blackcrichton

Le scan Antivir vient de se terminer, voici le rapport qui vient d'être édité : Avira AntiVir Personal Report file date: lundi 11 août 2008 19:50 Scanning for 1546059 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: HILAIRE-03C0AE3 Version information: BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15 ANTIVIR2.VDF : 7.0.5.207 2316800 Bytes 04/08/2008 12:09:22 ANTIVIR3.VDF : 7.0.5.238 215552 Bytes 11/08/2008 12:09:24 Engineversion : 8.1.1.19 AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50 AESCRIPT.DLL : 8.1.0.63 311673 Bytes 11/08/2008 12:09:41 AESCN.DLL : 8.1.0.23 119156 Bytes 11/08/2008 12:09:40 AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50 AEPACK.DLL : 8.1.2.1 364917 Bytes 11/08/2008 12:09:39 AEOFFICE.DLL : 8.1.0.21 192891 Bytes 11/08/2008 12:09:37 AEHEUR.DLL : 8.1.0.47 1368437 Bytes 11/08/2008 12:09:36 AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50 AEGEN.DLL : 8.1.0.35 315764 Bytes 11/08/2008 12:09:29 AEEMU.DLL : 8.1.0.7 430452 Bytes 11/08/2008 12:09:27 AECORE.DLL : 8.1.1.8 172406 Bytes 11/08/2008 12:09:26 AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 11/08/2008 12:09:25 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 11 août 2008 19:50 The scan of running processes will be started Scan process 'avwsc.exe' - '0' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process '~e5.0001' - '1' Module(s) have been scanned Scan process 'Warhammer.exe' - '1' Module(s) have been scanned Scan process 'Watch.exe' - '1' Module(s) have been scanned Scan process 'hposts08.exe' - '1' Module(s) have been scanned Scan process 'COCIManager.exe' - '1' Module(s) have been scanned Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned Scan process 'PollingModule.exe' - '1' Module(s) have been scanned Scan process 'Inactivity.exe' - '1' Module(s) have been scanned Scan process 'Toaster.exe' - '1' Module(s) have been scanned Scan process 'ComComp.exe' - '1' Module(s) have been scanned Scan process 'hpoevm08.exe' - '1' Module(s) have been scanned Scan process 'EspaceWanadoo.exe' - '1' Module(s) have been scanned Scan process 'LVComSX.exe' - '1' Module(s) have been scanned Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned Scan process 'ntvdm.exe' - '1' Module(s) have been scanned Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned Scan process 'hpotdd01.exe' - '1' Module(s) have been scanned Scan process 'hpohmr08.exe' - '1' Module(s) have been scanned Scan process 'dslmon.exe' - '1' Module(s) have been scanned Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'QuickCam10.exe' - '1' Module(s) have been scanned Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'CnxDslTb.exe' - '1' Module(s) have been scanned Scan process 'Disk_Monitor.exe' - '1' Module(s) have been scanned Scan process 'capFax.exe' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'NvMixerTray.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'MDM.EXE' - '1' Module(s) have been scanned Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 55 processes with 55 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD3 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Master boot sector HD4 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '70' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Applications Configuration\Internet\Download Accelerator Plus\dap53lang.exe [DETECTION] Contains recognition pattern of the DR/Dap.C.2 dropper [NOTE] The file was moved to '49107cc5.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\file\1.0\BlackBox.class-3d05e309-1efeb0d4.class [DETECTION] Is the TR/Java-ClassLdr.C Trojan [NOTE] The file was moved to '49017df0.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\file\1.0\BlackBox.class-40576dba-46bee7ad.class [DETECTION] Is the TR/Java-ClassLdr.C Trojan [NOTE] The file was moved to '49017df2.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\file\1.0\BlackBox.class-75f7bc73-6fc5ec4f.class [DETECTION] Is the TR/Java-ClassLdr.C Trojan [NOTE] The file was moved to '49017df4.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\file\1.0\Dummy.class-34ece87c-76e45a69.class [DETECTION] Is the TR/ClassLoader.D Trojan [NOTE] The file was moved to '490d7e00.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\file\1.0\Dummy.class-3a665339-4819ea29.class [DETECTION] Is the TR/ClassLoader.D Trojan [NOTE] The file was moved to '490d7e01.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\file\1.0\Dummy.class-44927f52-1f0ca52c.class [DETECTION] Is the TR/ClassLoader.D Trojan [NOTE] The file was moved to '490d7e03.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\file\1.0\Dummy.class-70dda463-2de566eb.class [DETECTION] Is the TR/ClassLoader.D Trojan [NOTE] The file was moved to '490d7e05.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\file\1.0\java.class-2fd13b66-3364b1ae.class [DETECTION] Is the TR/Dldr.Java.Agent.D Trojan [NOTE] The file was moved to '49167df3.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\file\1.0\VerifierBug.class-35d9afb9-605f9a1d.class [DETECTION] Is the TR/Java.ByteVerify Trojan [NOTE] The file was moved to '49127dfc.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\file\1.0\VerifierBug.class-44e1bd12-13a517b8.class [DETECTION] Is the TR/Java.ByteVerify Trojan [NOTE] The file was moved to '49127dfd.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\file\1.0\VerifierBug.class-63f45b68-6f8f866b.class [DETECTION] Is the TR/Java.ByteVerify Trojan [NOTE] The file was moved to '49127dff.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\file\1.0\VerifierBug.class-6e1d660f-6b54a366.class [DETECTION] Is the TR/Java.ByteVerify Trojan [NOTE] The file was moved to '49127e01.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\arr3.jar-53b20017-57011de6.0ip [0] Archive type: ZIP --> Gummy.class [DETECTION] Contains recognition pattern of the JAVA/ClassLdr.I.2 Java virus --> Counter.class [DETECTION] Contains recognition pattern of the JAVA/ClassLdr.I.1 Java virus --> VerifierBug.class [DETECTION] Is the TR/Femad.Java.3 Trojan --> Beyond.class [DETECTION] Is the TR/Java.ClassLoad.L Trojan [NOTE] The file was moved to '49127e17.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\arr3.jar-53b20018-5a40b49c.0ip [0] Archive type: ZIP --> Gummy.class [DETECTION] Contains recognition pattern of the JAVA/ClassLdr.I.2 Java virus --> Counter.class [DETECTION] Contains recognition pattern of the JAVA/ClassLdr.I.1 Java virus --> VerifierBug.class [DETECTION] Is the TR/Femad.Java.3 Trojan --> Beyond.class [DETECTION] Is the TR/Java.ClassLoad.L Trojan [NOTE] The file was moved to '49127e1e.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\count.jar-1c707158-30e407f2.0ip [0] Archive type: ZIP --> BlackBox.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus --> VerifierBug.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus --> Dummy.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus --> Beyond.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus [NOTE] The file was moved to '49157e1f.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\count.jar-1f6dd35-5c217bd7.0ip [0] Archive type: ZIP --> BlackBox.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus --> VerifierBug.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus --> Dummy.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus --> Beyond.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus [NOTE] The file was moved to '49157e21.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\count.jar-22aaed-5bb3d890.0ip [0] Archive type: ZIP --> BlackBox.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus --> VerifierBug.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus --> Dummy.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus --> Beyond.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus [NOTE] The file was moved to '49157e24.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\count.jar-39584ee5-26ec3e07.0ip [0] Archive type: ZIP --> BlackBox.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus --> VerifierBug.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus --> Dummy.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus --> Beyond.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus [NOTE] The file was moved to '49157e26.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\count.jar-39585121-6f2fd8b5.0ip [0] Archive type: ZIP --> BlackBox.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus --> VerifierBug.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus --> Dummy.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus --> Beyond.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus [NOTE] The file was moved to '49157e2c.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\count.jar-39585123-77c511ff.0ip [0] Archive type: ZIP --> BlackBox.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus --> VerifierBug.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus --> Dummy.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus --> Beyond.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus [NOTE] The file was moved to '49157e2e.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\count.jar-3df420c8-361add95.0ip [0] Archive type: ZIP --> BlackBox.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus --> VerifierBug.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus --> Dummy.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus --> Beyond.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus [NOTE] The file was moved to '49157e31.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\count.jar-411310c0-5bc60560.0ip [0] Archive type: ZIP --> BlackBox.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus --> VerifierBug.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus --> Dummy.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus --> Beyond.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus [NOTE] The file was moved to '49157e33.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\count.jar-58b7986c-2c60f902.0ip [0] Archive type: ZIP --> BlackBox.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus --> VerifierBug.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus --> Dummy.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus --> Beyond.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus [NOTE] The file was moved to '49157e35.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\count.jar-5b453dbd-38ea68b2.0ip [0] Archive type: ZIP --> BlackBox.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus --> VerifierBug.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus --> Dummy.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus --> Beyond.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus [NOTE] The file was moved to '49157e37.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\count.jar-612a1257-1c65b166.0ip [0] Archive type: ZIP --> BlackBox.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus --> VerifierBug.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus --> Dummy.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus --> Beyond.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus [NOTE] The file was moved to '49157e39.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\count.jar-6321b6a5-4a6e8214.0ip [0] Archive type: ZIP --> BlackBox.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus --> VerifierBug.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus --> Dummy.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus --> Beyond.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus [NOTE] The file was moved to '49157e3b.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\count.jar-692d3f5f-7d54694f.0ip [0] Archive type: ZIP --> BlackBox.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus --> VerifierBug.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus --> Dummy.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus --> Beyond.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus [NOTE] The file was moved to '49157e3d.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\count.jar-6b6c0dd1-18b43291.0ip [0] Archive type: ZIP --> BlackBox.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus --> VerifierBug.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus --> Dummy.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus --> Beyond.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus [NOTE] The file was moved to '49157e3f.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\count.jar-76604cc2-6d7d90e8.0ip [0] Archive type: ZIP --> BlackBox.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus --> VerifierBug.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus --> Dummy.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus --> Beyond.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus [NOTE] The file was moved to '49157e41.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\count.jar-7cc56843-25410083.0ip [0] Archive type: ZIP --> BlackBox.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus --> VerifierBug.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus --> Dummy.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus --> Beyond.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus [NOTE] The file was moved to '49157e42.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\count.jar-abadc8d-45975868.0ip [0] Archive type: ZIP --> BlackBox.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus --> VerifierBug.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus --> Dummy.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus --> Beyond.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus [NOTE] The file was moved to '49157e44.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\count.jar-c99947e-632a74b6.0ip [0] Archive type: ZIP --> BlackBox.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.2 Java virus --> VerifierBug.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.4 Java virus --> Dummy.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.3 Java virus --> Beyond.class [DETECTION] Contains recognition pattern of the JAVA/BlackBox.AA.1 Java virus [NOTE] The file was moved to '49157e46.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\crtdcghcn.jar-36aa525e-1fd98041.0ip [0] Archive type: ZIP --> BaaaaBaa.class [DETECTION] Is the TR/Java.Downloader.Gen Trojan --> VaaaaaaaBaa.class [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.FA Java virus --> Dvnny.class [DETECTION] Contains recognition pattern of the JAVA/Exploit.By.A.2 Java virus --> Baaaaa.class [DETECTION] Contains recognition pattern of the JAVA/Exploit.By.A.1 Java virus --> Dex.class [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.GC Java virus --> Dix.class [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.GD Java virus --> Dux.class [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.GE Java virus [NOTE] The file was moved to '49147e4b.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\crtdcghcn.jar-490bd774-32c6c725.0ip [0] Archive type: ZIP --> BaaaaBaa.class [DETECTION] Is the TR/Java.Downloader.Gen Trojan --> VaaaaaaaBaa.class [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.FA Java virus --> Dvnny.class [DETECTION] Contains recognition pattern of the JAVA/Exploit.By.A.2 Java virus --> Baaaaa.class [DETECTION] Contains recognition pattern of the JAVA/Exploit.By.A.1 Java virus --> Dex.class [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.GC Java virus --> Dix.class [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.GD Java virus --> Dux.class [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.GE Java virus [NOTE] The file was moved to '49147e4d.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\crtdcghcn.jar-cbb74d8-100196c3.0ip [0] Archive type: ZIP --> BaaaaBaa.class [DETECTION] Is the TR/Java.Downloader.Gen Trojan --> VaaaaaaaBaa.class [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.FA Java virus --> Dvnny.class [DETECTION] Contains recognition pattern of the JAVA/Exploit.By.A.2 Java virus --> Baaaaa.class [DETECTION] Contains recognition pattern of the JAVA/Exploit.By.A.1 Java virus --> Dex.class [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.GC Java virus --> Dix.class [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.GD Java virus --> Dux.class [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.GE Java virus [NOTE] The file was moved to '49147e6a.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\ie0601a.jar-2d1f118a-754d13ce.0ip [0] Archive type: ZIP --> SandBoxEscape.class [DETECTION] Contains recognition pattern of the EXP/Java.Bytverif.3 exploit --> SuperMSClassLoader.class [DETECTION] Contains recognition pattern of the EXP/Java.Bytverif.4 exploit --> NewURLClassLoader.class [DETECTION] Contains recognition pattern of the EXP/Java.Bytverif.2 exploit --> Installer.class [DETECTION] Contains recognition pattern of the EXP/Java.Bytverif.1 exploit [NOTE] The file was moved to '48d07e63.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\ie0601a.jar-2d1f1292-5c532545.0ip [0] Archive type: ZIP --> SandBoxEscape.class [DETECTION] Contains recognition pattern of the EXP/Java.Bytverif.3 exploit --> SuperMSClassLoader.class [DETECTION] Contains recognition pattern of the EXP/Java.Bytverif.4 exploit --> NewURLClassLoader.class [DETECTION] Contains recognition pattern of the EXP/Java.Bytverif.2 exploit --> Installer.class [DETECTION] Contains recognition pattern of the EXP/Java.Bytverif.1 exploit [NOTE] The file was moved to '48d07e66.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\java.jar-95230ec-5f3006e7.0ip [0] Archive type: ZIP --> GetAccess.class [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AJ Java virus --> Installer.class [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AK Java virus --> NewSecurityClassLoader.class [DETECTION] Contains recognition pattern of the JAVA/ByteVerify.G.2 Java virus --> NewURLClassLoader.class [DETECTION] Contains recognition pattern of the JAVA/ByteVerify.G.3 Java virus [NOTE] The file was moved to '49167e64.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\java.jar-9523824-10dec110.0ip [0] Archive type: ZIP --> GetAccess.class [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AJ Java virus --> Installer.class [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AK Java virus --> NewSecurityClassLoader.class [DETECTION] Contains recognition pattern of the JAVA/ByteVerify.G.2 Java virus --> NewURLClassLoader.class [DETECTION] Contains recognition pattern of the JAVA/ByteVerify.G.3 Java virus [NOTE] The file was moved to '49167e66.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\java.jar-95238ad-1076d3d4.0ip [0] Archive type: ZIP --> GetAccess.class [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AJ Java virus --> Installer.class [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AK Java virus --> NewSecurityClassLoader.class [DETECTION] Contains recognition pattern of the JAVA/ByteVerify.G.2 Java virus --> NewURLClassLoader.class [DETECTION] Contains recognition pattern of the JAVA/ByteVerify.G.3 Java virus [NOTE] The file was moved to '49167e68.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\java.jar-95238ad-69e6682b.0ip [0] Archive type: ZIP --> GetAccess.class [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AJ Java virus --> Installer.class [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AK Java virus --> NewSecurityClassLoader.class [DETECTION] Contains recognition pattern of the JAVA/ByteVerify.G.2 Java virus --> NewURLClassLoader.class [DETECTION] Contains recognition pattern of the JAVA/ByteVerify.G.3 Java virus [NOTE] The file was moved to '49167e6a.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\java.jar-9523932-4b03bc2f.0ip [0] Archive type: ZIP --> GetAccess.class [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AJ Java virus --> Installer.class [DETECTION] Contains recognition pattern of the JAVA/OpenConnect.AK Java virus --> NewSecurityClassLoader.class [DETECTION] Contains recognition pattern of the JAVA/ByteVerify.G.2 Java virus --> NewURLClassLoader.class [DETECTION] Contains recognition pattern of the JAVA/ByteVerify.G.3 Java virus [NOTE] The file was moved to '49167e6c.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\loaderadv413.jar-140362a6-52089091.0ip [0] Archive type: ZIP --> Matrix.class [DETECTION] Contains recognition pattern of the JAVA/Beyond.D3 Java virus --> Counter.class [DETECTION] Contains recognition pattern of the JS/OpenConnect.J.1 Java script virus --> Dummy.class [DETECTION] Is the TR/Forten.Java.2 Trojan --> Parser.class [DETECTION] Contains recognition pattern of the JS/OpenConnect.J.3 Java script virus [NOTE] The file was moved to '49017e7c.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\loaderadv427.jar-15f0983b-2f165001.0ip [0] Archive type: ZIP --> Matrix.class [DETECTION] Contains recognition pattern of the JAVA/Beyond.D3 Java virus --> Counter.class [DETECTION] Contains recognition pattern of the JS/OpenConnect.J.1 Java script virus --> Dummy.class [DETECTION] Is the TR/Forten.Java.2 Trojan --> Parser.class [DETECTION] Contains recognition pattern of the JS/OpenConnect.J.3 Java script virus [NOTE] The file was moved to '49017e8f.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\loaderadv470.jar-1e162797-52401af2.0ip [0] Archive type: ZIP --> Matrix.class [DETECTION] Contains recognition pattern of the JAVA/Beyond.D3 Java virus --> Counter.class [DETECTION] Contains recognition pattern of the JS/OpenConnect.J.1 Java script virus --> Dummy.class [DETECTION] Is the TR/Forten.Java.2 Trojan --> Parser.class [DETECTION] Contains recognition pattern of the JS/OpenConnect.J.3 Java script virus [NOTE] The file was moved to '49017e94.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\loaderadv557.jar-4ff55de2-20f06ca4.0ip [0] Archive type: ZIP --> Matrix.class [DETECTION] Contains recognition pattern of the JAVA/Beyond.D3 Java virus --> Counter.class [DETECTION] Contains recognition pattern of the JS/OpenConnect.J.1 Java script virus --> Dummy.class [DETECTION] Is the TR/Forten.Java.2 Trojan --> Parser.class [DETECTION] Contains recognition pattern of the JS/OpenConnect.J.3 Java script virus [NOTE] The file was moved to '49017e99.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\loaderadv557.jar-4ff55de2-2b35ea0c.0ip [0] Archive type: ZIP --> Matrix.class [DETECTION] Contains recognition pattern of the JAVA/Beyond.D3 Java virus --> Counter.class [DETECTION] Contains recognition pattern of the JS/OpenConnect.J.1 Java script virus --> Dummy.class [DETECTION] Is the TR/Forten.Java.2 Trojan --> Parser.class [DETECTION] Contains recognition pattern of the JS/OpenConnect.J.3 Java script virus [NOTE] The file was moved to '49017e9c.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\ms-counter.jar-713f0c9a-2a525383.0ip [0] Archive type: ZIP --> BaaaaBaa.class [DETECTION] Is the TR/Java.Downloader.Gen Trojan --> VaaaaaaaBaa.class [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.FA Java virus --> Dvnny.class [DETECTION] Contains recognition pattern of the JAVA/Exploit.By.A.2 Java virus --> Baaaaa.class [DETECTION] Contains recognition pattern of the JAVA/Exploit.By.A.1 Java virus --> Dex.class [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.GC Java virus --> Dix.class [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.GD Java virus --> Dux.class [DETECTION] Contains recognition pattern of the JAVA/ClassLoader.GE Java virus [NOTE] The file was moved to '48cd7ea2.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\ms0311.jar-10d27a78-3f3492df.0ip [0] Archive type: ZIP --> MagicApplet.class [DETECTION] Contains recognition pattern of the EXP/Java.Bytver.5.B exploit --> OwnClassLoader.class [DETECTION] Contains recognition pattern of the EXP/ByteVerify exploit --> ProxyClassLoader.class [DETECTION] Contains recognition pattern of the EXP/Java.Bytver.5.A exploit --> Installer.class [DETECTION] Is the TR/Dldr.Java.OpenConnection.AO Trojan [NOTE] The file was moved to '48d07ea5.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\ms0311.jar-24ad084f-20e40ac8.0ip [0] Archive type: ZIP --> TakePrivileges.class [DETECTION] Contains recognition pattern of the EXP/ByteVerify.S.2 exploit --> SuperMSClassLoader.class [DETECTION] Contains recognition pattern of the EXP/ByteVeri-V exploit --> NewURLClassLoader.class [DETECTION] Contains recognition pattern of the EXP/Java.Bytverif.2 exploit --> Installer.class [DETECTION] Contains recognition pattern of the EXP/ByteVerify.S.1 exploit [NOTE] The file was moved to '48d07ea7.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\ms0311.jar-24ad084f-2d9d297a.0ip [0] Archive type: ZIP --> TakePrivileges.class [DETECTION] Contains recognition pattern of the EXP/ByteVerify.S.2 exploit --> SuperMSClassLoader.class [DETECTION] Contains recognition pattern of the EXP/ByteVeri-V exploit --> NewURLClassLoader.class [DETECTION] Contains recognition pattern of the EXP/Java.Bytverif.2 exploit --> Installer.class [DETECTION] Contains recognition pattern of the EXP/ByteVerify.S.1 exploit [NOTE] The file was moved to '48d07ea8.qua'! C:\Documents and Settings\Sebastien\.jpi_cache\jar\1.0\ms0311.jar-24ad084f-7bd9ca98.0ip [0] Archive type: ZIP --> TakePrivileges.class [DETECTION] Contains recognition pattern of the EXP/ByteVerify.S.2 exploit --> SuperMSClassLoader.class [DETECTION] Contains recognition pattern of the EXP/ByteVeri-V exploit --> NewURLClassLoader.class [DETECTION] Contains recognition pattern of the EXP/Java.Bytverif.2 exploit --> Installer.class [DETECTION] Contains recognition pattern of the EXP/ByteVerify.S.1 exploit [NOTE] The file was moved to '48d07eaa.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\sfsrv.exe [0] Archive type: RAR SFX (self extracting) --> 1.exe [DETECTION] Contains recognition pattern of the PHISH/FraudTool.Agent.AW phishing file/email --> 2.exe [DETECTION] Is the TR/Dldr.FraudLoad.vaxp Trojan --> 3.exe [DETECTION] Is the TR/Agent.yid Trojan --> 4.exe [DETECTION] Is the TR/Agent.yie Trojan [DETECTION] Contains recognition pattern of the DR/FraudTool.WinAntiVirus.AT dropper --> 7.exe [DETECTION] Is the TR/Dldr.Agen.106496 Trojan [NOTE] The file was moved to '49137f4a.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\NI.UWA6PV_0001_N76M1904\setup.exe [DETECTION] Is the TR/Fakealert.EB.1 Trojan [NOTE] The file was moved to '49147f82.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Répertoire temporaire 2 pour mako.zip\mako.exe [0] Archive type: RAR SFX (self extracting) --> mako\MOTV95T.EXE [DETECTION] Is the TR/FlashKiller.C Trojan --> mako\TS_MAKO.EXE [DETECTION] Is the TR/FlashKiller.C Trojan [NOTE] The file was moved to '490b7f89.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\2LITKX4R\123[1].htm [DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus [NOTE] The file was moved to '48d37fca.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\2LITKX4R\3objectf[1].htm [DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus [NOTE] The file was moved to '4902800a.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\2LITKX4R\index[5].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '49048016.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\2LITKX4R\p[1].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '48d18009.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\2LITKX4R\su[2].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '48fb8028.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\AG5LJN7V\abc[1].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '4903801f.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\AG5LJN7V\credit[1].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '49058033.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\AG5LJN7V\dkporn.sexpornhost[1].htm [DETECTION] Contains recognition pattern of the HTML/Click.Agent.J HTML script virus [NOTE] The file was moved to '4910802f.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\AG5LJN7V\formpost[1].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '49128035.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\AG5LJN7V\formpost[2].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '49128037.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\AG5LJN7V\lloll[1].htm [DETECTION] Contains recognition pattern of the HTML/Crypted.Gen HTML script virus [NOTE] The file was moved to '490f8039.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\AG5LJN7V\porta1[1].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '4912803f.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\AG5LJN7V\ptp_topbanner[1].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '49108047.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\AG5LJN7V\p[2].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '48d2802f.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\AG5LJN7V\su[1].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '48fb804c.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBWXQLG3\3____ANI2[1].0TM [DETECTION] Contains recognition pattern of the HTML/Shellcode.Gen HTML script virus [NOTE] The file was moved to '48ff851a.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBWXQLG3\ied[1].txt [0] Archive type: CAB (Microsoft) --> ied.exe [DETECTION] Is the TR/Dldr.Mediket.DT.4 Trojan [NOTE] The file was moved to '49048528.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBWXQLG3\Mature[1].htm [DETECTION] Contains recognition pattern of the HTML/Click.Agent.J HTML script virus [NOTE] The file was moved to '49148528.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBWXQLG3\orgreplica2[1].zip [DETECTION] Contains recognition pattern of the EXP/Ani.Gen exploit [NOTE] The file was moved to '4907853c.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBWXQLG3\ptp_topbanner[1].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '4910854c.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\MBWXQLG3\ptp_topbanner[2].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '49108551.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZOXT7W0K\3object[1].htm [DETECTION] Contains recognition pattern of the HTML/Malicious.ActiveX.Gen HTML script virus [NOTE] The file was moved to '490285b8.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZOXT7W0K\ampi[1].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '491085b9.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZOXT7W0K\index[14].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '490485c1.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZOXT7W0K\porta1[2].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '491285c8.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZOXT7W0K\portal[3].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '491285ca.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZOXT7W0K\p[3].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '48d385b8.qua'! C:\Documents and Settings\Sebastien\Local Settings\Temp\Temporary Internet Files\Content.IE5\ZOXT7W0K\result[1].htm [DETECTION] Contains recognition pattern of the HTML/Infected.WebPage.Gen HTML script virus [NOTE] The file was moved to '491385c4.qua'! C:\Documents and Settings\Sebastien\Mes documents\hilaire.estelle\contact-internet.exe [DETECTION] Contains recognition pattern of the DIAL/302366 dialer [NOTE] The file was moved to '490e87a7.qua'! C:\Documents and Settings\Sebastien\Mes documents\hilaire.estelle\CYBER.0MF [DETECTION] Contains recognition pattern of the EXP/IMG-WMF.BK exploit [NOTE] The file was moved to '48e28793.qua'! C:\Documents and Settings\Sebastien\Mes documents\hilaire.estelle\images2007.0ip [0] Archive type: ZIP --> webcam-photos.scr [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '490187ab.qua'! C:\Documents and Settings\Sebastien\Mes documents\hilaire.estelle\immoralstudy.0ip [0] Archive type: ZIP --> Immoral Study #2.exe [DETECTION] Is the TR/Drop.Small.O.7 Trojan [NOTE] The file was moved to '490d87ae.qua'! C:\Documents and Settings\Sebastien\Mes documents\hilaire.estelle\mediatubecodec_ver1.1294.0.exe [DETECTION] Is the TR/Dldr.Zlob.vaa Trojan [NOTE] The file was moved to '490487ab.qua'! C:\Documents and Settings\Sebastien\Mes documents\hilaire.estelle\setup.0xe [DETECTION] Is the TR/Zlob.CA.14 Trojan [NOTE] The file was moved to '491487b7.qua'! C:\Documents and Settings\Sebastien\Mes documents\hilaire.estelle\tstrip.zip [0] Archive type: ZIP --> anime games/tstrip/MOTV95T.EXE [DETECTION] Is the TR/FlashKiller.C Trojan --> anime games/tstrip/TS_MAKO.EXE [DETECTION] Is the TR/FlashKiller.C Trojan [NOTE] The file was moved to '491487ca.qua'! C:\Documents and Settings\Sebastien\Mes documents\hilaire.estelle\video_claramorgane_1.exe [DETECTION] Contains recognition pattern of the DIAL/302366 dialer [NOTE] The file was moved to '490487c4.qua'! C:\Documents and Settings\Sebastien\Mes documents\hilaire.estelle\xpantivirus2008_v77034802.0xe [DETECTION] Is the TR/Crypt.CFI.Gen Trojan [NOTE] The file was moved to '490187da.qua'! C:\Documents and Settings\Sebastien\Mes documents\Mes fichiers reçus\photos-webcam96.0ip [0] Archive type: ZIP --> photos-webcam96.scr [DETECTION] Is the TR/SecSuite.115712 Trojan [NOTE] The file was moved to '490f87df.qua'! C:\Documents and Settings\Sebastien\Mes documents\v\fatalrelations.zip [0] Archive type: ZIP --> fatalrelations/fatalrelation/RELATION.VIR [DETECTION] Contains code of the W95/CIH.A Windows virus [NOTE] The file was moved to '49148831.qua'! C:\Documents and Settings\Sebastien\Mes documents\v\MOVIE.0XE [DETECTION] Is the TR/Dldr.Zlob.aat Trojan [NOTE] The file was moved to '48f68826.qua'! C:\Documents and Settings\Sebastien\Mes documents\v\setup.0xe [DETECTION] Is the TR/Zlob.CA.14 Trojan [NOTE] The file was moved to '49148846.qua'! C:\Documents and Settings\Sebastien\Mes documents\v\fatalrelations\fatalrelations\fatalrelation\RELATION.VIR [DETECTION] Contains code of the W95/CIH.A Windows virus [NOTE] The file was moved to '48ec889a.qua'! C:\Documents and Settings\Sebastien\Mes documents\v\game\Wrestle98.EXE [DETECTION] Contains recognition pattern of the W95/CIH Windows virus [NOTE] The file was moved to '490588cc.qua'! C:\Documents and Settings\Sebastien\Mes documents\v\game9\anime games\tstrip\MOTV95T.EXE [DETECTION] Contains recognition pattern of the W95/CIH Windows virus [NOTE] The file was moved to '48f48907.qua'! C:\Documents and Settings\Sebastien\Mes documents\v\game9\anime games\tstrip\TS_MAKO.EXE [DETECTION] Contains recognition pattern of the W95/CIH Windows virus [NOTE] The file was moved to '48ff890d.qua'! C:\Program Files\smitfraudfix.exe [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.93 dropper [NOTE] The file was moved to '49098a1f.qua'! C:\Program Files\arggggg\WinAV.exe [DETECTION] Is the TR/Dldr.FakeAV.A.5 Trojan [NOTE] The file was moved to '490e8a42.qua'! C:\Program Files\DiallerProgram\Hentai_Games.exe [DETECTION] Contains recognition pattern of the DIAL/300125 dialer [NOTE] The file was moved to '490e8abd.qua'! C:\Program Files\Foster\TS_Mako\TS_MAKO.EXE [DETECTION] Contains recognition pattern of the W95/CIH Windows virus [NOTE] The file was moved to '48ff8bd7.qua'! C:\System Volume Information\_restore{7446FD8D-7EA4-4713-9C22-74BB9FC344DB}\RP357\A0316228.dll [DETECTION] Is the TR/Dldr.Zlob.njq.1 Trojan [NOTE] The file was moved to '48d394a9.qua'! C:\System Volume Information\_restore{7446FD8D-7EA4-4713-9C22-74BB9FC344DB}\RP357\A0316229.exe [DETECTION] Is the TR/Dldr.Zlob.njq Trojan [NOTE] The file was moved to '48d394ad.qua'! C:\System Volume Information\_restore{7446FD8D-7EA4-4713-9C22-74BB9FC344DB}\RP357\A0316251.dll [DETECTION] Is the TR/Dldr.Zlob.njq.1 Trojan [NOTE] The file was moved to '48d394b0.qua'! C:\System Volume Information\_restore{7446FD8D-7EA4-4713-9C22-74BB9FC344DB}\RP357\A0316252.exe [DETECTION] Is the TR/Dldr.Zlob.njq Trojan [NOTE] The file was moved to '48d394b4.qua'! C:\System Volume Information\_restore{7446FD8D-7EA4-4713-9C22-74BB9FC344DB}\RP364\A0319866.exe [DETECTION] Contains recognition pattern of the PHISH/FraudTool.XPAntivirus.HM phishing file/email [NOTE] The file was moved to '48d394d0.qua'! C:\System Volume Information\_restore{7446FD8D-7EA4-4713-9C22-74BB9FC344DB}\RP364\A0319867.exe [DETECTION] Contains recognition pattern of the DIAL/80777.A dialer [NOTE] The file was moved to '48d394d2.qua'! C:\System Volume Information\_restore{7446FD8D-7EA4-4713-9C22-74BB9FC344DB}\RP364\A0319869.exe [DETECTION] Contains recognition pattern of the DIAL/80797.A dialer [NOTE] The file was moved to '48d394d3.qua'! C:\System Volume Information\_restore{7446FD8D-7EA4-4713-9C22-74BB9FC344DB}\RP413\A0379571.exe [DETECTION] Is the TR/Agent.yid Trojan [NOTE] The file was moved to '48d3982f.qua'! C:\System Volume Information\_restore{7446FD8D-7EA4-4713-9C22-74BB9FC344DB}\RP413\A0379572.exe [DETECTION] Is the TR/Agent.yie Trojan [NOTE] The file was moved to '48d39832.qua'! C:\System Volume Information\_restore{7446FD8D-7EA4-4713-9C22-74BB9FC344DB}\RP413\A0379573.exe [DETECTION] Is the TR/Dldr.Agen.106496 Trojan [NOTE] The file was moved to '48d39834.qua'! C:\System Volume Information\_restore{7446FD8D-7EA4-4713-9C22-74BB9FC344DB}\RP413\A0379579.exe [DETECTION] Is the TR/FakeAV.AD.6 Trojan [NOTE] The file was moved to '48d39838.qua'! C:\System Volume Information\_restore{7446FD8D-7EA4-4713-9C22-74BB9FC344DB}\RP414\A0379768.exe [DETECTION] Contains recognition pattern of the WORM/Small.I.2 worm [NOTE] The file was moved to '48d39841.qua'! C:\System Volume Information\_restore{7446FD8D-7EA4-4713-9C22-74BB9FC344DB}\RP414\A0380778.exe [DETECTION] Contains recognition pattern of the DR/Dap.C.2 dropper [NOTE] The file was moved to '48d39843.qua'! C:\System Volume Information\_restore{7446FD8D-7EA4-4713-9C22-74BB9FC344DB}\RP414\A0380780.exe [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.93 dropper [NOTE] The file was moved to '48d39899.qua'! C:\System Volume Information\_restore{7446FD8D-7EA4-4713-9C22-74BB9FC344DB}\RP414\A0380781.exe [DETECTION] Is the TR/Dldr.FakeAV.A.5 Trojan [NOTE] The file was moved to '48d3989b.qua'! C:\System Volume Information\_restore{7446FD8D-7EA4-4713-9C22-74BB9FC344DB}\RP414\A0380782.exe [DETECTION] Contains recognition pattern of the DIAL/300125 dialer [NOTE] The file was moved to '48d3989d.qua'! C:\System Volume Information\_restore{7446FD8D-7EA4-4713-9C22-74BB9FC344DB}\RP414\A0380783.EXE [DETECTION] Contains recognition pattern of the W95/CIH Windows virus [NOTE] The file was moved to '48d398a0.qua'! C:\WINDOWS\system32\YESGNHR.0LL [DETECTION] Is the TR/Click.Agent.JW.1 Trojan [NOTE] The file was moved to '48f39ba0.qua'! C:\WINDOWS\Temp\MT\contact-internet.exe [DETECTION] Contains recognition pattern of the DIAL/80777.A dialer [NOTE] The file was moved to '490e9c61.qua'! C:\WINDOWS\Temp\MT\video_claramorgane_1.exe [DETECTION] Contains recognition pattern of the DIAL/80797.A dialer [NOTE] The file was moved to '49049c5f.qua'! End of the scan: lundi 11 août 2008 22:07 Used time: 2:17:13 Hour(s) The scan has been done completely. 6831 Scanning directories 275853 Files were scanned 236 viruses and/or unwanted programs were found 28 Files were classified as suspicious: 0 files were deleted 0 files were repaired 125 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 275587 Files not concerned 2504 Archives were scanned 6 Warnings 125 Notes

Je viens de terminer l'examen avec NBAM qui a effectivement été plutôt long et qui a trouvé 100 éléments à supprimer (j'halucine !). Voici le rapport NBAM : Malwarebytes' Anti-Malware 1.24 Version de la base de données: 1038 Windows 5.1.2600 Service Pack 2 12:32:57 11/08/2008 mbam-log-8-11-2008 (12-32-57).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 184871 Temps écoulé: 1 hour(s), 13 minute(s), 48 second(s) Processus mémoire infecté(s): 1 Module(s) mémoire infecté(s): 2 Clé(s) du Registre infectée(s): 21 Valeur(s) du Registre infectée(s): 16 Elément(s) de données du Registre infecté(s): 16 Dossier(s) infecté(s): 4 Fichier(s) infecté(s): 40 Processus mémoire infecté(s): C:\Program Files\VAV\vav.exe (Rogue.VistaAntivirus2008) -> Unloaded process successfully. Module(s) mémoire infecté(s): C:\WINDOWS\xokvrpwg.dll (Trojan.Zlob) -> Delete on reboot. C:\WINDOWS\tfnslopk.dll (Trojan.FakeAlert) -> Delete on reboot. Clé(s) du Registre infectée(s): HKEY_CLASSES_ROOT\CLSID\{8450912b-c4db-47a6-aa33-127fda8fdac9} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{861a5298-ee5a-47a2-adf1-e31dfaaf2745} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{8ecd9ec4-b9c5-4b79-a60f-9b275f150d81} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{f2a6573c-91ce-4c49-8122-b613f345e4a5} (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{468520d6-c977-4e1d-a8c6-29584eb992f5} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{a91966d7-56df-4757-b385-bf88a1ea46eb} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{b7f8c889-3245-49b7-a99d-50665c4f16e7} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{e0dde7f9-96af-42e8-b721-376c41681132} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webvideo (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{20e1148b-a9db-4678-82ab-e3e72b0f2959} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{4c6b1408-fc27-4864-9b5d-f70a93a789c4} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{892b88a3-dc94-4a1f-a75a-9aa50061a683} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{4e139533-3339-4a4b-93f0-55243d2a5dc2} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{51646aaa-c821-463d-b0ec-278a57b7fd4d} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fd4ccf55-6cd6-4284-8d7e-e82b6f575e40} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df6c9a95-cdd0-4efc-9c2a-b6ca365f7396} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{df6c9a95-cdd0-4efc-9c2a-b6ca365f7396} (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bgrqfetx.bolb (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\bgrqfetx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\xokvrpwg (Trojan.Zlob) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\antivirus (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winb.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winc.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wind.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wine.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winf.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winb.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winc.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wind.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\wine.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\winf.exe (Trojan.Agent) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0\source (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\tfnslopk (Trojan.FakeAlert) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{892b88a3-dc94-4a1f-a75a-9aa50061a683} (Trojan.FakeAlert) -> Quarantined and deleted successfully. Elément(s) de données du Registre infecté(s): HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.Homepage) -> Bad: (http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2) Good: (http://www.google.com/) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76412-OEM-0053265-68562) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Dossier(s) infecté(s): C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully. Fichier(s) infecté(s): C:\WINDOWS\xokvrpwg.dll (Trojan.Zlob) -> Delete on reboot. C:\Program Files\PCHealthCenter\0.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\2.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\3.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\4.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\7.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{7446FD8D-7EA4-4713-9C22-74BB9FC344DB}\RP363\A0318816.dll (Trojan.BHO) -> Quarantined and deleted successfully. C:\WINDOWS\edlb.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully. C:\Program Files\VAV\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully. C:\Program Files\VAV\vav.exe (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully. C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully. C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully. C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully. C:\WINDOWS\system32\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully. C:\WINDOWS\tfnslopk.dll (Trojan.FakeAlert) -> Delete on reboot. C:\WINDOWS\lnvegaow.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\bgrqfetx.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\WINDOWS\wnlmdakqlag.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Sebastien\Local Settings\Temp\s1265.php (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Sebastien\Local Settings\Temp\vistasp1.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. C:\Documents and Settings\Sebastien\Bureau\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Sebastien\Bureau\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Sebastien\Bureau\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Sebastien\Favoris\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Sebastien\Favoris\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully. C:\Documents and Settings\Sebastien\Favoris\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully. et le rapport hijackthis qui suit : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:38:20, on 11/08/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Classic PhoneTools\CapFax.EXE C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\inetsrv.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\ntvdm.exe C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe C:\PROGRA~1\Wanadoo\Watch.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\WINDOWS\system32\wuauclt.exe C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe C:\DOCUME~1\SEBAST~1\Bureau\hijackthis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE O4 - HKLM\..\Run: [Disk Monitor] C:\Program Files\Generic\USB Card Reader Driver v2.2c\Disk_Monitor.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZTE Corporation\ZXDSL852\CnxDslTb.exe" "ZTE Corporation\ZXDSL852" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [inetsrv] C:\WINDOWS\system32\inetsrv.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|DEFAULT=cnx|PARAM= O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE O4 - Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe O4 - Global Startup: hp psc 1000 series.lnk = ? O4 - Global Startup: hpoddt01.exe.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?9e43735806ea427185d942562bc5e7ea O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?9e43735806ea427185d942562bc5e7ea O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://regulus.upmf-grenoble.fr/qp2.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{074E0CE5-B019-413C-9232-AB4EBF4F74F2}: NameServer = 80.10.246.130 81.253.149.10 O17 - HKLM\System\CS1\Services\Tcpip\..\{074E0CE5-B019-413C-9232-AB4EBF4F74F2}: NameServer = 80.10.246.130 80.10.246.3 O17 - HKLM\System\CS2\Services\Tcpip\..\{074E0CE5-B019-413C-9232-AB4EBF4F74F2}: NameServer = 80.10.246.130 81.253.149.10 O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel - C:\Program Files\Inventel\Gateway\wlancfg.exe O24 - Desktop Component 0: Privacy Protection - (no file) -- End of file - 9214 bytes Merci de votre aide

Bonsoir Mon PC vient d'être infecté par un méchant virus qui affiche Vista 2008 antivirus toutes les 2 mn, bloque l'accès aux programmes et a supprimé le logiciel hijackthis... Du coup pas de rapport possible (et impossible de le télécharger à nouveau apparemment). Pourriez-vous m'aider ? Merci à vous crichton

Bonjour, Mon problème est-il insoluble ? Dois-je envoyer mon pc à la poubelle ? Merci de votre aide.

Bonjour, Je me permets de poster juste pour faire remonter mon sujet qui partait dans les limbes... Merci.

Bonjour, J'ai essayé Firefox et j'ai le même problème. L'infection s'est produite en début d'année. Voici le dernier raport hijackthis. Merci pour votre aide. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:55:11, on 13/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Securitoo\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Securitoo\Common\FSMB32.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Securitoo\Common\FCH32.EXE C:\PROGRA~1\IQONAN~1\ONLNSVC.EXE C:\PROGRA~1\IQONAN~1\scanwscs.exe C:\Program Files\Securitoo\Common\FAMEH32.EXE C:\Program Files\Securitoo\Anti-Virus\fsqh.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Securitoo\FSAUA\program\fsaua.exe C:\Program Files\Securitoo\FWES\Program\fsdfwd.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O17 - HKLM\System\CCS\Services\Tcpip\..\{ED3608C0-F62B-47AA-B829-2D274D559654}: NameServer = 81.253.149.9,81.253.149.10 O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Securitoo\Anti-Virus\fsgk32st.exe (file missing) O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NT Online Protection - Unknown owner - C:\PROGRA~1\IQONAN~1\ONLNSVC.EXE O23 - Service: iQon Helper Service WSC (ScanWscS) - Unknown owner - C:\PROGRA~1\IQONAN~1\scanwscs.exe -- End of file - 6184 bytes

Oui toujours des problèmes. La connection est bien là mais il m'est toujours impossible d'utiliser Internet explorer.

Bonjour, Voici le rapport tiré de Fixwareout.exe Username "Vincent HILAIRE" - 11/03/2008 18:16:56 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check HKLM\SOFTWARE\~\Winlogon\ "System"="kdjnt.exe" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters "nameserver"="85.255.115.236 85.255.112.118" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{77283450-3F60-4245-8ADF-51501B9CDD2F} "nameserver"="85.255.115.236,85.255.112.118" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4F20A3C8-5B2A-4769-BE5E-A674406B2FA2} "DhcpNameServer"="85.255.115.236,85.255.112.118" <Value cleared. HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{77283450-3F60-4245-8ADF-51501B9CDD2F} "DhcpNameServer"="85.255.115.236,85.255.112.118" <Value cleared. Cache de résolution DNS vidé. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "system"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~

Bonjour Mon PC semble infecté par un virus qui m'empêche d'utiliser internet explorer ou tout autre outil de navigation. Merci de votre aide. Voici le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:28:32, on 10/03/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Securitoo\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Securitoo\Common\FSMB32.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Securitoo\Common\FCH32.EXE C:\PROGRA~1\IQONAN~1\ONLNSVC.EXE C:\PROGRA~1\IQONAN~1\scanwscs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Securitoo\Common\FAMEH32.EXE C:\Program Files\Securitoo\Anti-Virus\fsqh.exe C:\Program Files\Securitoo\FSAUA\program\fsaua.exe C:\Program Files\Securitoo\FWES\Program\fsdfwd.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\rundll32.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O17 - HKLM\System\CCS\Services\Tcpip\..\{77283450-3F60-4245-8ADF-51501B9CDD2F}: NameServer = 85.255.115.236,85.255.112.118 O17 - HKLM\System\CCS\Services\Tcpip\..\{ED3608C0-F62B-47AA-B829-2D274D559654}: NameServer = 81.253.149.9,81.253.149.10 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.236 85.255.112.118 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.236 85.255.112.118 O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Securitoo\Anti-Virus\fsgk32st.exe (file missing) O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NT Online Protection - Unknown owner - C:\PROGRA~1\IQONAN~1\ONLNSVC.EXE O23 - Service: iQon Helper Service WSC (ScanWscS) - Unknown owner - C:\PROGRA~1\IQONAN~1\scanwscs.exe -- End of file - 6494 bytes

Et voilà pour finir le rapport issu de Combofix. ComboFix 07-12-02.7 - Vincent HILAIRE 05/12/2007 23:10:01.1 - NTFSx86 Microsoft Windows XP Édition familiale 5.1.2600.2.1252.33.1036.18.93 [GMT 1:00] Running from: C:\Documents and Settings\Vincent HILAIRE\Bureau\combofix.exe * Created a new restore point . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\3456346345643.exe C:\Program Files\video activex access C:\Program Files\video activex access\iesmin.exe C:\Program Files\video activex access\iesplg.dll C:\Program Files\video activex access\ot.ico C:\Program Files\video activex access\ts.ico C:\Program Files\video activex access\uninst.exe C:\WINDOWS\system32\uninstall.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_DRIVER -------\LEGACY_MSDIRECT ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2007-11-05 to 2007-12-05 )))))))))))))))))))))))))))))))))))) . 2007-12-05 22:59 . 2007-12-05 23:14 <REP> d-------- C:\WINDOWS\LastGood.Tmp 2007-12-05 22:47 . 2007-12-05 22:47 <REP> d-------- C:\WINDOWS\ERUNT 2007-12-05 21:31 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2007-12-05 21:31 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-12-05 19:34 . 2007-12-05 19:34 <REP> d-------- C:\Program Files\CCleaner 2007-12-05 19:31 . 2007-12-05 19:31 2,724,328 --a------ C:\Program Files\ccsetup203.exe 2007-12-05 18:54 . 2007-02-03 19:27 938,272 -ra------ C:\WINDOWS\system32\drivers\LV302V32.SYS 2007-12-05 18:48 . 2007-12-05 18:48 <REP> d-------- C:\Program Files\Logitech 2007-12-05 18:48 . 2007-12-05 18:54 <REP> d-------- C:\Program Files\Fichiers communs\LogiShrd 2007-12-05 18:48 . 2007-12-05 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logitech 2007-12-05 18:48 . 2007-12-05 18:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Logishrd 2007-12-04 20:38 . 2007-12-04 20:38 <REP> d-------- C:\Program Files\Trend Micro 2007-12-04 18:31 . 2007-12-04 18:31 <REP> d-------- C:\VundoFix Backups 2007-12-02 22:07 . 2007-12-02 22:10 <REP> d-------- C:\Program Files\AdvancedCleaner Free 2007-12-02 22:07 . 2003-03-19 08:20 1,060,864 --a------ C:\WINDOWS\system32\mfc71.dll 2007-11-30 19:34 . 2007-11-30 19:34 244 --ah----- C:\sqmnoopt04.sqm 2007-11-30 19:34 . 2007-11-30 19:34 232 --ah----- C:\sqmdata04.sqm 2007-11-29 23:14 . 2007-11-29 23:14 244 --ah----- C:\sqmnoopt03.sqm 2007-11-29 23:14 . 2007-11-29 23:14 232 --ah----- C:\sqmdata03.sqm 2007-11-29 18:36 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys 2007-11-29 18:36 . 2004-08-03 23:00 8,192 --a--c--- C:\WINDOWS\system32\dllcache\changer.sys 2007-11-28 23:21 . 2007-11-28 23:21 244 --ah----- C:\sqmnoopt02.sqm 2007-11-28 23:21 . 2007-11-28 23:21 232 --ah----- C:\sqmdata02.sqm 2007-11-28 19:15 . 2007-12-02 23:22 980 --a------ C:\0xf9.exe 2007-11-25 22:15 . 2007-11-25 22:15 244 --ah----- C:\sqmnoopt01.sqm 2007-11-25 22:15 . 2007-11-25 22:15 232 --ah----- C:\sqmdata01.sqm 2007-11-18 14:56 . 2007-11-18 14:56 221,696 --a------ C:\WINDOWS\system32\PowerVideo.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2007-12-05 22:14 --------- d-----w C:\Program Files\Wanadoo 2007-12-05 22:14 --------- d-----w C:\Program Files\iQon AntiVirus 2007-12-05 19:38 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-05 19:38 --------- d-----w C:\Program Files\Grandia2 2007-11-30 19:23 --------- d-----w C:\Program Files\GameSpy Arcade 2007-11-02 13:49 --------- d-----w C:\Program Files\AbiSuite2 2007-10-13 17:08 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-10-13 17:08 --------- d-----w C:\Program Files\Windows Live Favorites 2007-10-10 17:16 --------- d-----w C:\Program Files\Java 2007-08-29 19:35 3,269,904 ----a-w C:\Program Files\DivXWebPlayerInstallerBeta2.exe 2007-04-14 19:18 20 ----a-w C:\Program Files\log.txt . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00] "WOOKIT"="C:\Program Files\Wanadoo\Shell.exe" [2004-08-23 13:50] "DialMessenger"="C:\Program Files\DialMessenger\dialmessenger.exe" [2007-08-09 17:49] "DriverLoad"="" [] "DriverCheck"="" [] "SystemDriverLoad"="" [] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2005-03-08 10:33 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-03-12 00:33 C:\WINDOWS\system32\VTTrayp.exe] "Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 20:42] "RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 02:24] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2005-12-21 02:54] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-05-18 08:18] "Email Protection"="C:\PROGRA~1\IQONAN~1\emlproxy.exe" [2006-10-11 18:11] "Scanner Reminder"="C:\PROGRA~1\IQONAN~1\remind.exe" [2006-10-11 18:11] "Update Scheduler"="C:\PROGRA~1\IQONAN~1\UPSCHD.exe" [2006-10-11 18:11] "On-Line Protection"="C:\PROGRA~1\IQONAN~1\CATEYE.EXE" [2006-10-11 18:11] "Activate Scanner"="C:\PROGRA~1\IQONAN~1\ACTIVATE.EXE" [2006-10-11 18:11] "Startup Scan"="C:\PROGRA~1\IQONAN~1\sensor.exe" [2006-10-11 18:11] "SoundMan"="SOUNDMAN.EXE" [2005-08-17 18:39 C:\WINDOWS\SOUNDMAN.EXE] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49] "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55] "F-Secure Manager"="C:\Program Files\Securitoo\Common\FSM32.exe" [2007-02-27 13:45] "F-Secure TNB"="C:\Program Files\Securitoo\FSGUI\TNBUtil.exe" [] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11] "LogitechCommunicationsManager"="C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 01:12] "LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 01:13] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Startup Scan"="C:\PROGRA~1\IQONAN~1\sensor.exe" [2006-10-11 18:11] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 20:00] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55] R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys R0 ScreenNT;ScreenNT;C:\WINDOWS\system32\drivers\ScreenNT.sys R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\VIAMRAID.SYS R2 EMLSS;EMLSS;C:\WINDOWS\system32\drivers\emltdi.sys R2 OnlineNT;OnlineNT;\??\C:\PROGRA~1\IQONAN~1\ONLINENT.SYS R2 X4HSX32;X4HSX32;\??\C:\Program Files\Metaboli Player\X4HSX32.Sys S1 F-Secure HIPS;F-Secure HIPS;\??\C:\Program Files\Securitoo\HIPS\fshs.sys S2 F-Secure Filter;F-Secure File System Filter;\??\C:\Program Files\Securitoo\Anti-Virus\Win2K\FSfilter.sys S2 F-Secure Gatekeeper;F-Secure Gatekeeper;\??\C:\Program Files\Securitoo\Anti-Virus\win2k\fsgk.sys S2 F-Secure Recognizer;F-Secure File System Recognizer;\??\C:\Program Files\Securitoo\Anti-Virus\Win2K\FSrec.sys S3 FXDRV;FXDRV;\??\D:\Fxdrv.sys [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\setup.exe \Shell\LVIPCAP\command - D:\techsupt\CaptureTest\Amcap8.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a71db31-590d-11db-9415-806d6172696f}] \shell\PlayWithPowerDVD\Command - "C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe" "%l" . Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es' "2007-09-16 09:43:44 C:\WINDOWS\Tasks\Scheduled scanning task.job" - C:\PROGRA~1\SECURI~1\ANTI-V~1\fsav.exe "2007-12-05 22:12:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2007-12-05 23:15:49 - machine was rebooted . --- E O F --- Les choses semblent déjà aller beaucoup, beaucoup, mieux ! Un big thank you

Merci de ton aide mon cher Bruce Je ne connais pas du tout "O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\Backup_Drivers\svchost.exe"... Comme Tu me l'as demandé j'ai téléchargé Smitfraud. Voici le rapport : SmitFraudFix v2.258 Rapport fait à 21:34:46,66, 05/12/2007 Executé à partir de C:\DOCUME~1\VINCEN~1\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Securitoo\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Securitoo\Common\FSMB32.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\IQONAN~1\ONLNSVC.EXE C:\Program Files\Securitoo\Common\FCH32.EXE C:\PROGRA~1\IQONAN~1\scanwscs.exe C:\Program Files\Securitoo\Common\FAMEH32.EXE C:\Program Files\Securitoo\Anti-Virus\fsqh.exe C:\Program Files\Securitoo\FSAUA\program\fsaua.exe C:\Program Files\Securitoo\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\IQONAN~1\emlproxy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Securitoo\Common\FSM32.EXE C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\newmaxxsv234.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Securitoo\FSGUI\fsguidll.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\Watch.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\PROGRA~1\FICHIE~1\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Backup_Drivers\svchost.exe C:\WINDOWS\TEMP\ms-81F.exe C:\Program Files\Windows Media Player\setup_wm.exe C:\Backup_Drivers\svchost.exe C:\WINDOWS\TEMP\ms-B.exe C:\WINDOWS\TEMP\ms-E79.exe C:\Backup_Drivers\svchost.exe C:\Backup_Drivers\svchost.exe C:\Backup_Drivers\svchost.exe C:\PROGRA~1\Wanadoo\WOOBRO~1\DownloadManager.exe C:\Backup_Drivers\svchost.exe C:\Backup_Drivers\svchost.exe C:\WINDOWS\system32\cmd.exe C:\Backup_Drivers\svchost.exe C:\Backup_Drivers\svchost.exe C:\Backup_Drivers\svchost.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\PowerVideo.dll PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Vincent HILAIRE »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Vincent HILAIRE\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT ! C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\VINCEN~1\Favoris C:\DOCUME~1\VINCEN~1\Favoris\Online Security Test.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Bureau C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url PRESENT ! C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\Video ActiveX Access\ PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{547aaa89-7e6b-42b4-b112-a64955f86a2a}"="adirondack" [HKEY_CLASSES_ROOT\CLSID\{547aaa89-7e6b-42b4-b112-a64955f86a2a}\InProcServer32] @="C:\WINDOWS\system32\zpuwriz.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{547aaa89-7e6b-42b4-b112-a64955f86a2a}\InProcServer32] @="C:\WINDOWS\system32\zpuwriz.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="csyod.exe" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets DNS Server Search Order: 85.255.114.195 DNS Server Search Order: 85.255.112.139 HKLM\SYSTEM\CCS\Services\Tcpip\..\{4F20A3C8-5B2A-4769-BE5E-A674406B2FA2}: DhcpNameServer=85.255.114.195,85.255.112.139 HKLM\SYSTEM\CCS\Services\Tcpip\..\{ED3608C0-F62B-47AA-B829-2D274D559654}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{ED3608C0-F62B-47AA-B829-2D274D559654}: NameServer=85.255.114.195,85.255.112.139 HKLM\SYSTEM\CS1\Services\Tcpip\..\{4F20A3C8-5B2A-4769-BE5E-A674406B2FA2}: DhcpNameServer=85.255.114.195,85.255.112.139 HKLM\SYSTEM\CS1\Services\Tcpip\..\{ED3608C0-F62B-47AA-B829-2D274D559654}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{ED3608C0-F62B-47AA-B829-2D274D559654}: NameServer=85.255.114.195,85.255.112.139 HKLM\SYSTEM\CS3\Services\Tcpip\..\{4F20A3C8-5B2A-4769-BE5E-A674406B2FA2}: DhcpNameServer=85.255.114.195,85.255.112.139 HKLM\SYSTEM\CS3\Services\Tcpip\..\{ED3608C0-F62B-47AA-B829-2D274D559654}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{ED3608C0-F62B-47AA-B829-2D274D559654}: NameServer=85.255.114.195,85.255.112.139 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: NameServer=85.255.114.195 85.255.112.139 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: NameServer=85.255.114.195 85.255.112.139 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: NameServer=85.255.114.195 85.255.112.139 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Voici maintenant le rapport issu de sdfix SDFix: Version 1.117 Run by Vincent HILAIRE on 05/12/2007 at 22:48 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Safe Mode: Checking Services: Name: dnlsvc Driver msdirect Path: "C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\dnlsvc.exe" \??\C:\WINDOWS\system32\kernelw.sys \??\C:\WINDOWS\system32\msdirect.sys dnlsvc - Deleted Driver - Deleted msdirect - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Restoring Missing Security Center Service Restoring Missing SharedAccess Service Rebooting... Service asc3550p - Deleted after Reboot Normal Mode: Checking Files: Trojan Files Found: C:\Documents and Settings\All Users\Documents\Settings\bot.dll - Deleted C:\Documents and Settings\Vincent HILAIRE\Local Settings\Temp\1.dllb - Deleted C:\WINDOWS\system32\msdirect.sys - Deleted C:\Documents and Settings\Vincent HILAIRE\Local Settings\Temp\ma11x1dd12111v.game - Deleted C:\WINDOWS\Temp\ms-11.exe - Deleted C:\WINDOWS\Temp\ms-13.exe - Deleted C:\WINDOWS\Temp\ms-14.exe - Deleted C:\WINDOWS\Temp\ms-17.exe - Deleted C:\WINDOWS\Temp\ms-19.exe - Deleted C:\WINDOWS\Temp\ms-1A.exe - Deleted C:\WINDOWS\Temp\ms-1B.exe - Deleted C:\WINDOWS\Temp\ms-28.exe - Deleted C:\WINDOWS\Temp\ms-A.exe - Deleted C:\WINDOWS\Temp\ms-B.exe - Deleted C:\WINDOWS\Temp\ms-C.exe - Deleted C:\WINDOWS\Temp\ms-D.exe - Deleted C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\dnlsvc.exe - Deleted C:\1.exe - Deleted C:\Backup_Drivers\svchost.exe - Deleted C:\syst.exe - Deleted C:\WINDOWS\noskrnl.config - Deleted C:\WINDOWS\system32\dllh8jkd1q5.exe - Deleted C:\WINDOWS\system32\dllh8jkd1q6.exe - Deleted C:\WINDOWS\system32\dllh8jkd1q7.exe - Deleted C:\WINDOWS\system32\dllh8jkd1q8.exe - Deleted C:\WINDOWS\system32\kernelw.sys - Deleted C:\WINDOWS\system32\kernelwind32.exe - Deleted C:\WINDOWS\system32\m1ax1d1213216143v.exe - Deleted C:\WINDOWS\system32\max1d11643v.exe - Deleted C:\WINDOWS\system32\newmaxxsv234.exe - Deleted C:\WINDOWS\system32\svcp.csv - Deleted C:\WINDOWS\system32\vedxga4me1.exe - Deleted C:\WINDOWS\system32\vx.tll - Deleted C:\WINDOWS\system32\winsub.xml - Deleted C:\WINDOWS\system32\drivers\asc3550p.sys - Deleted Folder C:\Documents and Settings\All Users\Documents\Settings - Removed Folder C:\Backup_Drivers - Removed Removing Temp Files... ADS Check: C:\WINDOWS No streams found. C:\WINDOWS\system32 No streams found. C:\WINDOWS\system32\svchost.exe No streams found. C:\WINDOWS\system32\ntoskrnl.exe No streams found. Final Check: catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-05 22:54:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache \xc4] "SlowInfoCache"=hex:28,02,00,00,01,00,00,00,00,70,02,05,00,00,00,00,64,b3,6f,d5,88,.. "Changed"=dword:00000000 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall \xc4] "UninstallString"="C:\WINDOWS\IsUn0411.exe -f"C:\Program Files\\x201a\xb7\x201a\xbd\x201a\xb6\x201a\xa8\x2014\xce\x2019\x192\\x2030\xc4\x201c\xfa\x81i\x2018\xcc\x152\xb1\x201d\xc5\x0081D\x201am\x201ad\x201as\x81j\Uninst.isu"" "DisplayName"="\x2030\xc4\x201c\xfa\x81i\x2018\xcc\x152\xb1\x201d\xc5\x0081D\x201am\x201ad\x201as\x81j" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\32 \xb7] "Order"=hex:08,00,00,00,02,00,00,00,7c,00,00,00,01,00,00,00,01,00,00,00,70,.. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\\32 \xb7 \xc4] "Order"=hex:08,00,00,00,02,00,00,00,88,00,00,00,01,00,00,00,01,00,00,00,7c,.. scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services: ------------------ Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" Remaining Files: --------------- File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes: Finished! Et enfin last but not least le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:04:19, on 05/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Securitoo\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Securitoo\Common\FSMB32.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\IQONAN~1\ONLNSVC.EXE C:\Program Files\Securitoo\Common\FCH32.EXE C:\PROGRA~1\IQONAN~1\scanwscs.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Securitoo\Common\FAMEH32.EXE C:\Program Files\Securitoo\Anti-Virus\fsqh.exe C:\Program Files\Securitoo\FSAUA\program\fsaua.exe C:\Program Files\Securitoo\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\IQONAN~1\emlproxy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Securitoo\Common\FSM32.EXE C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DialMessenger\dialmessenger.exe C:\Program Files\Securitoo\FSGUI\fsguidll.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\LVComSX.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\Watch.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {D61D7E1A-6613-49CA-B6F9-51DB248E209D} - C:\Program Files\Video ActiveX Access\iesplg.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: C:\PROGRA~1\IQONAN~1\emlproxy.exe O4 - HKLM\..\Run: [scanner Reminder] C:\PROGRA~1\IQONAN~1\remind.exe O4 - HKLM\..\Run: [update Scheduler] C:\PROGRA~1\IQONAN~1\UPSCHD.EXE /CHECK O4 - HKLM\..\Run: [On-Line Protection] C:\PROGRA~1\IQONAN~1\CATEYE.EXE O4 - HKLM\..\Run: [Messenger] C:\PROGRA~1\IQONAN~1\SCANMSG.EXE O4 - HKLM\..\Run: [Activate Scanner] C:\PROGRA~1\IQONAN~1\ACTIVATE.EXE O4 - HKLM\..\Run: [startup Scan] C:\PROGRA~1\IQONAN~1\sensor.exe /loadrun O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\RunOnce: [startup Scan] C:\PROGRA~1\IQONAN~1\sensor.exe /check O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [DialMessenger] "C:\Program Files\DialMessenger\dialmessenger.exe" -background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O17 - HKLM\System\CCS\Services\Tcpip\..\{ED3608C0-F62B-47AA-B829-2D274D559654}: NameServer = 85.255.114.195,85.255.112.139 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.195 85.255.112.139 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.195 85.255.112.139 O22 - SharedTaskScheduler: adirondack - {547aaa89-7e6b-42b4-b112-a64955f86a2a} - C:\WINDOWS\system32\zpuwriz.dll (file missing) O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Securitoo\Anti-Virus\fsgk32st.exe (file missing) O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NT Online Protection - Unknown owner - C:\PROGRA~1\IQONAN~1\ONLNSVC.EXE O23 - Service: iQon Helper Service WSC (ScanWscS) - Unknown owner - C:\PROGRA~1\IQONAN~1\scanwscs.exe -- End of file - 9990 bytes Je vais télécharger combofix et t'envoyer le rapport dans ma prochaine réponse ! Merci encore pour ton aide

Bonsoir Je suis à la fois débutant sur ce forum et en infomatique ! Mon PC me fait des misères depuis deux jours : il rame, se bloque, m'ouvre des fenêtres que j'aurais surement apprécié à 15 ans et me bloque des programmes !! Super lourd. Je vous joins le log hijackthis que je viens de sortir en espérant que vous pourrez me donner un coup de main D'avance merci !! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:15:19, on 05/12/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Securitoo\Common\FSMA32.EXE C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Securitoo\Common\FSMB32.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\IQONAN~1\ONLNSVC.EXE C:\Program Files\Securitoo\Common\FCH32.EXE C:\PROGRA~1\IQONAN~1\scanwscs.exe C:\Program Files\Securitoo\Common\FAMEH32.EXE C:\Program Files\Securitoo\Anti-Virus\fsqh.exe C:\Program Files\Securitoo\FSAUA\program\fsaua.exe C:\Program Files\Securitoo\FWES\Program\fsdfwd.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\PROGRA~1\IQONAN~1\emlproxy.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Securitoo\Common\FSM32.EXE C:\PROGRA~1\Wanadoo\TaskBarIcon.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\WINDOWS\system32\newmaxxsv234.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\DialMessenger\dialmessenger.exe C:\Program Files\Securitoo\FSGUI\fsguidll.exe C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe C:\PROGRA~1\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\PROGRA~1\Wanadoo\Watch.exe C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe C:\PROGRA~1\FICHIE~1\LogiShrd\LComMgr\LVComSX.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Logitech\QuickCam10\QuickCam10.exe C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\Fichiers communs\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE C:\WINDOWS\system32\wuauclt.exe C:\Backup_Drivers\svchost.exe C:\Backup_Drivers\svchost.exe C:\Backup_Drivers\svchost.exe C:\Backup_Drivers\svchost.exe C:\Backup_Drivers\svchost.exe C:\Backup_Drivers\svchost.exe C:\Backup_Drivers\svchost.exe C:\Backup_Drivers\svchost.exe C:\WINDOWS\TEMP\ms-B.exe C:\Backup_Drivers\svchost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Backup_Drivers\svchost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer optimisé pour MSN R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: (no name) - {D61D7E1A-6613-49CA-B6F9-51DB248E209D} - C:\Program Files\Video ActiveX Access\iesplg.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: C:\PROGRA~1\IQONAN~1\emlproxy.exe O4 - HKLM\..\Run: [scanner Reminder] C:\PROGRA~1\IQONAN~1\remind.exe O4 - HKLM\..\Run: [update Scheduler] C:\PROGRA~1\IQONAN~1\UPSCHD.EXE /CHECK O4 - HKLM\..\Run: [On-Line Protection] C:\PROGRA~1\IQONAN~1\CATEYE.EXE O4 - HKLM\..\Run: [Messenger] C:\PROGRA~1\IQONAN~1\SCANMSG.EXE O4 - HKLM\..\Run: [Activate Scanner] C:\PROGRA~1\IQONAN~1\ACTIVATE.EXE O4 - HKLM\..\Run: [startup Scan] C:\PROGRA~1\IQONAN~1\sensor.exe /loadrun O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe O4 - HKLM\..\Run: [system] C:\WINDOWS\system32\kernelwind32.exe O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [systemSv12] C:\WINDOWS\system32\newmaxxsv234.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Fichiers communs\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide O4 - HKLM\..\RunOnce: [startup Scan] C:\PROGRA~1\IQONAN~1\sensor.exe /check O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [DialMessenger] "C:\Program Files\DialMessenger\dialmessenger.exe" -background O4 - HKCU\..\Run: [CDriver] c:\Backup_Drivers\svchost.exe O4 - HKCU\..\Run: [DDriver] c:\Backup_Drivers\svchost.exe O4 - HKCU\..\Run: [alpha] c:\Backup_Drivers\svchost.exe O4 - HKCU\..\Run: [beta] c:\Backup_Drivers\svchost.exe O4 - HKCU\..\Run: [gamma] c:\Backup_Drivers\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe O4 - HKLM\..\Policies\Explorer\Run: [rare] C:\Program Files\Video ActiveX Access\imsmain.exe O4 - HKLM\..\Policies\Explorer\Run: [CDriver] c:\Backup_Drivers\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [DDriver] c:\Backup_Drivers\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [alpha] c:\Backup_Drivers\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [beta] c:\Backup_Drivers\svchost.exe O4 - HKLM\..\Policies\Explorer\Run: [gamma] c:\Backup_Drivers\svchost.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [systemDriverLoad] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [systemDriver] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [FDriver] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ADriver] (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [CDriver] c:\Backup_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DDriver] c:\Backup_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [alpha] c:\Backup_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [beta] c:\Backup_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [gamma] c:\Backup_Drivers\svchost.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: PowerReg Scheduler.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O17 - HKLM\System\CCS\Services\Tcpip\..\{ED3608C0-F62B-47AA-B829-2D274D559654}: NameServer = 85.255.114.195,85.255.112.139 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.195 85.255.112.139 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.195 85.255.112.139 O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documents\Settings\bot.dll O22 - SharedTaskScheduler: adirondack - {547aaa89-7e6b-42b4-b112-a64955f86a2a} - C:\WINDOWS\system32\zpuwriz.dll (file missing) O23 - Service: MS Software Shadow Download Provider (dnlsvc) - Unknown owner - C:\DOCUME~1\VINCEN~1\LOCALS~1\Temp\dnlsvc.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - Unknown owner - C:\Program Files\Securitoo\Anti-Virus\fsgk32st.exe (file missing) O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Securitoo\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Common\FSMA32.EXE O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logishrd\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: NT Online Protection - Unknown owner - C:\PROGRA~1\IQONAN~1\ONLNSVC.EXE O23 - Service: iQon Helper Service WSC (ScanWscS) - Unknown owner - C:\PROGRA~1\IQONAN~1\scanwscs.exe O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\system32\dmdar.exe (file missing) -- End of file - 12549 bytes