchargé avec succès.[/color]

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\Fichiers communs\{48421~1
    C:\Program Files\SecCenter
    C:\Program Files\SecCenter\scprot4.exe
    C:\Program Files\SecCenter\scprot4.exe.bak
    C:\Program Files\webmediaplayer
    C:\Program Files\webmediaplayer\resources\languages.xml
    C:\Program Files\webmediaplayer\resources\webmedias
    C:\Program Files\webmediaplayer\skins\classic.skn
    C:\Program Files\webmediaplayer\WebMediaPlayer.url
    C:\WINDOWS\cookies.ini
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\amydpdgsdj.dat
    C:\WINDOWS\system32\amydpdgsdj_nav.dat
    C:\WINDOWS\system32\amydpdgsdj_navps.dat
    C:\WINDOWS\system32\drivers\npf.sys
    C:\WINDOWS\system32\iqnbvpd.dat
    C:\WINDOWS\system32\iqnbvpd_nav.dat
    C:\WINDOWS\system32\iqnbvpd_navps.dat
    C:\WINDOWS\system32\lzx32.sys
    C:\WINDOWS\system32\packet.dll

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

    .
    -------\LEGACY_DOMAINSERVICE
    -------\LEGACY_NM
    -------\LEGACY_NPF
    -------\LEGACY_WINDOWS_LOG
    -------\DomainService
    -------\nm
    -------\NPF

    ((((((((((((((((((((((((((((( Fichiers créés 2007-09-09 to 2007-10-09 ))))))))))))))))))))))))))))))))))))
    .

    2007-10-10 01:29 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-10-10 00:29 <REP> d-------- C:\VundoFix Backups
    2007-10-09 19:48 <REP> d-------- C:\Program Files\Navilog1
    2007-10-09 19:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic
    2007-10-09 17:11 <REP> d-------- C:\Program Files\Trend Micro
    2007-09-30 19:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\pixelStorm
    2007-09-24 10:43 <REP> d-------- C:\Program Files\TomTom DesktopSuite

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-10-09 22:16 --------- d-----w C:\Program Files\Invyyifm
    2007-10-09 17:39 --------- d-----w C:\Program Files\Avast
    2007-10-09 00:03 --------- d-----w C:\Program Files\ewido anti-spyware 4.0
    2007-10-08 22:38 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
    2007-10-08 22:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-10-08 22:37 --------- d-----w C:\Program Files\Google
    2007-10-07 11:38 --------- d-----w C:\Program Files\xwvwrsfs
    2007-10-06 14:27 --------- d-----w C:\Program Files\The Logo Creator v3
    2007-10-06 07:45 --------- d-----w C:\Program Files\Ulead Systems
    2007-10-03 07:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-09-30 12:46 --------- d-----w C:\Program Files\Dl_cats
    2007-09-25 12:00 --------- d-----w C:\Program Files\Maxthon
    2007-09-20 19:46 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\LimeWire
    2007-09-19 17:39 --------- d-----w C:\Program Files\uTorrent
    2007-08-30 18:27 --------- d-----w C:\Program Files\xqzolwpi
    2007-08-30 18:16 --------- d-----w C:\Program Files\Maxthon2
    2007-08-30 14:31 --------- d-----w C:\Program Files\Yahoo!
    2007-08-20 16:10 --------- d-----w C:\Program Files\VirtualDJ
    2007-08-19 23:20 --------- d-----w C:\Program Files\Siber Systems
    2007-08-19 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
    2007-08-17 23:42 --------- d-----w C:\Program Files\Pinnacle
    2007-08-17 23:34 --------- d-----w C:\Program Files\3GP Video Converter 3
    2007-08-17 18:17 --------- d-----w C:\Program Files\AliveMedia
    2007-07-23 11:40 1,022 ----a-w C:\Documents and Settings\Administrateur\Application Data\wklnhst.dat
    2002-01-30 19:22 464 ----a-w C:\Documents and Settings\USB CF Reader\layout.bin
    2000-05-16 15:36 139,264 ----a-w C:\Documents and Settings\USB CF Reader\Setup.exe
    1999-06-09 12:25 28,672 ----a-w C:\Documents and Settings\USB CF Reader\LAUNCH.EXE
    2006-11-12 08:38:31 11,740 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3F5E9987-FD12-408E-3612-018845CDF059}]
    C:\Program Files\Invyyifm\elstwaal.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{73264A54-ACA0-425A-A0A2-ED58369A9DA8}]
    C:\WINDOWS\system32\opnop.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 04:55 C:\WINDOWS\system32\bthprops.cpl]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52]
    "DLCFCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll" [2005-09-08 20:55]
    "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-09 19:33]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2007-02-18 19:08]
    "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:55]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "Ghp`amfUbrhLds"=0 (0x0)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "Mn@iboddPubswLfov"=0 (0x0)
    "Mn@mlrf"=0 (0x0)
    "MnOndNeg"=0 (0x0)
    "MnQtm"=0 (0x0)
    "NoLogOff"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifgeec]
    iifgeec.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^AquariumDesktop2006.lnk]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^__delete_on_reboot__i_e_x_p_l_o_r_e_._e_x_e_]
    path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\__delete_on_reboot__i_e_x_p_l_o_r_e_._e_x_e_
    backup=C:\WINDOWS\pss\__delete_on_reboot__i_e_x_p_l_o_r_e_._e_x_e_Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
    C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bchidqhs]
    regsvr32 /u "C:\Documents and Settings\All Users\Application Data\bchidqhs.dll"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDrive]
    rundll32.exe C:\WINDOWS\system32\drvlil.dll,startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Emule Speed Booster]
    "C:\Program Files\Emule Speed Booster\Emule Speed Booster.exe" -tray

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoEngine]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EoWeather]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryManager]
    rundll32.exe "C:\WINDOWS\system32\qdmqnevp.dll",forkonce

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
    "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mlexkjat]
    rundll32.exe "C:\Program Files\xwvwrsfs\hqtyjazy.dll",Init

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    "C:\Program Files\Messenger\msmsgs.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    ~"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando]
    "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    "C:\Program Files\QuickTime\qttask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchIndexer]
    rundll32.exe "C:\WINDOWS\system32\ofhumogg.dll",sitypnow

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
    C:\WINDOWS\vsnpstd3.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedOptimizer]
    C:\PROGRA~1\SPEEDO~1\SPO.EXE -s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stonedrv]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
    "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xqzolwpi]
    rundll32.exe "C:\Program Files\xqzolwpi\xqpmbkxy.dll",Init

    R0 VOBID;VOBID;C:\WINDOWS\system32\DRIVERS\vobid.sys
    R1 vobiw;vobiw;C:\WINDOWS\system32\drivers\vobiw.sys
    R2 Vcs;Vcs support;\??\C:\WINDOWS\system32\Drivers\Vcs.sys
    R3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;\??\C:\WINDOWS\system32\CBTNDIS5.SYS
    R3 cdrdrv;Cdrdrv;C:\WINDOWS\system32\Drivers\Cdrdrv.sys
    R3 EMCR;EMCR;C:\WINDOWS\system32\DRIVERS\EMCR7SK.sys
    R3 odysseyIM3;Odyssey Network Services Miniport;C:\WINDOWS\system32\DRIVERS\odysseyIM3.sys
    S1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
    S3 CW210g;Hi-link CW210g Cardbus Adapter Driver;C:\WINDOWS\system32\DRIVERS\CW210XP.sys

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e7be511-a35f-11db-9997-0001360a6d97}]
    AutoRun\command - F:\InstallTomTomHOME.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-10-08 22:00:00 C:\WINDOWS\Tasks\At1.job"
    "2007-09-27 07:00:00 C:\WINDOWS\Tasks\At10.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-10-08 08:00:00 C:\WINDOWS\Tasks\At11.job"
    "2007-10-08 09:00:00 C:\WINDOWS\Tasks\At12.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-10-08 10:00:00 C:\WINDOWS\Tasks\At13.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-10-08 11:00:00 C:\WINDOWS\Tasks\At14.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-10-08 12:00:00 C:\WINDOWS\Tasks\At15.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-10-08 13:00:00 C:\WINDOWS\Tasks\At16.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-10-09 14:00:00 C:\WINDOWS\Tasks\At17.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-10-08 15:00:00 C:\WINDOWS\Tasks\At18.job"
    "2007-10-09 16:00:00 C:\WINDOWS\Tasks\At19.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-10-09 23:00:00 C:\WINDOWS\Tasks\At2.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-10-09 17:00:00 C:\WINDOWS\Tasks\At20.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-10-09 18:00:00 C:\WINDOWS\Tasks\At21.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-10-07 19:00:00 C:\WINDOWS\Tasks\At22.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-10-07 20:00:00 C:\WINDOWS\Tasks\At23.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-10-08 21:00:00 C:\WINDOWS\Tasks\At24.job"
    "2007-10-08 22:00:00 C:\WINDOWS\Tasks\At25.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-10-09 23:00:00 C:\WINDOWS\Tasks\At26.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-10-09 00:00:00 C:\WINDOWS\Tasks\At27.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-10-09 01:00:02 C:\WINDOWS\Tasks\At28.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-10-09 02:00:00 C:\WINDOWS\Tasks\At29.job"
    "2007-10-09 00:00:00 C:\WINDOWS\Tasks\At3.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-08-20 13:28:15 C:\WINDOWS\Tasks\At30.job"
    "2007-08-20 13:28:15 C:\WINDOWS\Tasks\At31.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-08-20 13:28:15 C:\WINDOWS\Tasks\At32.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At33.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-09-27 07:00:00 C:\WINDOWS\Tasks\At34.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-10-08 08:00:00 C:\WINDOWS\Tasks\At35.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-10-08 09:00:00 C:\WINDOWS\Tasks\At36.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-10-08 10:00:00 C:\WINDOWS\Tasks\At37.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-10-08 11:00:00 C:\WINDOWS\Tasks\At38.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-10-08 12:00:00 C:\WINDOWS\Tasks\At39.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-10-09 01:00:03 C:\WINDOWS\Tasks\At4.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-10-08 13:00:00 C:\WINDOWS\Tasks\At40.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-10-09 14:00:00 C:\WINDOWS\Tasks\At41.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-10-08 15:00:00 C:\WINDOWS\Tasks\At42.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-10-09 16:00:00 C:\WINDOWS\Tasks\At43.job"
    "2007-10-09 17:00:00 C:\WINDOWS\Tasks\At44.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-10-09 18:00:00 C:\WINDOWS\Tasks\At45.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-10-07 19:00:00 C:\WINDOWS\Tasks\At46.job"
    "2007-10-07 20:00:00 C:\WINDOWS\Tasks\At47.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-10-08 21:00:00 C:\WINDOWS\Tasks\At48.job"
    - C:\WINDOWS\system32\6780jTf8.exe
    "2007-10-08 22:00:00 C:\WINDOWS\Tasks\At49.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-10-09 02:00:00 C:\WINDOWS\Tasks\At5.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-10-09 23:00:00 C:\WINDOWS\Tasks\At50.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-10-09 00:00:00 C:\WINDOWS\Tasks\At51.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-10-09 01:00:03 C:\WINDOWS\Tasks\At52.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-10-09 02:00:00 C:\WINDOWS\Tasks\At53.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-08-29 01:49:23 C:\WINDOWS\Tasks\At54.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-08-29 01:49:23 C:\WINDOWS\Tasks\At55.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-08-29 01:49:23 C:\WINDOWS\Tasks\At56.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At57.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-09-27 07:00:00 C:\WINDOWS\Tasks\At58.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-10-08 08:00:00 C:\WINDOWS\Tasks\At59.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-08-18 03:00:00 C:\WINDOWS\Tasks\At6.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-10-08 09:00:00 C:\WINDOWS\Tasks\At60.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-10-08 10:00:00 C:\WINDOWS\Tasks\At61.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-10-08 11:00:00 C:\WINDOWS\Tasks\At62.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-10-08 12:00:00 C:\WINDOWS\Tasks\At63.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-10-08 13:00:00 C:\WINDOWS\Tasks\At64.job"
    "2007-10-09 14:00:00 C:\WINDOWS\Tasks\At65.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-10-08 15:00:00 C:\WINDOWS\Tasks\At66.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-10-09 16:00:00 C:\WINDOWS\Tasks\At67.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-10-09 17:00:00 C:\WINDOWS\Tasks\At68.job"
    "2007-10-09 18:00:00 C:\WINDOWS\Tasks\At69.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-08-02 04:00:00 C:\WINDOWS\Tasks\At7.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-10-07 19:00:00 C:\WINDOWS\Tasks\At70.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-10-07 20:00:00 C:\WINDOWS\Tasks\At71.job"
    - C:\WINDOWS\system32\Q18bV8Cd.exe
    "2007-10-08 21:00:00 C:\WINDOWS\Tasks\At72.job"
    "2007-08-02 05:00:00 C:\WINDOWS\Tasks\At8.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-09-14 06:00:00 C:\WINDOWS\Tasks\At9.job"
    - C:\WINDOWS\system32\c42WKBk8.exe
    "2007-10-09 23:41:13 C:\WINDOWS\Tasks\Symantec NetDetect.job"
    .
    **************************************************************************

    catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-10-10 01:42:10
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    **************************************************************************
    .
    Completion time: 2007-10-10 1:44:50 - machine was rebooted
    .
    --- E O F ---

    et le rapport hijackthis

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:49:26, on 10/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\wifi\CW210Cfg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O2 - BHO: SWEETIE Class - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
    O2 - BHO: (no name) - {3F5E9987-FD12-408E-3612-018845CDF059} - C:\Program Files\Invyyifm\elstwaal.dll (file missing)
    O2 - BHO: EoBho Class - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: (no name) - {73264A54-ACA0-425A-A0A2-ED58369A9DA8} - C:\WINDOWS\system32\opnop.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: CAdBlocker Object - {E24AD748-155E-4254-B674-4EDF86E7E1DF} - (no file)
    O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [DLCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.dll,_RunDLLEntry@16
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: º£ÐÅÎÞÏßÍø¿¨ÉèÖóÌÐò.url
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Micro Application Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Anti-Popup - {2E071ADC-ADF8-4b4b-8ACB-EDC49E6D45A2} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - https://onedrive.live.com/
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {E862C832-3A5F-4CEB-BFAA-167B22010A71} (InfosFinder2.InfosFinder) - http://support.packardbell.com/files/activex/InfosFinder2.CAB
    O18 - Protocol: cdefs - {B5F329B4-2BBD-48F5-ADAF-9EAF2AFE37B3} - (no file)
    O20 - Winlogon Notify: iifgeec - iifgeec.dll (file missing)
    O21 - SSODL: bestreak - {874443fe-aa33-4ebf-a6ac-73208787e62d} - (no file)
    O22 - SharedTaskScheduler: {874443fe-aa33-4ebf-a6ac-73208787e62d} - bestreak - (no file)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: dlcf_device - - C:\WINDOWS\system32\dlcfcoms.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O24 - Desktop Component 1: Aqua Garden - 6423CD5F-D089-4BF1-88B6-6A359339DAFF
    0