Help!Virus!
tazen
Messages postés
7
Statut
Membre
-
anthony5151 Messages postés 10927 Statut Contributeur sécurité -
anthony5151 Messages postés 10927 Statut Contributeur sécurité -
Bonjour,
gros virus! pop-ups, blockage d'acces au menu, au task manager, bref la cata
rapport Hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47: VIRUS ALERT!, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
D:\program files\SiSWLSvc.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Tablet.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\mqsvc.exe
E:\WINDOWS\system32\mqtgsvc.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\WINDOWS\system32\sistray.EXE
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\Program Files\AVG\AVG8\avgui.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\Logitech\Video\LogiTray.exe
E:\Program Files\Keyboard Driver\OEMDriver.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\WINDOWS\system32\rundll32.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmon.exe
D:\program files\Microsoft Office\Office12\ONENOTEM.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Logitech\Video\FxSvr2.exe
E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\program files\firefox.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
E:\Documents and Settings\fiz\Desktop\HiJackThis.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - E:\WINDOWS\system32\pctspk.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - D:\program files\SiSWLSvc.exe
O23 - Service: StyleXPService - Unknown owner - E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - E:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - E:\WINDOWS\system32\ZONELABS\vsmon.exe (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///E:\WINDOWS\privacy_danger\index.htm
O24 - Desktop Component 2: (no name) - https://www.lemonde.fr/
gros virus! pop-ups, blockage d'acces au menu, au task manager, bref la cata
rapport Hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:47: VIRUS ALERT!, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
D:\program files\SiSWLSvc.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Tablet.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\mqsvc.exe
E:\WINDOWS\system32\mqtgsvc.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\WINDOWS\system32\sistray.EXE
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\Program Files\AVG\AVG8\avgui.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\Logitech\Video\LogiTray.exe
E:\Program Files\Keyboard Driver\OEMDriver.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\WINDOWS\system32\rundll32.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmon.exe
D:\program files\Microsoft Office\Office12\ONENOTEM.EXE
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Logitech\Video\FxSvr2.exe
E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
D:\program files\firefox.exe
E:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
E:\Documents and Settings\fiz\Desktop\HiJackThis.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - E:\WINDOWS\system32\pctspk.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - D:\program files\SiSWLSvc.exe
O23 - Service: StyleXPService - Unknown owner - E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - E:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - E:\WINDOWS\system32\ZONELABS\vsmon.exe (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///E:\WINDOWS\privacy_danger\index.htm
O24 - Desktop Component 2: (no name) - https://www.lemonde.fr/
A voir également:
- Help!Virus!
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
10 réponses
Il doit je pense te manquer une partie du rapport, si c'est pas le cas, c'est vraiment un gros virus !
Bonjour,
Ne fais pas tout en même temps (les scans que tu fais doivent être fait en mode sans échec)
Commence par ceci :
Télécharge SmitfraudFix : http://siri.urz.free.fr/Fix/SmitfraudFix.exe
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse stp.
Tutoriel ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php
Ne fais pas tout en même temps (les scans que tu fais doivent être fait en mode sans échec)
Commence par ceci :
Télécharge SmitfraudFix : http://siri.urz.free.fr/Fix/SmitfraudFix.exe
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse stp.
Tutoriel ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php
razen :
Fais ce que je t'ai indiqué au message 2, c'est à dire ceci :
Télécharge SmitfraudFix : http://siri.urz.free.fr/Fix/SmitfraudFix.exe
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse stp.
Tutoriel ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php
Fais ce que je t'ai indiqué au message 2, c'est à dire ceci :
Télécharge SmitfraudFix : http://siri.urz.free.fr/Fix/SmitfraudFix.exe
- Enregistre-le sur le bureau
- Double-clique sur SmitfraudFix.exe et choisis l'option 1 puis Entrée
- Un rapport sera généré, poste-le dans ta prochaine réponse stp.
Tutoriel ici pour t'aider : http://www.malekal.com//tutorial_SmitFraudfix.php
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voila
SmitFraudFix v2.332
Scan done at 16:48:22,71, 30/07/2008
Run from E:\Documents and Settings\fiz\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
D:\program files\SiSWLSvc.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Tablet.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\WINDOWS\system32\mqsvc.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\mqtgsvc.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\WINDOWS\system32\sistray.EXE
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\Logitech\Video\LogiTray.exe
E:\Program Files\Keyboard Driver\OEMDriver.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmon.exe
D:\program files\Microsoft Office\Office12\ONENOTEM.EXE
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\Program Files\Logitech\Video\FxSvr2.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\WINDOWS\system32\wscntfy.exe
D:\program files\firefox.exe
E:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» E:\
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\fiz
»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\fiz\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\fiz\FAVORI~1
E:\DOCUME~1\fiz\FAVORI~1\Error Cleaner.url FOUND !
E:\DOCUME~1\fiz\FAVORI~1\Privacy Protector.url FOUND !
E:\DOCUME~1\fiz\FAVORI~1\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
E:\DOCUME~1\fiz\Desktop\Error Cleaner.url FOUND !
E:\DOCUME~1\fiz\Desktop\Privacy Protector.url FOUND !
E:\DOCUME~1\fiz\Desktop\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///E:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="https://www.lemonde.fr/"
"SubscribedURL"="https://www.lemonde.fr/"
"FriendlyName"=""
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: nfavxwdbbfk.dll
BHO: QXK Olive - {2FAD2D0E-8EDC-42D5-99DD-CF65D2D89B22}
TypeLib: {8ACD7E96-7007-4E40-B63D-A940B8870EA0}
Interface: {C6911E56-9377-4586-AEA1-CCAE94ACE0F3}
Interface: {EDC19163-AA7A-4C44-ACF4-A06676DCF9B2}
[!] Suspicious: fdkowvbp.dll
Toolbar: fdkowvbp - {E82E9D76-F0A8-4286-ADB5-52FFE3E79868}
TypeLib: {F7A81A56-A6C9-4BA3-8F41-070C843C2EDE}
Interface: {11D885D0-3D35-4D9A-9BEA-487BAD7A0D2B}
Classe: fdkowvbp.bnlv
Classe: fdkowvbp.ToolBar.1
[!] Suspicious: eqvwamkl.dll
SSODL: eqvwamkl - {874C84D3-AB95-4711-82D5-2DD1622C0482}
[!] Suspicious: wnslvxtf.dll
SSODL: wnslvxtf - {51470D6A-CA63-4068-ADE4-7EA2CDD4D08C}
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="E:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL,avgrsstx.dll,"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="E:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: 802.11g USB 2.0 Wireless LAN Adapter #4 - Packet Scheduler Miniport
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
Description: 802.11g USB 2.0 Wireless LAN Adapter #4 - Packet Scheduler Miniport
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
Description: 802.11g USB 2.0 Wireless LAN Adapter #4 - Packet Scheduler Miniport
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{588020B8-2C10-48E9-B622-FFED7C34660F}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1AEC299-12D1-4CFA-B669-69C283D63D78}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DC7E1188-E953-4C32-869D-B87BDCFFE027}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1C00B563-2F15-4DCA-A473-71E5CE86252B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6C0C4EEE-18ED-4707-AA25-A8534160FCED}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
SmitFraudFix v2.332
Scan done at 16:48:22,71, 30/07/2008
Run from E:\Documents and Settings\fiz\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is FAT32
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
D:\program files\SiSWLSvc.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Tablet.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\WINDOWS\system32\mqsvc.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\mqtgsvc.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\WINDOWS\system32\sistray.EXE
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\Logitech\Video\LogiTray.exe
E:\Program Files\Keyboard Driver\OEMDriver.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\WINDOWS\system32\ctfmon.exe
D:\program files\Microsoft Office\Office12\ONENOTEM.EXE
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\Program Files\Logitech\Video\FxSvr2.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\WINDOWS\system32\wscntfy.exe
D:\program files\firefox.exe
E:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» E:\
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\fiz
»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\fiz\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\fiz\FAVORI~1
E:\DOCUME~1\fiz\FAVORI~1\Error Cleaner.url FOUND !
E:\DOCUME~1\fiz\FAVORI~1\Privacy Protector.url FOUND !
E:\DOCUME~1\fiz\FAVORI~1\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
E:\DOCUME~1\fiz\Desktop\Error Cleaner.url FOUND !
E:\DOCUME~1\fiz\Desktop\Privacy Protector.url FOUND !
E:\DOCUME~1\fiz\Desktop\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///E:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]
"Source"="https://www.lemonde.fr/"
"SubscribedURL"="https://www.lemonde.fr/"
"FriendlyName"=""
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
+--------------------------------------------------+
[!] Suspicious: nfavxwdbbfk.dll
BHO: QXK Olive - {2FAD2D0E-8EDC-42D5-99DD-CF65D2D89B22}
TypeLib: {8ACD7E96-7007-4E40-B63D-A940B8870EA0}
Interface: {C6911E56-9377-4586-AEA1-CCAE94ACE0F3}
Interface: {EDC19163-AA7A-4C44-ACF4-A06676DCF9B2}
[!] Suspicious: fdkowvbp.dll
Toolbar: fdkowvbp - {E82E9D76-F0A8-4286-ADB5-52FFE3E79868}
TypeLib: {F7A81A56-A6C9-4BA3-8F41-070C843C2EDE}
Interface: {11D885D0-3D35-4D9A-9BEA-487BAD7A0D2B}
Classe: fdkowvbp.bnlv
Classe: fdkowvbp.ToolBar.1
[!] Suspicious: eqvwamkl.dll
SSODL: eqvwamkl - {874C84D3-AB95-4711-82D5-2DD1622C0482}
[!] Suspicious: wnslvxtf.dll
SSODL: wnslvxtf - {51470D6A-CA63-4068-ADE4-7EA2CDD4D08C}
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="E:\\PROGRA~1\\Google\\GOOGLE~1\\GOEC62~1.DLL,avgrsstx.dll,"
"LoadAppInit_DLLs"=dword:00000001
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="E:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: 802.11g USB 2.0 Wireless LAN Adapter #4 - Packet Scheduler Miniport
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
Description: 802.11g USB 2.0 Wireless LAN Adapter #4 - Packet Scheduler Miniport
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
Description: 802.11g USB 2.0 Wireless LAN Adapter #4 - Packet Scheduler Miniport
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{588020B8-2C10-48E9-B622-FFED7C34660F}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{B1AEC299-12D1-4CFA-B669-69C283D63D78}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DC7E1188-E953-4C32-869D-B87BDCFFE027}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{1C00B563-2F15-4DCA-A473-71E5CE86252B}: NameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6C0C4EEE-18ED-4707-AA25-A8534160FCED}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
1) Ok, maintenant, démarre en mode sans échec :
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du PC sans t’arrêter (avant le logo windows)
Un menu va apparaitre, déplace-toi avec les flèches du clavier sur Démarrer en mode sans échec puis tape Entrée.
Une fois sur le bureau, s’il n’y a pas toutes les couleurs et autres, c’est normal !
Relance le programme SmitfraudFix.
Cette fois, choisis l’option 2, répond oui à tous;
A la fin, sauvegarde le rapport, redémarre en mode normal, copie-colle le rapport sauvegardé sur le forum.
2) Pour MalwareByte's, il faut faire le scan en mode sans échec sinon c'est inutile... Je t'envoie la procédure complète :
Lance MalwareBytes et mets le à jour
Redémarre en "Mode sans échec" : redémarre ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec".
Choisis ta session habituelle
Lance Malwarebyte's Anti-Malware
- Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
- Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
- A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
- Suppression des éléments détectés --> clique sur Supprimer la sélection
- S'il t'es demandé de redémarrer, clique sur Yes
Poste le rapport de scan après la suppression ici
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du PC sans t’arrêter (avant le logo windows)
Un menu va apparaitre, déplace-toi avec les flèches du clavier sur Démarrer en mode sans échec puis tape Entrée.
Une fois sur le bureau, s’il n’y a pas toutes les couleurs et autres, c’est normal !
Relance le programme SmitfraudFix.
Cette fois, choisis l’option 2, répond oui à tous;
A la fin, sauvegarde le rapport, redémarre en mode normal, copie-colle le rapport sauvegardé sur le forum.
2) Pour MalwareByte's, il faut faire le scan en mode sans échec sinon c'est inutile... Je t'envoie la procédure complète :
Lance MalwareBytes et mets le à jour
Redémarre en "Mode sans échec" : redémarre ton ordinateur et tapote sur la touche F8 jusqu'à l'affichage du menu des options avancées de Windows, et sélectionne "Mode sans échec".
Choisis ta session habituelle
Lance Malwarebyte's Anti-Malware
- Puis va dans l'onglet "Recherche", coche "Exécuter un examen complet" puis "Rechercher"
- Sélectionne tes disques durs" puis clique sur "Lancer l’examen"
- A la fin du scan, clique sur Afficher les résultats puis sur Enregistrer le rapport
- Suppression des éléments détectés --> clique sur Supprimer la sélection
- S'il t'es demandé de redémarrer, clique sur Yes
Poste le rapport de scan après la suppression ici
ca arrive
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10: VIRUS ALERT!, on 30/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
E:\Program Files\Bonjour\mDNSResponder.exe
D:\program files\SiSWLSvc.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Tablet.exe
E:\WINDOWS\System32\MsPMSPSv.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\mqsvc.exe
E:\WINDOWS\system32\mqtgsvc.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
E:\WINDOWS\system32\sistray.EXE
E:\Program Files\Microsoft IntelliPoint\point32.exe
E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\Program Files\Logitech\Video\LogiTray.exe
E:\Program Files\Keyboard Driver\OEMDriver.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
E:\PROGRA~1\AVG\AVG8\avgtray.exe
E:\PROGRA~1\AVG\AVG8\avgrsx.exe
E:\WINDOWS\system32\ctfmon.exe
D:\program files\Microsoft Office\Office12\ONENOTEM.EXE
E:\Program Files\Logitech\Video\FxSvr2.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\WINDOWS\system32\wscntfy.exe
E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
E:\Documents and Settings\fiz\Desktop\HiJackThis.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroDist.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: fdkowvbp - {E82E9D76-F0A8-4286-ADB5-52FFE3E79868} - E:\WINDOWS\fdkowvbp.dll
O4 - HKLM\..\Run: [SiSUSBRG] E:\WINDOWS\sisUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "E:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SiS Tray] E:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [IntelliPoint] "E:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KBDriver] E:\Program Files\Keyboard Driver\OEMDriver.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [AVG8_TRAY] E:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = D:\program files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Utility Tray.lnk = E:\WINDOWS\system32\sistray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Google Search - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Append to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Backward Links - res://E:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://E:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://E:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://E:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - E:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - E:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - E:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: BlogJet This! - {A8194303-0DF7-4FB7-8A1D-8EABDC95F88C} - E:\Documents and Settings\yola\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js
O9 - Extra 'Tools' menuitem: BlogJet This! - {A8194303-0DF7-4FB7-8A1D-8EABDC95F88C} - E:\Documents and Settings\yola\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - E:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: schmap-help - (no CLSID) - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: E:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL,avgrsstx.dll,
O21 - SSODL: eqvwamkl - {874C84D3-AB95-4711-82D5-2DD1622C0482} - E:\WINDOWS\eqvwamkl.dll
O21 - SSODL: wnslvxtf - {51470D6A-CA63-4068-ADE4-7EA2CDD4D08C} - E:\WINDOWS\wnslvxtf.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - E:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Desktop Manager 5.7.801.1629 (GoogleDesktopManager-010108-205858) - Google - E:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - E:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - E:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - Unknown owner - E:\WINDOWS\system32\pctspk.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - D:\program files\SiSWLSvc.exe
O23 - Service: StyleXPService - Unknown owner - E:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - E:\WINDOWS\system32\Tablet.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - E:\WINDOWS\system32\ZONELABS\vsmon.exe (file missing)
O24 - Desktop Component 0: Privacy Protection - file:///E:\WINDOWS\privacy_danger\index.htm
O24 - Desktop Component 2: (no name) - https://www.lemonde.fr/