Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Etude de mon rapport

Gazo

Par Gazo
dans Analyses et éradication malwares

 Partager

Messages recommandés

Gazo Junior Member

Gazo

Posté(e)
Posté(e)

Bonjour je me prenome Jean-Marc.

Je suis infecté par virusturb.

Je suis la procedure de Regis 86 qui répondait a Milhaud.

Donc je post mon rapport.

Je ne comprend pas grand chose et je vais continuer la procedure comme indiquer

Merci

 

 

SmitFraudFix v2.111

 

Rapport fait à 13:53:59,31, 20/10/2006

Executé à partir de C:\Documents and Settings\Jean-Marc\Bureau\Smitfraud\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Fix executé en mode normal

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-Marc

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jean-Marc\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JEAN-M~1\Favoris

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

C:\Program Files\PCODEC\ PRESENT !

C:\Program Files\Virus-Burst\ PRESENT !

 

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="Ma page d'accueil"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{6076d2b1-634c-4685-843b-f826045ea5dc}"="hemadynamometer"

 

[HKEY_CLASSES_ROOT\CLSID\{6076d2b1-634c-4685-843b-f826045ea5dc}\InProcServer32]

@="C:\WINDOWS\System32\syycum.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6076d2b1-634c-4685-843b-f826045ea5dc}\InProcServer32]

@="C:\WINDOWS\System32\syycum.dll"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"="MsgPlusLoader.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Lien vers le commentaire
Partager sur d’autres sites

Gazo Junior Member

Gazo

Posté(e)
  • Auteur
Posté(e)

Je sais pas si j'ai tout bien fait en attendant je n'ai plus l'icone de virusturb en bas à droite qui m'embeté.

Quand j'ai passer AVG (version francaise) le bouton equivalent à apply all actions était grisé, alors j'ai supprimé en faisant un click droit sur chaque entré.

Voici les rapports

Rapport smitfraudfix

 

SmitFraudFix v2.111

 

Rapport fait à 14:08:13,54, 20/10/2006

Executé à partir de C:\Documents and Settings\Jean-Marc\Bureau\Smitfraud\SmitfraudFix

OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT

Fix executé en mode sans echec

 

»»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{6076d2b1-634c-4685-843b-f826045ea5dc}"="hemadynamometer"

 

[HKEY_CLASSES_ROOT\CLSID\{6076d2b1-634c-4685-843b-f826045ea5dc}\InProcServer32]

@="C:\WINDOWS\System32\syycum.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{6076d2b1-634c-4685-843b-f826045ea5dc}\InProcServer32]

@="C:\WINDOWS\System32\syycum.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés

 

C:\Program Files\PCODEC\ supprimé

C:\Program Files\Virus-Burst\ supprimé

 

»»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre

 

Nettoyage terminé.

 

»»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix

!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Fin

 

Rapport hijackthis

 

Logfile of HijackThis v1.99.1

Scan saved at 09:24:25, on 21/10/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\LEXPPS.EXE

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\Norman\Npf\BIN\NPFSVICE.EXE

C:\Norman\Bin\Zanda.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\WINDOWS\System32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Norman\bin\NJEEVES.EXE

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\Norman\Nvc\bin\nvcoas.exe

C:\Norman\Nvc\BIN\nipsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Norman\bin\ZLH.EXE

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe

C:\Norman\Nvc\bin\cclaw.exe

C:\Norman\Npf\BIN\npfmsg2.exe

C:\Documents and Settings\Jean-Marc\Bureau\HijackThis.exe

C:\WINDOWS\System32\wuauclt.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O1 - Hosts: 141.225.152.142 onlineaccounts2.abbeynational.co.uk

O1 - Hosts: 141.225.152.142 www3.aibgbonline.co.uk

O1 - Hosts: 141.225.152.142 www.bank.alliance-leicester.co.uk

O1 - Hosts: 141.225.152.142 login.iblogin.com

O1 - Hosts: 141.225.152.142 ww2.bankofscotlandhalifax-online.co.uk

O1 - Hosts: 141.225.152.142 inet.barclays.co.uk

O1 - Hosts: 141.225.152.142 iibank.barclays.co.uk

O1 - Hosts: 141.225.152.142 iibank.cahoot.com

O1 - Hosts: 141.225.152.142 www3.coventrybuildingsociety.co.uk

O1 - Hosts: 141.225.152.142 ww.hsbc.co.uk

O1 - Hosts: 141.225.152.142 login.ebank.offshore.hsbc.co.je

O1 - Hosts: 141.225.152.142 ww3.online-offshore.lloydstsb.com

O1 - Hosts: 141.225.152.142 ww3.online-business.lloydstsb.co.uk

O1 - Hosts: 141.225.152.142 ww3.online.lloydstsb.co.uk

O1 - Hosts: 141.225.152.142 ww3.online.lloydstsb.co.uk

O1 - Hosts: 141.225.152.142 ww3.online-business.lloydstsb.co.uk

O1 - Hosts: 141.225.152.142 ob2.nationet.com

O1 - Hosts: 141.225.152.142 ww3.onlinebanking.natwestoffshore.com

O1 - Hosts: 141.225.152.142 ww1.nwolb.com

O1 - Hosts: 141.225.152.142 ww1.onlinebanking.iombank.com

O1 - Hosts: 141.225.152.142 ww1.www.rbsdigital.com

O1 - Hosts: 141.225.152.142 welcome.smile.co.uk

O1 - Hosts: 141.225.152.142 login.365online.com

O1 - Hosts: 141.225.152.142 wvw.citizensbankonline.com

O1 - Hosts: 141.225.152.142 esecure.regionsnet.com

O1 - Hosts: 141.225.152.142 rollb.associatedbank.com

O1 - Hosts: 141.225.152.142 upb.unionplanters.com

O1 - Hosts: 141.225.152.142 www.onlinebanking.huntington.com

O1 - Hosts: 141.225.152.142 inet.southtrustonlinebanking.com

O1 - Hosts: 141.225.152.142 logon.personal.wamu.com

O1 - Hosts: 141.225.152.142 login.compassweb.com

O1 - Hosts: 141.225.152.142 logon.firstmeritib.com

O1 - Hosts: 141.225.152.142 login.ccfcuonline.org

O1 - Hosts: 141.225.152.142 ww3.etimebanker.bankofthewest.com

O1 - Hosts: 141.225.152.142 ww2.onlinebanking.lasallebank.com

O1 - Hosts: 141.225.152.142 wvw.totallyfreebanking.com

O1 - Hosts: 141.225.152.142 www.online.wellsfargo.com

O1 - Hosts: 141.225.152.142 www.onlinebanking.bankofoklahoma.com

O1 - Hosts: 141.225.152.142 accounts4.keybank.com

O1 - Hosts: 141.225.152.142 logon.bankone.com

O1 - Hosts: 141.225.152.142 www.secure.tdbanknorth.com

O1 - Hosts: 141.225.152.142 www.secure.mvnt4.com

O1 - Hosts: 141.225.152.142 ww.mynfbonline.com

O1 - Hosts: 141.225.152.142 login.forumcuonline.com

O1 - Hosts: 141.225.152.142 www.eds.usersonlnet.com

O1 - Hosts: 141.225.152.142 www.onlineid.bankofamerica.com

O1 - Hosts: 141.225.152.142 wvw.e-gold.com

O1 - Hosts: 141.225.152.142 pcbs.peoples.com

O1 - Hosts: 141.225.152.142 www.global1.onlinebank.com

O1 - Hosts: 141.225.152.142 ww2.mybranch.lafcu.com

O1 - Hosts: 141.225.152.142 login.webbanking.comerica.com

O1 - Hosts: 141.225.152.142 web.banking.firsttennessee.com

O1 - Hosts: 141.225.152.142 logon.members1st.org

O1 - Hosts: 141.225.152.142 www.cib.ibanking-services.com

O1 - Hosts: 141.225.152.142 www.miwebbusbank.ebanking-services.com

O1 - Hosts: 141.225.152.142 wvw.paypal.com

O1 - Hosts: 141.225.152.142 www.signin.ebay.com

O1 - Hosts: 141.225.152.142 wvw.etrade.com

O1 - Hosts: 141.225.152.142 ww4.fleethomelink.fleet.com

O1 - Hosts: 141.225.152.142 ww3.connect.skyfi.com

O1 - Hosts: 141.225.152.142 www6.usbank.com

O1 - Hosts: 141.225.152.142 www.bvi.bancodevalencia.es

O1 - Hosts: 141.225.152.142 extrant.banesto.es

O1 - Hosts: 141.225.152.142 banesnt.banesto.es

O1 - Hosts: 141.225.152.142 activia.caixagalicia.es

O1 - Hosts: 141.225.152.142 www.bancae.caixapenedes.com

O1 - Hosts: 141.225.152.142 login.caixasabadell.net

O1 - Hosts: 141.225.152.142 oii.cajamadrid.es

O1 - Hosts: 141.225.152.142 login.cajamar.es

O1 - Hosts: 141.225.152.142 login.ccm.es

O1 - Hosts: 141.225.152.142 ww.unicaja.es

O1 - Hosts: 141.225.152.142 www5.bancopopular.es

O1 - Hosts: 141.225.152.142 ww3.bbvanet.com

O1 - Hosts: 141.225.152.142 ww.bayernlb.de

O1 - Hosts: 141.225.152.142 ww2.berliner-volksbank.de

O1 - Hosts: 141.225.152.142 ww7.homebanking-berlin.de

O1 - Hosts: 141.225.152.142 portal09.commerzbanking.de

O1 - Hosts: 141.225.152.142 www.meine.deutsche-bank.de

O1 - Hosts: 141.225.152.142 ww2.dresdner-privat.de

O1 - Hosts: 141.225.152.142 ww.e-banking.helaba.de

O1 - Hosts: 141.225.152.142 ww.hsh-nordbank.de

O1 - Hosts: 141.225.152.142 www.my.hypovereinsbank.de

O1 - Hosts: 141.225.152.142 ww3.homebanking-berlin.de

O1 - Hosts: 141.225.152.142 ww3.homebanking-berlin.de

O1 - Hosts: 141.225.152.142 www.banking.lbbw.de

O1 - Hosts: 141.225.152.142 lrp.sparkasse-banking.de

O1 - Hosts: 141.225.152.142 ww3.homebanking-niedersachsen.de

O1 - Hosts: 141.225.152.142 www.onlinebanking.norisbank.de

O1 - Hosts: 141.225.152.142 www.banking.postbank.de

O1 - Hosts: 141.225.152.142 wvw.internetbanking.gad.de

O1 - Hosts: 141.225.152.142 ww1.portal.izb.de

O1 - Hosts: 141.225.152.142 wvw.kunden-service.lbs.de

O1 - Hosts: 141.225.152.142 ibanking.seb.de

O1 - Hosts: 141.225.152.142 bw7.sparkasse-banking.de

O1 - Hosts: 141.225.152.142 ww2.homebanking-sparkasse.de

O1 - Hosts: 141.225.152.142 ww2.vr-networld-ebanking.de

O1 - Hosts: 141.225.152.142 ww.bics.fr

O1 - Hosts: 141.225.152.142 www.co.caixabank.fr

O1 - Hosts: 141.225.152.142 ww.creditmutuel.fr

O1 - Hosts: 141.225.152.142 internetbank.intesabci.it

O1 - Hosts: 141.225.152.142 ww.extensive.bancalombarda.it

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe

O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O15 - Trusted Zone: http://isexplw4.lille.iufm.fr

O15 - Trusted IP range: 206.161.125.149

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O20 - AppInit_DLLs: MsgPlusLoader.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: Defragmentation Management Handler (FAT Defragmentation) - Unknown owner - C:\WINDOWS\System32\dfrgfat32.exe (file missing)

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MAPI Mail Client (MAPI) - Logitech, Inc. - (no file)

O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing)

O23 - Service: Net Functions Monitoring (Netmon) - Unknown owner - C:\WINDOWS\System32\Netmon.exe (file missing)

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE

O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE

O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Print Spool Handler (Print Spooler) - Unknown owner - C:\WINDOWS\System32\spooler.exe (file missing)

O23 - Service: Service CANALPLAY - Unknown owner - C:\Documents and Settings\Jean-Marc\Bureau\loup\CanalPlayService.exe (file missing)

O23 - Service: Workstation NetLogon Service (½O.#ž‚„?õØ´â) - Unknown owner - (no file)

 

Je sais pas ce que vous pouvez faire avec çà?

J'ai pas vraiment cliquer entre flash et nouveau

Merci

Lien vers le commentaire
Partager sur d’autres sites
regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Bonjour Gazo !

 

Fais ceci STP

 

Télécharge zeb-restore ici

http://telechargement.zebulon.fr/license-1-233.html

 

Lance zeb-restore et coche ceci

Sites de confiance et sensibles

Réinitialiser Fichier Hosts

 

Puis clique sur restaurer !

 

-Maintenant Je vais te demander d'arrêter un service qui est lancé automatiquement en mode normal

 

Démarrer > Exécuter et taper Services.msc puis OK

Choisir le mode "Etendu" (onglets inférieurs)

Grâce à la barre de défilement (à droite) rechercher le service suivant:

 

Defragmentation Management Handler

 

Quand le service est trouvé, pointer dessus, double-cliquer (bouton gauche).

Dans la fenêtre suivante qui apparait, sous l'onglet Général cliquer sur le bouton Arrêter,

puis dérouler le Type de Démarrage pour le modifier en Désactivé

Cliquer sur Appliquer puis OK

 

Recommence avec ceux là :

France Telecom Routing Table Service

NetDDE Server

Net Functions Monitoring

Service CANALPLAY

Workstation NetLogon Service

 

Lancer Hijackthis, choisir Open the Misc.Tools section

la fenêtre "Configuration" va s'ouvrir

cliquer sur Delete a NT service...

la fenêtre "Delete a Windows NT service" va s'ouvrir

Entrer dans la zone de dialogue :

 

FAT Defragmentation

 

Note : assurez-vous de ne mettre d'espace, ni avant, ni après !

cliquer OK

 

Une autre fenêtre devrait s'ouvrir, donnant des informations sur le service et demandant si vous voulez re-démarrer.

Cliquer NO

 

Recommence l'opération avec ceux là :

NetDDEsrv

Netmon

½O.#ž?õØ´â

 

Ensuite refais un scan hijackthis STP

 

Et ensuite fais ceci

-Faire un scan en ligne ici et coller le rapport.

Panda si tu n'y arrives pas : tutorial

 

a plus.

Lien vers le commentaire
Partager sur d’autres sites
Gazo Junior Member

Gazo

Posté(e)
  • Auteur
Posté(e)

Tout d'abors merci à Régis, je suis toujours étonné qu'il y est des gars qui prenne du temp pour répondre a des personnes comme moi qui viennent solicité un forum le jour ou ils ont un probleme.

Ceci étant dit voici mes rapports (jai lancé hijackthis STP alors que j'avais déja lancer l'antivirus).

Je suppose que je doit cliquer sur conseil de desinfection a la suite de mon scan sur panda.

Rapport Panda

 

Incident Statut Analyse

 

Spyware:Cookie/Belnk No Désinfecté C:\Documents and Settings\Charlotte\Cookies\charlotte@belnk[1].txt

Spyware:Cookie/Belnk No Désinfecté C:\Documents and Settings\Charlotte\Cookies\[email protected][2].txt

Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\Charlotte\Cookies\[email protected][2].txt

Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Charlotte\Cookies\charlotte@xiti[1].txt

Spyware:Cookie/Apmebf No Désinfecté C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies-1.txt[.apmebf.com/]

Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt[.xiti.com/]

Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt[.2o7.net/]

Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt[.adtech.de/]

Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt[.doubleclick.net/]

Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt[.tradedoubler.com/]

Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt[.bluestreak.com/]

Spyware:Cookie/Comclick No Désinfecté C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt[fl01.ct2.comclick.com/]

Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt[.advertising.com/]

Spyware:Cookie/Serving-sys No Désinfecté C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt[.serving-sys.com/]

Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt[.atdmt.com/]

Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt[.weborama.fr/]

Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Jean-Marc\Application Data\Thunderbird\Profiles\6qmfuy48.Utilisateur par défaut\Mail\Local Folders\Inbox.sbd\ULM[smitfraudFix.zip][smitfraudFix/Process.exe]

Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Jean-Marc\Application Data\Thunderbird\Profiles\6qmfuy48.Utilisateur par défaut\Mail\Local Folders\Trash[smitfraudFix.zip][smitfraudFix/Process.exe]

Spyware:Cookie/Maxserving No Désinfecté C:\Documents and Settings\Jean-Marc\Bureau\Coreal\Documents and Settings\COQUELET\Cookies\coquelet@maxserving[2].txt

Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Jean-Marc\Bureau\Coreal\Documents and Settings\COQUELET\Cookies\coquelet@xiti[1].txt

Adware:Adware/IntCodec No Désinfecté C:\Documents and Settings\Jean-Marc\Bureau\intcodec-v6.388.exe

Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Jean-Marc\Bureau\Smitfraud\SmitfraudFix\Process.exe

Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Jean-Marc\Bureau\Smitfraud\SmitfraudFix.zip[smitfraudFix/Process.exe]

Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Jean-Marc\Cookies\jean-marc@2o7[1].txt

Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Jean-Marc\Cookies\jean-marc@atdmt[1].txt

Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Jean-Marc\Cookies\jean-marc@weborama[2].txt

Outil indésirable:Application/KillApp.B No Désinfecté C:\EasyDivX\softs\ck.exe

Dialer:dialer.baj No Désinfecté C:\eied_s7.cab

Virus:Trj/Downloader.DSJ Désinfecté C:\WINDOWS\a776a8.js

Adware:Adware/SAHAgent No Désinfecté C:\WINDOWS\Downloaded Program Files\setup4002b.cab

Adware:adware/searchaid No Désinfecté C:\WINDOWS\n_zbozyx.dat

Adware:Adware/MediaTickets No Désinfecté C:\WINDOWS\r.bat

Adware:Adware/StatBlaster No Désinfecté C:\WINDOWS\system32\O

Adware:Adware/StatBlaster No Désinfecté C:\WINDOWS\system32\O.BAT

Adware:Adware/MediaTickets No Désinfecté C:\WINDOWS\t.bat

Spyware:spyware/media-motor No Désinfecté C:\WINDOWS\ubber60.ini

 

 

Je doit quand meme dire que j'ai laissé mon ordi pendant 3 semaines a un jeuns , il a télécharger tout un tas de truc genre emule et compagnie.Je me demande si des fois mes problemes viendrait pas de la.

Lien vers le commentaire
Partager sur d’autres sites
regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Bonjour Gazo !

 

Continu comme ceci STP

 

 

Télécharge AVG Anti-Spyware

  1. Lance AVG Anti-Spyware et clique sur le bouton Update (barre d'outils - au haut). Sous Manual Update clique Start update.
     
  2. Tu verras ceci juste au bas, lorsque la mise à jour sera complétée : "Update successful"
     
  3. Ferme AVG Anti-Spyware. Ne pas le lancer tout de suite.

Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

  • Du mode Sans Échec, lance AVG Anti-Spyware et clique sur le bouton Scanner (de la barre d'outils) et ensuite clique sur Complete System Scan. Le scan prendra un certain temps, donc sois patient.
     
  • AVG Anti-Spyware affichera une liste des fichiers détectés, sur la gauche. En fin de scan, l'outil appliquera les "Actions" à appliquer automatiquement. Clique sur le bouton Apply all actions. AVG Anti-Spyware affichera "All actions have been applied" du côté droit.
     
  • Clique sur "Save Report", puis "Save Report As". Ceci génère un rapport en fichier texte. Assure-toi de le sauvegarder dans un endroit sûr (sur ton Bureau, par exemple).
     
  • Redémarre ton ordi en mode Normal.

.

 

Je te fais passer un autre outil :

 

Télécharge Blacklight (de F-Secure) et sauvegarde le sur ton Bureau.

 

Double-clique blbeta.exe et accepte la licence; laisse [X]scan through Windows Explorer activé; clique Scan puis Next

 

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport, sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

 

Copie et colle le contenu de ce rapport dans ta prochaine réponse. NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Prière de poster les rapports suivant dans ta prochaine réponse :

 

1) AVG Anti-Spyware

2) BlackLight

3) Nouveau rapport HijackThis!

 

Bon courage, et @+

Lien vers le commentaire
Partager sur d’autres sites
Gazo Junior Member

Gazo

Posté(e)
  • Auteur
Posté(e)

Rapport bliklight

 

10/24/06 13:40:02 [info]: BlackLight Engine 1.0.47 initialized

10/24/06 13:40:02 [info]: OS: 5.1 build 2600 (Service Pack 1)

10/24/06 13:40:03 [Note]: 7019 4

10/24/06 13:40:03 [Note]: 7005 0

10/24/06 13:40:08 [Note]: 7006 0

10/24/06 13:40:08 [Note]: 7011 2708

10/24/06 13:40:08 [Note]: 7026 0

10/24/06 13:40:09 [Note]: 7026 0

10/24/06 13:41:03 [Note]: FSRAW library version 1.7.1020

10/24/06 13:41:04 [Note]: 4000 5

10/24/06 13:41:04 [Note]: 4005 5

10/24/06 13:41:05 [Note]: 4000 5

10/24/06 13:41:05 [Note]: 4005 5

10/24/06 13:41:05 [Note]: 4000 5

10/24/06 13:41:05 [Note]: 4005 5

10/24/06 13:41:06 [Note]: 4000 5

10/24/06 13:41:06 [Note]: 4005 5

10/24/06 13:41:07 [Note]: 4000 5

10/24/06 13:41:07 [Note]: 4005 5

10/24/06 13:41:08 [Note]: 4000 5

10/24/06 13:41:08 [Note]: 4005 5

10/24/06 13:41:08 [Note]: 4000 5

10/24/06 13:41:08 [Note]: 4005 5

10/24/06 13:41:09 [Note]: 4000 5

10/24/06 13:41:09 [Note]: 4005 5

10/24/06 13:41:11 [Note]: 4000 5

10/24/06 13:41:11 [Note]: 4005 5

10/24/06 13:41:11 [Note]: 4000 5

10/24/06 13:41:11 [Note]: 4005 5

10/24/06 13:41:12 [Note]: 4000 5

10/24/06 13:41:12 [Note]: 4005 5

10/24/06 13:41:13 [Note]: 4000 5

10/24/06 13:41:13 [Note]: 4005 5

10/24/06 13:41:14 [Note]: 4000 5

10/24/06 13:41:14 [Note]: 4005 5

10/24/06 13:41:15 [Note]: 4000 5

10/24/06 13:41:15 [Note]: 4005 5

10/24/06 13:41:17 [Note]: 4000 5

10/24/06 13:41:17 [Note]: 4005 5

10/24/06 13:41:17 [Note]: 4000 5

10/24/06 13:41:17 [Note]: 4005 5

10/24/06 13:41:17 [Note]: 4000 5

10/24/06 13:41:17 [Note]: 4005 5

10/24/06 13:41:20 [Note]: 4000 5

10/24/06 13:41:20 [Note]: 4005 5

10/24/06 13:41:21 [Note]: 4000 5

10/24/06 13:41:21 [Note]: 4005 5

10/24/06 13:41:21 [Note]: 4000 5

10/24/06 13:41:21 [Note]: 4005 5

10/24/06 13:41:22 [Note]: 4000 5

10/24/06 13:41:22 [Note]: 4005 5

10/24/06 13:41:23 [Note]: 4000 5

10/24/06 13:41:23 [Note]: 4005 5

10/24/06 13:41:23 [Note]: 4000 5

10/24/06 13:41:23 [Note]: 4005 5

10/24/06 13:41:24 [Note]: 4000 5

10/24/06 13:41:24 [Note]: 4005 5

10/24/06 13:41:25 [Note]: 4000 5

10/24/06 13:41:25 [Note]: 4005 5

10/24/06 13:41:26 [Note]: 4000 5

10/24/06 13:41:26 [Note]: 4005 5

10/24/06 13:41:28 [Note]: 4000 5

10/24/06 13:41:28 [Note]: 4005 5

10/24/06 13:41:29 [Note]: 4000 5

10/24/06 13:41:29 [Note]: 4005 5

10/24/06 13:41:29 [Note]: 4000 5

10/24/06 13:41:29 [Note]: 4005 5

10/24/06 13:41:30 [Note]: 4000 5

10/24/06 13:41:30 [Note]: 4005 5

10/24/06 13:41:31 [Note]: 4000 5

10/24/06 13:41:31 [Note]: 4005 5

10/24/06 13:41:31 [Note]: 4000 5

10/24/06 13:41:31 [Note]: 4005 5

10/24/06 13:41:33 [Note]: 4000 5

10/24/06 13:41:33 [Note]: 4005 5

10/24/06 13:41:33 [Note]: 4000 5

10/24/06 13:41:33 [Note]: 4005 5

10/24/06 13:41:34 [Note]: 4000 5

10/24/06 13:41:34 [Note]: 4005 5

10/24/06 13:41:35 [Note]: 4000 5

10/24/06 13:41:35 [Note]: 4005 5

10/24/06 13:41:35 [Note]: 4000 5

10/24/06 13:41:35 [Note]: 4005 5

10/24/06 13:41:36 [Note]: 4000 5

10/24/06 13:41:36 [Note]: 4005 5

10/24/06 13:41:37 [Note]: 4000 5

10/24/06 13:41:37 [Note]: 4005 5

10/24/06 13:41:38 [Note]: 4000 5

10/24/06 13:41:38 [Note]: 4005 5

10/24/06 13:41:39 [Note]: 4000 5

10/24/06 13:41:39 [Note]: 4005 5

10/24/06 13:41:40 [Note]: 4000 5

10/24/06 13:41:40 [Note]: 4005 5

10/24/06 13:41:42 [Note]: 4000 5

10/24/06 13:41:42 [Note]: 4005 5

10/24/06 13:41:42 [Note]: 4000 5

10/24/06 13:41:42 [Note]: 4005 5

10/24/06 13:41:43 [Note]: 4000 5

10/24/06 13:41:43 [Note]: 4005 5

10/24/06 13:41:44 [Note]: 4000 5

10/24/06 13:41:44 [Note]: 4005 5

10/24/06 13:41:45 [Note]: 4000 5

10/24/06 13:41:45 [Note]: 4005 5

10/24/06 13:41:45 [Note]: 4000 5

10/24/06 13:41:45 [Note]: 4005 5

10/24/06 13:41:46 [Note]: 4000 5

10/24/06 13:41:46 [Note]: 4005 5

10/24/06 13:41:47 [Note]: 4000 5

10/24/06 13:41:47 [Note]: 4005 5

10/24/06 13:41:48 [Note]: 4000 5

10/24/06 13:41:48 [Note]: 4005 5

10/24/06 13:41:49 [Note]: 4000 5

10/24/06 13:41:49 [Note]: 4005 5

10/24/06 13:41:51 [Note]: 4000 5

10/24/06 13:41:51 [Note]: 4005 5

10/24/06 13:41:52 [Note]: 4000 5

10/24/06 13:41:52 [Note]: 4005 5

10/24/06 13:41:54 [Note]: 4000 5

10/24/06 13:41:54 [Note]: 4005 5

10/24/06 13:41:55 [Note]: 4000 5

10/24/06 13:41:55 [Note]: 4005 5

10/24/06 13:41:57 [Note]: 4000 5

10/24/06 13:41:57 [Note]: 4005 5

10/24/06 13:41:58 [Note]: 4000 5

10/24/06 13:41:58 [Note]: 4005 5

10/24/06 13:42:00 [Note]: 4000 5

10/24/06 13:42:00 [Note]: 4005 5

10/24/06 13:42:02 [Note]: 4000 5

10/24/06 13:42:02 [Note]: 4005 5

10/24/06 13:42:04 [Note]: 4000 5

10/24/06 13:42:04 [Note]: 4005 5

10/24/06 13:42:06 [Note]: 4000 5

10/24/06 13:42:06 [Note]: 4005 5

10/24/06 13:42:07 [Note]: 4000 5

10/24/06 13:42:07 [Note]: 4005 5

10/24/06 13:42:09 [Note]: 4000 5

10/24/06 13:42:09 [Note]: 4005 5

10/24/06 13:42:10 [Note]: 4000 5

10/24/06 13:42:10 [Note]: 4005 5

10/24/06 13:42:12 [Note]: 4000 5

10/24/06 13:42:12 [Note]: 4005 5

10/24/06 13:42:13 [Note]: 4000 5

10/24/06 13:42:13 [Note]: 4005 5

10/24/06 13:42:15 [Note]: 4000 5

10/24/06 13:42:15 [Note]: 4005 5

10/24/06 13:42:17 [Note]: 4000 5

10/24/06 13:42:17 [Note]: 4005 5

10/24/06 13:42:19 [Note]: 4000 5

10/24/06 13:42:19 [Note]: 4005 5

10/24/06 13:42:21 [Note]: 4000 5

10/24/06 13:42:21 [Note]: 4005 5

10/24/06 13:42:22 [Note]: 4000 5

10/24/06 13:42:22 [Note]: 4005 5

10/24/06 13:42:24 [Note]: 4000 5

10/24/06 13:42:24 [Note]: 4005 5

10/24/06 13:42:25 [Note]: 4000 5

10/24/06 13:42:25 [Note]: 4005 5

10/24/06 13:42:27 [Note]: 4000 5

10/24/06 13:42:27 [Note]: 4005 5

10/24/06 13:42:28 [Note]: 4000 5

10/24/06 13:42:28 [Note]: 4005 5

10/24/06 13:42:30 [Note]: 4000 5

10/24/06 13:42:30 [Note]: 4005 5

10/24/06 13:42:33 [Note]: 4000 5

10/24/06 13:42:33 [Note]: 4005 5

10/24/06 13:42:34 [Note]: 4000 5

10/24/06 13:42:34 [Note]: 4005 5

10/24/06 13:42:36 [Note]: 4000 5

10/24/06 13:42:36 [Note]: 4005 5

10/24/06 13:42:38 [Note]: 4000 5

10/24/06 13:42:38 [Note]: 4005 5

10/24/06 13:42:39 [Note]: 4000 5

10/24/06 13:42:39 [Note]: 4005 5

10/24/06 13:42:41 [Note]: 4000 5

10/24/06 13:42:41 [Note]: 4005 5

10/24/06 13:42:42 [Note]: 4000 5

10/24/06 13:42:42 [Note]: 4005 5

10/24/06 13:42:44 [Note]: 4000 5

10/24/06 13:42:44 [Note]: 4005 5

10/24/06 13:42:45 [Note]: 4000 5

10/24/06 13:42:45 [Note]: 4005 5

10/24/06 13:42:47 [Note]: 4000 5

10/24/06 13:42:47 [Note]: 4005 5

10/24/06 13:42:49 [Note]: 4000 5

10/24/06 13:42:49 [Note]: 4005 5

10/24/06 13:42:51 [Note]: 4000 5

10/24/06 13:42:51 [Note]: 4005 5

10/24/06 13:42:52 [Note]: 4000 5

10/24/06 13:42:52 [Note]: 4005 5

10/24/06 13:42:54 [Note]: 4000 5

10/24/06 13:42:54 [Note]: 4005 5

10/24/06 13:42:55 [Note]: 4000 5

10/24/06 13:42:55 [Note]: 4005 5

10/24/06 13:42:57 [Note]: 4000 5

10/24/06 13:42:57 [Note]: 4005 5

10/24/06 13:42:59 [Note]: 4000 5

10/24/06 13:42:59 [Note]: 4005 5

10/24/06 13:43:00 [Note]: 4000 5

10/24/06 13:43:00 [Note]: 4005 5

10/24/06 13:43:02 [Note]: 4000 5

10/24/06 13:43:02 [Note]: 4005 5

10/24/06 13:43:04 [Note]: 4000 5

10/24/06 13:43:04 [Note]: 4005 5

10/24/06 13:43:06 [Note]: 4000 5

10/24/06 13:43:06 [Note]: 4005 5

10/24/06 13:43:07 [Note]: 4000 5

10/24/06 13:43:07 [Note]: 4005 5

10/24/06 13:43:09 [Note]: 4000 5

10/24/06 13:43:09 [Note]: 4005 5

10/24/06 13:43:11 [Note]: 4000 5

10/24/06 13:43:11 [Note]: 4005 5

10/24/06 13:43:13 [Note]: 4000 5

10/24/06 13:43:13 [Note]: 4005 5

10/24/06 13:43:15 [Note]: 4000 5

10/24/06 13:43:15 [Note]: 4005 5

10/24/06 13:43:16 [Note]: 4000 5

10/24/06 13:43:16 [Note]: 4005 5

10/24/06 13:43:18 [Note]: 4000 5

10/24/06 13:43:18 [Note]: 4005 5

10/24/06 13:43:20 [Note]: 4000 5

10/24/06 13:43:20 [Note]: 4005 5

10/24/06 13:43:22 [Note]: 4000 5

10/24/06 13:43:22 [Note]: 4005 5

10/24/06 13:43:23 [Note]: 4000 5

10/24/06 13:43:23 [Note]: 4005 5

10/24/06 13:43:25 [Note]: 4000 5

10/24/06 13:43:25 [Note]: 4005 5

10/24/06 13:43:27 [Note]: 4000 5

10/24/06 13:43:27 [Note]: 4005 5

10/24/06 13:43:29 [Note]: 4000 5

10/24/06 13:43:29 [Note]: 4005 5

10/24/06 13:43:31 [Note]: 4000 5

10/24/06 13:43:31 [Note]: 4005 5

10/24/06 13:43:33 [Note]: 4000 5

10/24/06 13:43:33 [Note]: 4005 5

10/24/06 13:43:35 [Note]: 4000 5

10/24/06 13:43:35 [Note]: 4005 5

10/24/06 13:43:37 [Note]: 4000 5

10/24/06 13:43:37 [Note]: 4005 5

10/24/06 13:43:38 [Note]: 4000 5

10/24/06 13:43:38 [Note]: 4005 5

10/24/06 13:43:40 [Note]: 4000 5

10/24/06 13:43:40 [Note]: 4005 5

10/24/06 13:43:41 [Note]: 4000 5

10/24/06 13:43:41 [Note]: 4005 5

10/24/06 13:43:43 [Note]: 4000 5

10/24/06 13:43:43 [Note]: 4005 5

10/24/06 13:43:44 [Note]: 4000 5

10/24/06 13:43:44 [Note]: 4005 5

10/24/06 13:43:46 [Note]: 4000 5

10/24/06 13:43:46 [Note]: 4005 5

10/24/06 13:43:48 [Note]: 4000 5

10/24/06 13:43:48 [Note]: 4005 5

10/24/06 13:43:49 [Note]: 4000 5

10/24/06 13:43:49 [Note]: 4005 5

10/24/06 13:43:51 [Note]: 4000 5

10/24/06 13:43:51 [Note]: 4005 5

10/24/06 13:43:53 [Note]: 4000 5

10/24/06 13:43:53 [Note]: 4005 5

10/24/06 13:43:54 [Note]: 4000 5

10/24/06 13:43:54 [Note]: 4005 5

10/24/06 13:43:56 [Note]: 4000 5

10/24/06 13:43:56 [Note]: 4005 5

10/24/06 13:43:58 [Note]: 4000 5

10/24/06 13:43:58 [Note]: 4005 5

10/24/06 13:43:59 [Note]: 4000 5

10/24/06 13:43:59 [Note]: 4005 5

10/24/06 13:44:01 [Note]: 4000 5

10/24/06 13:44:01 [Note]: 4005 5

10/24/06 13:44:02 [Note]: 4000 5

10/24/06 13:44:02 [Note]: 4005 5

10/24/06 13:44:03 [Note]: 4000 5

10/24/06 13:44:03 [Note]: 4005 5

10/24/06 13:44:04 [Note]: 4000 5

10/24/06 13:44:04 [Note]: 4005 5

10/24/06 13:44:05 [Note]: 4000 5

10/24/06 13:44:05 [Note]: 4005 5

10/24/06 13:44:06 [Note]: 4000 5

10/24/06 13:44:06 [Note]: 4005 5

10/24/06 13:44:07 [Note]: 4000 5

10/24/06 13:44:07 [Note]: 4005 5

10/24/06 13:44:08 [Note]: 4000 5

10/24/06 13:44:08 [Note]: 4005 5

10/24/06 13:44:09 [Note]: 4000 5

10/24/06 13:44:09 [Note]: 4005 5

10/24/06 13:44:12 [Note]: 4000 5

10/24/06 13:44:12 [Note]: 4005 5

10/24/06 13:44:14 [Note]: 4000 5

10/24/06 13:44:14 [Note]: 4005 5

10/24/06 13:44:17 [Note]: 4000 5

10/24/06 13:44:17 [Note]: 4005 5

10/24/06 13:44:18 [Note]: 4000 5

10/24/06 13:44:18 [Note]: 4005 5

10/24/06 13:44:19 [Note]: 4000 5

10/24/06 13:44:19 [Note]: 4005 5

10/24/06 13:44:20 [Note]: 4000 5

10/24/06 13:44:20 [Note]: 4005 5

10/24/06 13:44:21 [Note]: 4000 5

10/24/06 13:44:21 [Note]: 4005 5

10/24/06 13:44:23 [Note]: 4000 5

10/24/06 13:44:23 [Note]: 4005 5

10/24/06 13:44:24 [Note]: 4000 5

10/24/06 13:44:24 [Note]: 4005 5

10/24/06 13:44:25 [Note]: 4000 5

10/24/06 13:44:25 [Note]: 4005 5

10/24/06 13:44:26 [Note]: 4000 5

10/24/06 13:44:26 [Note]: 4005 5

10/24/06 13:44:28 [Note]: 4000 5

10/24/06 13:44:28 [Note]: 4005 5

10/24/06 13:44:29 [Note]: 4000 5

10/24/06 13:44:29 [Note]: 4005 5

10/24/06 13:44:30 [Note]: 4000 5

10/24/06 13:44:30 [Note]: 4005 5

10/24/06 13:44:32 [Note]: 4000 5

10/24/06 13:44:32 [Note]: 4005 5

10/24/06 13:44:34 [Note]: 4000 5

10/24/06 13:44:34 [Note]: 4005 5

10/24/06 13:44:36 [Note]: 4000 5

10/24/06 13:44:36 [Note]: 4005 5

10/24/06 13:44:38 [Note]: 4000 5

10/24/06 13:44:38 [Note]: 4005 5

10/24/06 13:44:40 [Note]: 4000 5

10/24/06 13:44:40 [Note]: 4005 5

10/24/06 13:44:42 [Note]: 4000 5

10/24/06 13:44:42 [Note]: 4005 5

10/24/06 13:44:44 [Note]: 4000 5

10/24/06 13:44:44 [Note]: 4005 5

10/24/06 13:44:46 [Note]: 4000 5

10/24/06 13:44:46 [Note]: 4005 5

10/24/06 13:44:48 [Note]: 4000 5

10/24/06 13:44:48 [Note]: 4005 5

10/24/06 13:44:50 [Note]: 4000 5

10/24/06 13:44:50 [Note]: 4005 5

10/24/06 13:44:52 [Note]: 4000 5

10/24/06 13:44:52 [Note]: 4005 5

10/24/06 13:44:53 [Note]: 4000 5

10/24/06 13:44:53 [Note]: 4005 5

10/24/06 13:44:55 [Note]: 4000 5

10/24/06 13:44:55 [Note]: 4005 5

10/24/06 13:44:57 [Note]: 4000 5

10/24/06 13:44:57 [Note]: 4005 5

10/24/06 13:44:59 [Note]: 4000 5

10/24/06 13:44:59 [Note]: 4005 5

10/24/06 13:45:00 [Note]: 4000 5

10/24/06 13:45:00 [Note]: 4005 5

10/24/06 13:45:02 [Note]: 4000 5

10/24/06 13:45:02 [Note]: 4005 5

10/24/06 13:45:03 [Note]: 4000 5

10/24/06 13:45:03 [Note]: 4005 5

10/24/06 13:45:05 [Note]: 4000 5

10/24/06 13:45:05 [Note]: 4005 5

10/24/06 13:45:07 [Note]: 4000 5

10/24/06 13:45:07 [Note]: 4005 5

10/24/06 13:45:09 [Note]: 4000 5

10/24/06 13:45:09 [Note]: 4005 5

10/24/06 13:45:11 [Note]: 4000 5

10/24/06 13:45:11 [Note]: 4005 5

10/24/06 13:45:12 [Note]: 4000 5

10/24/06 13:45:12 [Note]: 4005 5

10/24/06 13:45:14 [Note]: 4000 5

10/24/06 13:45:14 [Note]: 4005 5

10/24/06 13:45:16 [Note]: 4000 5

10/24/06 13:45:16 [Note]: 4005 5

10/24/06 13:45:17 [Note]: 4000 5

10/24/06 13:45:17 [Note]: 4005 5

10/24/06 13:45:19 [Note]: 4000 5

10/24/06 13:45:19 [Note]: 4005 5

10/24/06 13:45:21 [Note]: 4000 5

10/24/06 13:45:21 [Note]: 4005 5

10/24/06 13:45:22 [Note]: 4000 5

10/24/06 13:45:22 [Note]: 4005 5

10/24/06 13:45:23 [Note]: 4000 5

10/24/06 13:45:23 [Note]: 4005 5

10/24/06 13:45:24 [Note]: 4000 5

10/24/06 13:45:24 [Note]: 4005 5

10/24/06 13:45:25 [Note]: 4000 5

10/24/06 13:45:25 [Note]: 4005 5

10/24/06 13:45:26 [Note]: 4000 5

10/24/06 13:45:26 [Note]: 4005 5

10/24/06 13:45:27 [Note]: 4000 5

10/24/06 13:45:27 [Note]: 4005 5

10/24/06 13:45:27 [Note]: 4000 5

10/24/06 13:45:27 [Note]: 4005 5

10/24/06 13:45:29 [Note]: 4000 5

10/24/06 13:45:29 [Note]: 4005 5

10/24/06 13:45:29 [Note]: 4000 5

10/24/06 13:45:29 [Note]: 4005 5

10/24/06 13:45:31 [Note]: 4000 5

10/24/06 13:45:31 [Note]: 4005 5

10/24/06 13:45:32 [Note]: 4000 5

10/24/06 13:45:32 [Note]: 4005 5

10/24/06 13:45:33 [Note]: 4000 5

10/24/06 13:45:33 [Note]: 4005 5

10/24/06 13:45:34 [Note]: 4000 5

10/24/06 13:45:34 [Note]: 4005 5

10/24/06 13:45:35 [Note]: 4000 5

10/24/06 13:45:35 [Note]: 4005 5

10/24/06 13:45:36 [Note]: 4000 5

10/24/06 13:45:36 [Note]: 4005 5

10/24/06 13:45:37 [Note]: 4000 5

10/24/06 13:45:37 [Note]: 4005 5

10/24/06 13:45:38 [Note]: 4000 5

10/24/06 13:45:38 [Note]: 4005 5

10/24/06 13:45:39 [Note]: 4000 5

10/24/06 13:45:39 [Note]: 4005 5

10/24/06 13:45:41 [Note]: 4000 5

10/24/06 13:45:41 [Note]: 4005 5

10/24/06 13:45:43 [Note]: 4000 5

10/24/06 13:45:43 [Note]: 4005 5

10/24/06 13:45:45 [Note]: 4000 5

10/24/06 13:45:45 [Note]: 4005 5

10/24/06 13:45:46 [Note]: 4000 5

10/24/06 13:45:46 [Note]: 4005 5

10/24/06 13:45:48 [Note]: 4000 5

10/24/06 13:45:48 [Note]: 4005 5

10/24/06 13:45:50 [Note]: 4000 5

10/24/06 13:45:50 [Note]: 4005 5

10/24/06 13:45:52 [Note]: 4000 5

10/24/06 13:45:52 [Note]: 4005 5

10/24/06 13:45:54 [Note]: 4000 5

10/24/06 13:45:54 [Note]: 4005 5

10/24/06 13:45:55 [Note]: 4000 5

10/24/06 13:45:55 [Note]: 4005 5

10/24/06 13:45:56 [Note]: 4000 5

10/24/06 13:45:56 [Note]: 4005 5

10/24/06 13:45:58 [Note]: 4000 5

10/24/06 13:45:58 [Note]: 4005 5

10/24/06 13:45:59 [Note]: 4000 5

10/24/06 13:45:59 [Note]: 4005 5

10/24/06 13:46:00 [Note]: 4000 5

10/24/06 13:46:00 [Note]: 4005 5

10/24/06 13:46:02 [Note]: 4000 5

10/24/06 13:46:02 [Note]: 4005 5

10/24/06 13:46:04 [Note]: 4000 5

10/24/06 13:46:04 [Note]: 4005 5

10/24/06 13:46:06 [Note]: 4000 5

10/24/06 13:46:06 [Note]: 4005 5

10/24/06 13:46:08 [Note]: 4000 5

10/24/06 13:46:08 [Note]: 4005 5

10/24/06 13:46:10 [Note]: 4000 5

10/24/06 13:46:10 [Note]: 4005 5

10/24/06 13:46:10 [Note]: 4000 5

10/24/06 13:46:10 [Note]: 4005 5

10/24/06 13:46:12 [Note]: 4000 5

10/24/06 13:46:12 [Note]: 4005 5

10/24/06 13:46:13 [Note]: 4000 5

10/24/06 13:46:13 [Note]: 4005 5

10/24/06 13:46:15 [Note]: 4000 5

10/24/06 13:46:15 [Note]: 4005 5

10/24/06 13:46:16 [Note]: 4000 5

10/24/06 13:46:16 [Note]: 4005 5

10/24/06 13:46:18 [Note]: 4000 5

10/24/06 13:46:18 [Note]: 4005 5

10/24/06 13:46:20 [Note]: 4000 5

10/24/06 13:46:20 [Note]: 4005 5

10/24/06 13:46:22 [Note]: 4000 5

10/24/06 13:46:22 [Note]: 4005 5

10/24/06 13:46:24 [Note]: 4000 5

10/24/06 13:46:24 [Note]: 4005 5

10/24/06 13:46:26 [Note]: 4000 5

10/24/06 13:46:26 [Note]: 4005 5

10/24/06 13:46:28 [Note]: 4000 5

10/24/06 13:46:28 [Note]: 4005 5

10/24/06 13:46:29 [Note]: 4000 5

10/24/06 13:46:29 [Note]: 4005 5

10/24/06 13:46:29 [Note]: 4000 5

10/24/06 13:46:29 [Note]: 4005 5

10/24/06 13:46:33 [Note]: 4000 5

10/24/06 13:46:33 [Note]: 4005 5

10/24/06 13:46:34 [Note]: 4000 5

10/24/06 13:46:34 [Note]: 4005 5

10/24/06 13:46:36 [Note]: 4000 5

10/24/06 13:46:36 [Note]: 4005 5

10/24/06 13:46:37 [Note]: 4000 5

10/24/06 13:46:37 [Note]: 4005 5

10/24/06 13:46:39 [Note]: 4000 5

10/24/06 13:46:39 [Note]: 4005 5

10/24/06 13:46:41 [Note]: 4000 5

10/24/06 13:46:41 [Note]: 4005 5

10/24/06 13:46:43 [Note]: 4000 5

10/24/06 13:46:43 [Note]: 4005 5

10/24/06 13:46:45 [Note]: 4000 5

10/24/06 13:46:45 [Note]: 4005 5

10/24/06 13:46:48 [Note]: 4000 5

10/24/06 13:46:48 [Note]: 4005 5

10/24/06 13:46:50 [Note]: 4000 5

10/24/06 13:46:50 [Note]: 4005 5

10/24/06 13:46:52 [Note]: 4000 5

10/24/06 13:46:52 [Note]: 4005 5

10/24/06 13:46:54 [Note]: 4000 5

10/24/06 13:46:54 [Note]: 4005 5

10/24/06 13:46:57 [Note]: 4000 5

10/24/06 13:46:57 [Note]: 4005 5

10/24/06 13:46:58 [Note]: 4000 5

10/24/06 13:46:58 [Note]: 4005 5

10/24/06 13:47:01 [Note]: 4000 5

10/24/06 13:47:01 [Note]: 4005 5

10/24/06 13:47:03 [Note]: 4000 5

10/24/06 13:47:03 [Note]: 4005 5

10/24/06 13:47:05 [Note]: 4000 5

10/24/06 13:47:05 [Note]: 4005 5

10/24/06 13:47:07 [Note]: 4000 5

10/24/06 13:47:07 [Note]: 4005 5

10/24/06 13:47:10 [Note]: 4000 5

10/24/06 13:47:10 [Note]: 4005 5

10/24/06 13:47:12 [Note]: 4000 5

10/24/06 13:47:12 [Note]: 4005 5

10/24/06 13:47:14 [Note]: 4000 5

10/24/06 13:47:14 [Note]: 4005 5

10/24/06 13:47:16 [Note]: 4000 5

10/24/06 13:47:16 [Note]: 4005 5

10/24/06 13:47:18 [Note]: 4000 5

10/24/06 13:47:18 [Note]: 4005 5

10/24/06 13:47:21 [Note]: 4000 5

10/24/06 13:47:21 [Note]: 4005 5

10/24/06 13:47:23 [Note]: 4000 5

10/24/06 13:47:23 [Note]: 4005 5

10/24/06 13:47:25 [Note]: 4000 5

10/24/06 13:47:25 [Note]: 4005 5

10/24/06 13:47:27 [Note]: 4000 5

10/24/06 13:47:27 [Note]: 4005 5

10/24/06 13:47:29 [Note]: 4000 5

10/24/06 13:47:29 [Note]: 4005 5

10/24/06 13:47:31 [Note]: 4000 5

10/24/06 13:47:31 [Note]: 4005 5

10/24/06 13:47:35 [Note]: 4000 5

10/24/06 13:47:35 [Note]: 4005 5

10/24/06 13:47:37 [Note]: 4000 5

10/24/06 13:47:37 [Note]: 4005 5

10/24/06 13:47:39 [Note]: 4000 5

10/24/06 13:47:39 [Note]: 4005 5

10/24/06 13:47:42 [Note]: 4000 5

10/24/06 13:47:42 [Note]: 4005 5

10/24/06 13:47:44 [Note]: 4000 5

10/24/06 13:47:44 [Note]: 4005 5

10/24/06 13:47:46 [Note]: 4000 5

10/24/06 13:47:46 [Note]: 4005 5

10/24/06 13:47:48 [Note]: 4000 5

10/24/06 13:47:48 [Note]: 4005 5

10/24/06 13:47:50 [Note]: 4000 5

10/24/06 13:47:50 [Note]: 4005 5

10/24/06 13:47:52 [Note]: 4000 5

10/24/06 13:47:52 [Note]: 4005 5

10/24/06 13:47:54 [Note]: 4000 5

10/24/06 13:47:54 [Note]: 4005 5

10/24/06 13:47:56 [Note]: 4000 5

10/24/06 13:47:56 [Note]: 4005 5

10/24/06 13:47:57 [Note]: 4000 5

10/24/06 13:47:57 [Note]: 4005 5

10/24/06 13:47:59 [Note]: 4000 5

10/24/06 13:47:59 [Note]: 4005 5

10/24/06 13:48:01 [Note]: 4000 5

10/24/06 13:48:01 [Note]: 4005 5

10/24/06 13:48:03 [Note]: 4000 5

10/24/06 13:48:03 [Note]: 4005 5

10/24/06 13:48:05 [Note]: 4000 5

10/24/06 13:48:05 [Note]: 4005 5

10/24/06 13:48:06 [Note]: 4000 5

10/24/06 13:48:06 [Note]: 4005 5

10/24/06 13:48:08 [Note]: 4000 5

10/24/06 13:48:08 [Note]: 4005 5

10/24/06 13:48:10 [Note]: 4000 5

10/24/06 13:48:10 [Note]: 4005 5

10/24/06 13:48:11 [Note]: 4000 5

10/24/06 13:48:11 [Note]: 4005 5

10/24/06 13:48:13 [Note]: 4000 5

10/24/06 13:48:13 [Note]: 4005 5

10/24/06 13:48:15 [Note]: 4000 5

10/24/06 13:48:15 [Note]: 4005 5

10/24/06 13:48:16 [Note]: 4000 5

10/24/06 13:48:16 [Note]: 4005 5

10/24/06 13:48:18 [Note]: 4000 5

10/24/06 13:48:18 [Note]: 4005 5

10/24/06 13:48:21 [Note]: 4000 5

10/24/06 13:48:21 [Note]: 4005 5

10/24/06 13:48:26 [Note]: 4000 5

10/24/06 13:48:26 [Note]: 4005 5

10/24/06 13:48:29 [Note]: 4000 5

10/24/06 13:48:29 [Note]: 4005 5

10/24/06 13:48:40 [Note]: 4000 5

10/24/06 13:48:40 [Note]: 4005 5

10/24/06 13:48:42 [Note]: 4000 5

10/24/06 13:48:42 [Note]: 4005 5

10/24/06 13:48:45 [Note]: 4000 5

10/24/06 13:48:45 [Note]: 4005 5

10/24/06 13:48:48 [Note]: 4000 5

10/24/06 13:48:48 [Note]: 4005 5

10/24/06 13:48:53 [Note]: 4000 5

10/24/06 13:48:53 [Note]: 4005 5

10/24/06 13:48:57 [Note]: 4000 5

10/24/06 13:48:57 [Note]: 4005 5

10/24/06 13:49:01 [Note]: 4000 5

10/24/06 13:49:01 [Note]: 4005 5

10/24/06 13:49:05 [Note]: 4000 5

10/24/06 13:49:05 [Note]: 4005 5

10/24/06 13:49:06 [Note]: 4000 5

10/24/06 13:49:06 [Note]: 4005 5

10/24/06 13:49:08 [Note]: 4000 5

10/24/06 13:49:08 [Note]: 4005 5

10/24/06 13:49:11 [Note]: 4000 5

10/24/06 13:49:11 [Note]: 4005 5

10/24/06 13:49:14 [Note]: 4000 5

10/24/06 13:49:14 [Note]: 4005 5

10/24/06 13:49:34 [Note]: 4000 5

10/24/06 13:49:34 [Note]: 4005 5

10/24/06 13:49:50 [Note]: 4000 5

10/24/06 13:49:50 [Note]: 4005 5

10/24/06 13:49:54 [Note]: 4000 5

10/24/06 13:49:54 [Note]: 4005 5

10/24/06 13:49:58 [Note]: 4000 5

10/24/06 13:49:58 [Note]: 4005 5

10/24/06 13:50:07 [Note]: 4000 5

10/24/06 13:50:07 [Note]: 4005 5

10/24/06 13:50:14 [Note]: 4000 5

10/24/06 13:50:14 [Note]: 4005 5

10/24/06 13:50:17 [Note]: 4000 5

10/24/06 13:50:17 [Note]: 4005 5

10/24/06 13:50:28 [Note]: 4000 5

10/24/06 13:50:28 [Note]: 4005 5

10/24/06 13:50:41 [Note]: 4000 5

10/24/06 13:50:41 [Note]: 4005 5

10/24/06 13:50:54 [Note]: 4000 5

10/24/06 13:50:54 [Note]: 4005 5

10/24/06 13:51:05 [Note]: 4000 5

10/24/06 13:51:05 [Note]: 4005 5

10/24/06 13:51:18 [Note]: 4000 5

10/24/06 13:51:18 [Note]: 4005 5

10/24/06 13:51:31 [Note]: 4000 5

10/24/06 13:51:31 [Note]: 4005 5

10/24/06 13:51:44 [Note]: 4000 5

10/24/06 13:51:44 [Note]: 4005 5

10/24/06 13:51:59 [Note]: 4000 5

10/24/06 13:51:59 [Note]: 4005 5

10/24/06 13:52:01 [Note]: 4000 5

10/24/06 13:52:01 [Note]: 4005 5

10/24/06 13:52:03 [Note]: 4000 5

10/24/06 13:52:03 [Note]: 4005 5

10/24/06 13:52:05 [Note]: 2000 1012

10/24/06 13:54:01 [Note]: 7006 0

10/24/06 13:54:01 [Note]: 7011 2708

10/24/06 13:54:01 [Note]: 7026 0

10/24/06 13:54:01 [Note]: 7026 0

10/24/06 13:54:08 [Note]: FSRAW library version 1.7.1020

10/24/06 13:54:08 [Note]: 4000 5

10/24/06 13:54:08 [Note]: 4005 5

10/24/06 13:54:10 [Note]: 4000 5

10/24/06 13:54:10 [Note]: 4005 5

10/24/06 13:54:10 [Note]: 4000 5

10/24/06 13:54:10 [Note]: 4005 5

10/24/06 13:54:10 [Note]: 4000 5

10/24/06 13:54:10 [Note]: 4005 5

10/24/06 13:54:11 [Note]: 4000 5

10/24/06 13:54:11 [Note]: 4005 5

10/24/06 13:54:12 [Note]: 4000 5

10/24/06 13:54:12 [Note]: 4005 5

10/24/06 13:54:13 [Note]: 4000 5

10/24/06 13:54:13 [Note]: 4005 5

10/24/06 13:54:14 [Note]: 4000 5

10/24/06 13:54:14 [Note]: 4005 5

10/24/06 13:54:15 [Note]: 4000 5

10/24/06 13:54:15 [Note]: 4005 5

10/24/06 13:54:15 [Note]: 4000 5

10/24/06 13:54:15 [Note]: 4005 5

10/24/06 13:54:16 [Note]: 4000 5

10/24/06 13:54:16 [Note]: 4005 5

10/24/06 13:54:17 [Note]: 4000 5

10/24/06 13:54:17 [Note]: 4005 5

10/24/06 13:54:18 [Note]: 4000 5

10/24/06 13:54:18 [Note]: 4005 5

10/24/06 13:54:20 [Note]: 4000 5

10/24/06 13:54:20 [Note]: 4005 5

10/24/06 13:54:21 [Note]: 4000 5

10/24/06 13:54:21 [Note]: 4005 5

10/24/06 13:54:21 [Note]: 4000 5

10/24/06 13:54:21 [Note]: 4005 5

10/24/06 13:54:21 [Note]: 4000 5

10/24/06 13:54:21 [Note]: 4005 5

10/24/06 13:54:24 [Note]: 4000 5

10/24/06 13:54:24 [Note]: 4005 5

10/24/06 13:54:25 [Note]: 4000 5

10/24/06 13:54:25 [Note]: 4005 5

10/24/06 13:54:25 [Note]: 4000 5

10/24/06 13:54:25 [Note]: 4005 5

10/24/06 13:54:26 [Note]: 4000 5

10/24/06 13:54:26 [Note]: 4005 5

10/24/06 13:54:27 [Note]: 4000 5

10/24/06 13:54:27 [Note]: 4005 5

10/24/06 13:54:28 [Note]: 4000 5

10/24/06 13:54:28 [Note]: 4005 5

10/24/06 13:54:29 [Note]: 4000 5

10/24/06 13:54:29 [Note]: 4005 5

10/24/06 13:54:30 [Note]: 4000 5

10/24/06 13:54:30 [Note]: 4005 5

10/24/06 13:54:31 [Note]: 4000 5

10/24/06 13:54:31 [Note]: 4005 5

10/24/06 13:54:33 [Note]: 4000 5

10/24/06 13:54:33 [Note]: 4005 5

10/24/06 13:54:33 [Note]: 4000 5

10/24/06 13:54:33 [Note]: 4005 5

10/24/06 13:54:34 [Note]: 4000 5

10/24/06 13:54:34 [Note]: 4005 5

10/24/06 13:54:34 [Note]: 4000 5

10/24/06 13:54:34 [Note]: 4005 5

10/24/06 13:54:35 [Note]: 4000 5

10/24/06 13:54:35 [Note]: 4005 5

10/24/06 13:54:36 [Note]: 4000 5

10/24/06 13:54:36 [Note]: 4005 5

10/24/06 13:54:37 [Note]: 4000 5

10/24/06 13:54:37 [Note]: 4005 5

10/24/06 13:54:38 [Note]: 4000 5

10/24/06 13:54:38 [Note]: 4005 5

10/24/06 13:54:38 [Note]: 4000 5

10/24/06 13:54:38 [Note]: 4005 5

10/24/06 13:54:39 [Note]: 4000 5

10/24/06 13:54:39 [Note]: 4005 5

10/24/06 13:54:39 [Note]: 4000 5

10/24/06 13:54:39 [Note]: 4005 5

10/24/06 13:54:40 [Note]: 4000 5

10/24/06 13:54:40 [Note]: 4005 5

10/24/06 13:54:42 [Note]: 4000 5

10/24/06 13:54:42 [Note]: 4005 5

10/24/06 13:54:43 [Note]: 4000 5

10/24/06 13:54:43 [Note]: 4005 5

10/24/06 13:54:44 [Note]: 4000 5

10/24/06 13:54:44 [Note]: 4005 5

10/24/06 13:54:44 [Note]: 4000 5

10/24/06 13:54:44 [Note]: 4005 5

10/24/06 13:54:46 [Note]: 4000 5

10/24/06 13:54:46 [Note]: 4005 5

10/24/06 13:54:46 [Note]: 4000 5

10/24/06 13:54:46 [Note]: 4005 5

10/24/06 13:54:47 [Note]: 4000 5

10/24/06 13:54:47 [Note]: 4005 5

10/24/06 13:54:48 [Note]: 4000 5

10/24/06 13:54:48 [Note]: 4005 5

10/24/06 13:54:49 [Note]: 4000 5

10/24/06 13:54:49 [Note]: 4005 5

10/24/06 13:54:49 [Note]: 4000 5

10/24/06 13:54:49 [Note]: 4005 5

10/24/06 13:54:50 [Note]: 4000 5

10/24/06 13:54:50 [Note]: 4005 5

10/24/06 13:54:51 [Note]: 4000 5

10/24/06 13:54:51 [Note]: 4005 5

10/24/06 13:54:52 [Note]: 4000 5

10/24/06 13:54:52 [Note]: 4005 5

10/24/06 13:54:53 [Note]: 4000 5

10/24/06 13:54:53 [Note]: 4005 5

10/24/06 13:54:59 [Note]: 4000 5

10/24/06 13:54:59 [Note]: 4005 5

 

rapport avg

AVG Anti-Spyware - Rapport d'analyse

---------------------------------------------------------

 

+ Créé à: 13:24:48 24/10/2006

 

+ Résultat de l'analyse:

 

 

 

C:\WINDOWS\Downloaded Program Files\setup4002b.cab/lkir8l2gm_.dll -> Adware.Sahat : Ignoré.

:mozilla.100:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.101:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.96:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.97:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.98:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.99:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.

C:\Documents and Settings\Jean-Marc\Cookies\jean-marc@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.

:mozilla.34:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.

:mozilla.36:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.

:mozilla.120:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.

:mozilla.121:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.

:mozilla.122:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.

:mozilla.55:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.

C:\Documents and Settings\Jean-Marc\Cookies\jean-marc@atdmt[1].txt -> TrackingCookie.Atdmt : Nettoyé.

:mozilla.35:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.

:mozilla.26:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.

:mozilla.27:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.

:mozilla.28:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.

:mozilla.47:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.

:mozilla.73:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.

:mozilla.37:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.

:mozilla.123:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.124:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.125:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.126:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.127:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.

:mozilla.7:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.8:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.9:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.

:mozilla.39:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.

:mozilla.40:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.

:mozilla.43:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

:mozilla.44:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

:mozilla.45:C:\Documents and Settings\Jean-Marc\Application Data\Mozilla\Firefox\Profiles\y6ph5gkg.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.

C:\Documents and Settings\Jean-Marc\Cookies\jean-marc@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.

 

 

Fin du rapport

 

rapport hitajyk

Pendant le scan j'ai une boite de dialogue qui s'affiche mais tout est en anglais alors je click ok

 

Logfile of HijackThis v1.99.1

Scan saved at 13:59:17, on 24/10/2006

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\LEXBCES.EXE

C:\WINDOWS\system32\LEXPPS.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

C:\WINDOWS\System32\alg.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe

C:\Norman\Npf\BIN\NPFSVICE.EXE

C:\Norman\Bin\Zanda.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\wdfmgr.exe

C:\Norman\Nvc\BIN\nipsvc.exe

C:\Norman\Nvc\bin\nvcoas.exe

C:\Norman\bin\NJEEVES.EXE

C:\Norman\Nvc\BIN\NVCSCHED.EXE

C:\WINDOWS\Explorer.EXE

C:\Norman\bin\ZLH.EXE

C:\Program Files\DAEMON Tools\daemon.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\SAGEM Wi-Fi USB 802.11g\WLANUTL.exe

C:\Norman\Nvc\BIN\NIP.EXE

C:\Norman\Nvc\bin\cclaw.exe

C:\Norman\Npf\BIN\npfmsg2.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Microsoft ActiveSync\WCESMgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Fichiers communs\Mobipocket Shared\webcomp.exe

C:\Program Files\Microsoft Office\Office10\OUTLOOK.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Jean-Marc\Bureau\blbeta.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Jean-Marc\Bureau\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

O1 - Hosts: 141.225.152.142 onlineaccounts2.abbeynational.co.uk

O1 - Hosts: 141.225.152.142 www3.aibgbonline.co.uk

O1 - Hosts: 141.225.152.142 www.bank.alliance-leicester.co.uk

O1 - Hosts: 141.225.152.142 login.iblogin.com

O1 - Hosts: 141.225.152.142 ww2.bankofscotlandhalifax-online.co.uk

O1 - Hosts: 141.225.152.142 inet.barclays.co.uk

O1 - Hosts: 141.225.152.142 iibank.barclays.co.uk

O1 - Hosts: 141.225.152.142 iibank.cahoot.com

O1 - Hosts: 141.225.152.142 www3.coventrybuildingsociety.co.uk

O1 - Hosts: 141.225.152.142 ww.hsbc.co.uk

O1 - Hosts: 141.225.152.142 login.ebank.offshore.hsbc.co.je

O1 - Hosts: 141.225.152.142 ww3.online-offshore.lloydstsb.com

O1 - Hosts: 141.225.152.142 ww3.online-business.lloydstsb.co.uk

O1 - Hosts: 141.225.152.142 ww3.online.lloydstsb.co.uk

O1 - Hosts: 141.225.152.142 ww3.online.lloydstsb.co.uk

O1 - Hosts: 141.225.152.142 ww3.online-business.lloydstsb.co.uk

O1 - Hosts: 141.225.152.142 ob2.nationet.com

O1 - Hosts: 141.225.152.142 ww3.onlinebanking.natwestoffshore.com

O1 - Hosts: 141.225.152.142 ww1.nwolb.com

O1 - Hosts: 141.225.152.142 ww1.onlinebanking.iombank.com

O1 - Hosts: 141.225.152.142 ww1.www.rbsdigital.com

O1 - Hosts: 141.225.152.142 welcome.smile.co.uk

O1 - Hosts: 141.225.152.142 login.365online.com

O1 - Hosts: 141.225.152.142 wvw.citizensbankonline.com

O1 - Hosts: 141.225.152.142 esecure.regionsnet.com

O1 - Hosts: 141.225.152.142 rollb.associatedbank.com

O1 - Hosts: 141.225.152.142 upb.unionplanters.com

O1 - Hosts: 141.225.152.142 www.onlinebanking.huntington.com

O1 - Hosts: 141.225.152.142 inet.southtrustonlinebanking.com

O1 - Hosts: 141.225.152.142 logon.personal.wamu.com

O1 - Hosts: 141.225.152.142 login.compassweb.com

O1 - Hosts: 141.225.152.142 logon.firstmeritib.com

O1 - Hosts: 141.225.152.142 login.ccfcuonline.org

O1 - Hosts: 141.225.152.142 ww3.etimebanker.bankofthewest.com

O1 - Hosts: 141.225.152.142 ww2.onlinebanking.lasallebank.com

O1 - Hosts: 141.225.152.142 wvw.totallyfreebanking.com

O1 - Hosts: 141.225.152.142 www.online.wellsfargo.com

O1 - Hosts: 141.225.152.142 www.onlinebanking.bankofoklahoma.com

O1 - Hosts: 141.225.152.142 accounts4.keybank.com

O1 - Hosts: 141.225.152.142 logon.bankone.com

O1 - Hosts: 141.225.152.142 www.secure.tdbanknorth.com

O1 - Hosts: 141.225.152.142 www.secure.mvnt4.com

O1 - Hosts: 141.225.152.142 ww.mynfbonline.com

O1 - Hosts: 141.225.152.142 login.forumcuonline.com

O1 - Hosts: 141.225.152.142 www.eds.usersonlnet.com

O1 - Hosts: 141.225.152.142 www.onlineid.bankofamerica.com

O1 - Hosts: 141.225.152.142 wvw.e-gold.com

O1 - Hosts: 141.225.152.142 pcbs.peoples.com

O1 - Hosts: 141.225.152.142 www.global1.onlinebank.com

O1 - Hosts: 141.225.152.142 ww2.mybranch.lafcu.com

O1 - Hosts: 141.225.152.142 login.webbanking.comerica.com

O1 - Hosts: 141.225.152.142 web.banking.firsttennessee.com

O1 - Hosts: 141.225.152.142 logon.members1st.org

O1 - Hosts: 141.225.152.142 www.cib.ibanking-services.com

O1 - Hosts: 141.225.152.142 www.miwebbusbank.ebanking-services.com

O1 - Hosts: 141.225.152.142 wvw.paypal.com

O1 - Hosts: 141.225.152.142 www.signin.ebay.com

O1 - Hosts: 141.225.152.142 wvw.etrade.com

O1 - Hosts: 141.225.152.142 ww4.fleethomelink.fleet.com

O1 - Hosts: 141.225.152.142 ww3.connect.skyfi.com

O1 - Hosts: 141.225.152.142 www6.usbank.com

O1 - Hosts: 141.225.152.142 www.bvi.bancodevalencia.es

O1 - Hosts: 141.225.152.142 extrant.banesto.es

O1 - Hosts: 141.225.152.142 banesnt.banesto.es

O1 - Hosts: 141.225.152.142 activia.caixagalicia.es

O1 - Hosts: 141.225.152.142 www.bancae.caixapenedes.com

O1 - Hosts: 141.225.152.142 login.caixasabadell.net

O1 - Hosts: 141.225.152.142 oii.cajamadrid.es

O1 - Hosts: 141.225.152.142 login.cajamar.es

O1 - Hosts: 141.225.152.142 login.ccm.es

O1 - Hosts: 141.225.152.142 ww.unicaja.es

O1 - Hosts: 141.225.152.142 www5.bancopopular.es

O1 - Hosts: 141.225.152.142 ww3.bbvanet.com

O1 - Hosts: 141.225.152.142 ww.bayernlb.de

O1 - Hosts: 141.225.152.142 ww2.berliner-volksbank.de

O1 - Hosts: 141.225.152.142 ww7.homebanking-berlin.de

O1 - Hosts: 141.225.152.142 portal09.commerzbanking.de

O1 - Hosts: 141.225.152.142 www.meine.deutsche-bank.de

O1 - Hosts: 141.225.152.142 ww2.dresdner-privat.de

O1 - Hosts: 141.225.152.142 ww.e-banking.helaba.de

O1 - Hosts: 141.225.152.142 ww.hsh-nordbank.de

O1 - Hosts: 141.225.152.142 www.my.hypovereinsbank.de

O1 - Hosts: 141.225.152.142 ww3.homebanking-berlin.de

O1 - Hosts: 141.225.152.142 ww3.homebanking-berlin.de

O1 - Hosts: 141.225.152.142 www.banking.lbbw.de

O1 - Hosts: 141.225.152.142 lrp.sparkasse-banking.de

O1 - Hosts: 141.225.152.142 ww3.homebanking-niedersachsen.de

O1 - Hosts: 141.225.152.142 www.onlinebanking.norisbank.de

O1 - Hosts: 141.225.152.142 www.banking.postbank.de

O1 - Hosts: 141.225.152.142 wvw.internetbanking.gad.de

O1 - Hosts: 141.225.152.142 ww1.portal.izb.de

O1 - Hosts: 141.225.152.142 wvw.kunden-service.lbs.de

O1 - Hosts: 141.225.152.142 ibanking.seb.de

O1 - Hosts: 141.225.152.142 bw7.sparkasse-banking.de

O1 - Hosts: 141.225.152.142 ww2.homebanking-sparkasse.de

O1 - Hosts: 141.225.152.142 ww2.vr-networld-ebanking.de

O1 - Hosts: 141.225.152.142 ww.bics.fr

O1 - Hosts: 141.225.152.142 www.co.caixabank.fr

O1 - Hosts: 141.225.152.142 ww.creditmutuel.fr

O1 - Hosts: 141.225.152.142 internetbank.intesabci.it

O1 - Hosts: 141.225.152.142 ww.extensive.bancalombarda.it

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH

O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Accélérateur de démarrage AutoCAD.lnk = C:\Program Files\Fichiers communs\Autodesk Shared\acstart17.exe

O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL

O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)

O15 - Trusted Zone: http://isexplw4.lille.iufm.fr

O15 - Trusted IP range: 206.161.125.149

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone

O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)

O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)

O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwa...ash/swflash.cab

O20 - AppInit_DLLs: MsgPlusLoader.dll

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: F-Secure Automatic Update (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing)

O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE

O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

O23 - Service: MAPI Mail Client (MAPI) - Logitech, Inc. - (no file)

O23 - Service: NetDDE Server (NetDDEsrv) - Unknown owner - C:\WINDOWS\System32\netddesrv.exe (file missing)

O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe

O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE

O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE

O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe

O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe

O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

O23 - Service: Print Spool Handler (Print Spooler) - Unknown owner - C:\WINDOWS\System32\spooler.exe (file missing)

Lien vers le commentaire
Partager sur d’autres sites
regis56 Godlike Member

regis56

Posté(e)
Posté(e)

Bonsoir Gazo !

 

Continu comme ceci STP

Télécharge SpySweeper - Télécharge SpySweeper - Aide SpySweeper

- Clic sur sur le lien "Free Trial" pour le télécharger tout à droite

- Installe le et démare le

- Il va te demander de télécharger la dernière définition, accepte

- Ensuite, clic sur le bouton Options à gauche

- Clic sur l'onglet Options

- Assure toi que les options suivantes sont cochées :

o Windows Registery

o Memory Object

o Cookies

o System Restore Folder

o Plus bas :

o Sweep all users accounts

o Sweep for rootkis

 

-- Redémarre en mode sans échec, si tu sais pas comment on fait lis ceci

- Démarre SpySweeper

- Clic sur "Sweep Now" à gauche

- Clic sur le bouton "Start"

- Quand le scan est terminé, clic sur le bouton "Next"

- Assure toi que tout est coché et clic sur le bouton "Next"

- Lorsque tous les éléments trouvés ont été supprimés

- Clic sur "Session Log" en haut à droite, copie tous les élements du log.

 

Lance zeb-restore et coche ceci

Sites de confiance et sensibles

Réinitialiser Fichier Hosts

 

Puis clique sur restaurer !

 

Ensuite

 

Démarrer > Exécuter et taper Services.msc puis OK

Choisir le mode "Etendu" (onglets inférieurs)

Grâce à la barre de défilement (à droite) rechercher le service suivant:

 

NetDDE Server

 

Quand le service est trouvé, pointer dessus, double-cliquer (bouton gauche).

Dans la fenêtre suivante qui apparait, sous l'onglet Général cliquer sur le bouton Arrêter,

puis dérouler le Type de Démarrage pour le modifier en Désactivé

Cliquer sur Appliquer puis OK

 

Lancer Hijackthis, choisir Open the Misc.Tools section

la fenêtre "Configuration" va s'ouvrir

cliquer sur Delete a NT service...

la fenêtre "Delete a Windows NT service" va s'ouvrir

Entrer dans la zone de dialogue :

 

NetDDEsrv

 

Note : assurez-vous de ne mettre d'espace, ni avant, ni après !

cliquer OK

 

Une autre fenêtre devrait s'ouvrir, donnant des informations sur le service et demandant si vous voulez re-démarrer.

Cliquer NO

 

 

Aide : N'hésite pas à consulter l'Aide de SpySweeper

 

Refais un scan chez panda après et un rapport hijackthis STP

 

A plus.

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...