matthschav

Désolé, je me permets de faire remonter le fil ... Matth

Bonjour à tous, Je fais appel à vos compétences car j'ai chopé un virus REG/Zapchast présent dans a.bat dont je n'arrive pas à me défaire . Je suis sous Win XP SP2. Nod 32 détecte 4 menaces ( REG/Zapchast trojan , Win32/trojanProxy.cimuz et win32/Trojan Rbot ) Je vous remercie de votre aide. Voici le rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:50:27, on 23/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\winsock32.exe C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinRAR 3.61\WinRAR.exe C:\DOCUME~1\Matth\LOCALS~1\Temp\Rar$EX00.047\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ww3.ac-creteil.fr/Lycees/77/serris/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\K-Lite Codec Pack\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [] winsock32.exe O4 - HKLM\..\RunServices: [] winsock32.exe O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WengoPhoneNG] I:\Apps\PortableWengoPhone\qtwengophone.exe -b O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1 O4 - HKUS\S-1-5-19\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [Config] %systemroot%\system32\run.cmd (User 'Default user') O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/fr/fr/importer/ImageUploader4.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{D83C4E61-920A-4E87-B648-665A5ADA2932}: NameServer = 192.168.0.250,192.168.0.150 O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: wampapache - Apache Software Foundation - C:\Program Files\wamp\apache2\bin\httpd.exe O23 - Service: wampmysqld - Unknown owner - C:\Program Files\wamp\mysql\bin\mysqld-nt.exe -- End of file - 7812 bytes Matth

Salut Bruce, Merci !! Je ne suis pas très enthousiaste à l'idée d'utiliser un AV en ligne, surtout avec ActiveX et IE... Un scan de nod 32 ne suffit pas ? En tout cas, merci du coup de main !! Matth

Salut Bruce, J'ai fait tout ce que tu avais suggéré. Voilà les logs : Pas mal de cochonneries ! Moi qui avais pour habitude de bloquer les cookies et qui les ai autorisé récemment, je suis pas déçu du voyage !! Merci d'avance Matth ________________________________________________________________________________________________________________________________________ --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 13:07:01 11/04/2007 + Résultat de l'analyse: C:\WINDOWS\system32\LegitCheckControl.dll -> Backdoor.Hupigon : Nettoyé. :mozilla.23:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\9ghy41ub.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.32:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé. :mozilla.269:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.348:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.44:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.45:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.46:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.52:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Baptiste\Cookies\baptiste@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Matth\Cookies\matth@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Matth\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Nettoyé. :mozilla.503:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé. :mozilla.65:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé. :mozilla.24:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.25:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.65:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.66:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé. :mozilla.51:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.52:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.53:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.54:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.60:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.61:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé. :mozilla.346:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé. :mozilla.107:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé. :mozilla.99:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\Matth\Cookies\matth@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. :mozilla.11:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\9ghy41ub.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.70:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé. :mozilla.34:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\9ghy41ub.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé. :mozilla.35:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\9ghy41ub.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé. :mozilla.42:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\9ghy41ub.default\cookies.txt -> TrackingCookie.Burstnet : Nettoyé. :mozilla.293:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Clickhype : Nettoyé. :mozilla.190:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Com : Nettoyé. :mozilla.10:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.6:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.7:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.8:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.9:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé. :mozilla.225:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé. :mozilla.227:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé. :mozilla.229:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Connextra : Nettoyé. :mozilla.275:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Cqcounter : Nettoyé. :mozilla.35:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Dealtime : Nettoyé. :mozilla.36:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Dealtime : Nettoyé. :mozilla.20:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.34:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\Matth\Cookies\matth@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. :mozilla.57:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. :mozilla.58:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Estat : Nettoyé. :mozilla.175:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Falkag : Nettoyé. :mozilla.33:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\9ghy41ub.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé. C:\Documents and Settings\Baptiste\Cookies\baptiste@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé. :mozilla.63:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Gemius : Nettoyé. :mozilla.75:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Gemius : Nettoyé. :mozilla.351:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.488:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Baptiste\Cookies\[email protected][1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Baptiste\Cookies\baptiste@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. :mozilla.557:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Hitslink : Nettoyé. :mozilla.47:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.48:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.90:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.91:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé. :mozilla.117:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Information : Nettoyé. :mozilla.537:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Ivwbox : Nettoyé. :mozilla.552:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé. :mozilla.553:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé. :mozilla.554:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé. :mozilla.41:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé. :mozilla.43:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé. :mozilla.72:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\Matth\Cookies\matth@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. :mozilla.21:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.27:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.27:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.28:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Overture : Nettoyé. :mozilla.15:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\9ghy41ub.default\cookies.txt -> TrackingCookie.Paypal : Nettoyé. :mozilla.54:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Paypal : Nettoyé. :mozilla.388:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé. :mozilla.389:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé. :mozilla.94:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.95:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.96:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.97:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Revsci : Nettoyé. :mozilla.218:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé. :mozilla.219:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé. :mozilla.281:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé. :mozilla.480:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé. :mozilla.481:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Sitestat : Nettoyé. :mozilla.55:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.56:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.57:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Matth\Cookies\[email protected][1].txt -> TrackingCookie.Smartadserver : Nettoyé. :mozilla.109:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé. :mozilla.110:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé. C:\Documents and Settings\Matth\Cookies\matth@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé. :mozilla.107:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.108:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.36:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\9ghy41ub.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.38:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\9ghy41ub.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.39:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\9ghy41ub.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.41:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\9ghy41ub.default\cookies.txt -> TrackingCookie.Tacoda : Nettoyé. :mozilla.17:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. :mozilla.7:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\Baptiste\Cookies\baptiste@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé. :mozilla.465:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyé. :mozilla.466:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyé. :mozilla.545:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Valueclick : Nettoyé. :mozilla.76:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.77:C:\Documents and Settings\Baptiste\Application Data\Mozilla\Firefox\Profiles\viw80j36.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Baptiste\Cookies\baptiste@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Matth\Cookies\matth@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé. :mozilla.600:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé. :mozilla.314:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé. :mozilla.506:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé. :mozilla.507:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Yadro : Nettoyé. :mozilla.37:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\9ghy41ub.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.40:C:\Documents and Settings\Marie\Application Data\Mozilla\Firefox\Profiles\9ghy41ub.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé. :mozilla.100:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. :mozilla.98:C:\Documents and Settings\Matth\Application Data\Mozilla\Firefox\Profiles\yyemc722.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé. C:\RECYCLER\S-1-5-21-1547161642-1078145449-682003330-1006\Dc81.bat -> Trojan.Zapchast : Nettoyé. Fin du rapport __________________________________________________________________________ Logfile of HijackThis v1.99.1 Scan saved at 13:14:43, on 11/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\WINDOWS\Explorer.EXE D:\Download\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036 O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{D83C4E61-920A-4E87-B648-665A5ADA2932}: NameServer = 192.168.0.250,192.168.0.150 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe ______________________________________________________________________________________________________________________

Merci Bruce lee pour la rapidité !! J'essaye tout de suite et je te tiens au courant Matth

Bonjour à tous, J'utilise NOD32 et il me détecte un trojan REG/Zapchast initié par winsyncupx.exe dans c:/a.bat à chaque démarrage qu'il met soigneusement en quarantaine. J'ai vu que vous aviez la solution pour l'éradiquer ... En tout cas, merci d'avance pour votre disponibilité et votre compétence. Matth Voilà le rapport de hijackThis : Logfile of HijackThis v1.99.1 Scan saved at 10:01:23, on 11/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\system32\winsyncupx.exe C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.exe C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN C:\Program Files\Mozilla Firefox\firefox.exe D:\Download\HijackThis.exe C:\PROGRA~1\MOZILL~2\THUNDE~1.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036 O4 - HKLM\..\Run: [FlashIcon] C:\Program Files\Generic\USB Card Reader Driver v2.3\FlashIcon.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Win Sync montr] winsyncupx.exe O4 - HKLM\..\RunServices: [Win Sync montr] winsyncupx.exe O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe" O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe O4 - Startup: UberIcon.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\UberIcon\UberIcon Manager.exe O4 - Startup: Y'z Shadow.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzShadow\YzShadow.exe O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Crystal Clear\YzToolbar\YzToolBar.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{D83C4E61-920A-4E87-B648-665A5ADA2932}: NameServer = 192.168.0.250,192.168.0.150 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe