Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: "21.exe" virus ou "46.exe" virus and so on...

  1. #1
    Junior Member
    Join Date
    Feb 2008
    Location
    Paris
    Posts
    9

    Default "21.exe" virus ou "46.exe" virus and so on...

    Hello,

    I need for help...
    Here is my problem :
    When I switch on my computer, after a few minutes, a "program/virus" (like 21.EXE or 46.EXE...) tries to connect to the internet. I know it tries to connect to the internet because "Norton Symantec" asks me if I allow it to connect or not. If I answer "yes", the "virus" does not stop to generate many, many, many mails and the RAM is all used. If I answer "no", nothing happens : the computer runs normally. I think the problem is (part) located in the file C:/Documents and Settings/Yann/Local Settings/Temp/21.exe or 46.exe etc...). But I am not sure. Maybe there are other problems...
    I used Spybot software, Spyware software, Norton anti virus software and CCleaner to fix the problems. No result.
    Here is the Kapersky analysis :
    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Thursday, February 21, 2008 10:47:02 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 21/02/2008
    Kaspersky Anti-Virus database records: 574690
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    G:\

    Scan Statistics:
    Total number of scanned objects: 76161
    Number of viruses found: 7
    Number of infected objects: 26
    Number of suspicious objects: 0
    Duration of the scan process: 01:07:21

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-21_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16E9207C/data0142 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16E9207C NSIS: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16E9207C CryptFF: infected - 1 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52AC3C8D.exe/WISE0012.BIN Infected: not-a-virus:AdWare.Win32.MyWay.ac skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52AC3C8D.exe/WISE0013.BIN/data0142 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52AC3C8D.exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.HelpExpress skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52AC3C8D.exe/WISE0014.BIN/data.rar/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52AC3C8D.exe/WISE0014.BIN/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52AC3C8D.exe/WISE0014.BIN/data.rar/WhSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52AC3C8D.exe/WISE0014.BIN/data.rar/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52AC3C8D.exe/WISE0014.BIN/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52AC3C8D.exe/WISE0014.BIN/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52AC3C8D.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.WebHancer skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52AC3C8D.exe/WISE0015.BIN/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52AC3C8D.exe/WISE0015.BIN/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52AC3C8D.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.Cydoor skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52AC3C8D.exe WiseSFX: infected - 13 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52AC3C8D.exe CryptFF: infected - 13 skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E1A349F.yse Infected: Trojan-Proxy.Win32.Agent.zm skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73A0388B.yse Infected: Trojan-Proxy.Win32.Agent.zm skipped
    C:\Documents and Settings\All Users\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\All Users\NTUSER.DAT.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Yann\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped
    C:\Documents and Settings\Yann\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Yann\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Yann\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Yann\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Yann\Local Settings\Temp\05.exe Infected: Trojan-Proxy.Win32.Agent.zm skipped
    C:\Documents and Settings\Yann\Local Settings\Temp\78.exe Infected: Trojan-Proxy.Win32.Agent.zm skipped
    C:\Documents and Settings\Yann\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Yann\Local Settings\Temporary Internet Files\Content.IE5\HKRC0CUQ\serv1-4[1].exe Infected: Trojan-Proxy.Win32.Agent.zm skipped
    C:\Documents and Settings\Yann\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Yann\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Yann\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SNDALRT.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SNDCON.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SNDDBG.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SNDFW.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SNDIDS.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSYS.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\chandir.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\chandir.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\chn.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\chn.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\D0000000.FCS Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\inuse.txt Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\L0000002.FCS Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\main.log Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\prs.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\prs.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\prs_die.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\prs_die.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\prs_dnd.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\prs_dnd.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\prs_ext.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\prs_ext.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\prs_rcv.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\prs_rcv.idx Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\storydb.dat Object is locked skipped
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\Yann\Data\storydb.idx Object is locked skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0077NAV~.TMP Object is locked skipped
    C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0583NAV~.TMP Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{3B0B07F2-42FE-4807-B606-4B97DC04CDF5}\RP323\A0051591.DLL Infected: not-a-virus:AdWare.Win32.MyWay.c skipped
    C:\System Volume Information\_restore{3B0B07F2-42FE-4807-B606-4B97DC04CDF5}\RP327\A0053071.exe Infected: Trojan-Proxy.Win32.Agent.zm skipped
    C:\System Volume Information\_restore{3B0B07F2-42FE-4807-B606-4B97DC04CDF5}\RP329\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{9EB97A5E-2298-469A-BA70-7A08C78AFC8A}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\etc\Hosts.bak Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\system32\winnetwork.exe Infected: Backdoor.Win32.IRCBot.blh skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.

    I hope to get an answer because I do not know what to do.

    PS : I will not be able to answer my helper before Saturday, 1rst, March due to a job trip.

    Thanks.
    Best regards.
    Yann

  2. #2
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,252

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance)
    http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    You have a couple of nasty trojans, some information:
    Trojan-Proxy.Win32.Agent.zm
    http://www.google.com/search?hl=en&q...=Google+Search

    This one: C:\WINDOWS\system32\winnetwork.exe ------> Backdoor.Win32.IRCBot.blh
    Looks like the really bad one, see this:
    http://www.bleepingcomputer.com/star...exe-21830.html
    http://www.symantec.com/security_res...070818-0630-99
    This Trojan contains its own Internet Relay Chat (IRC) client. This allows it to connect to an IRC channel that was hardcoded into the Trojan. Using the IRC channel, the Trojan listens for commands from the hacker. The hacker accesses the Trojan by using a password-protected authorization. The commands allow the hacker to perform any of the following actions:
    Manage the installation of the Trojan
    Control the IRC client on the compromised computer
    Update the installed Trojan
    Send the Trojan to other IRC channels
    Download and execute files
    Perform DoS attacks against a target defined by the hacker
    Uninstall itself completely by removing the relevant registry entries
    You should probably read this information:
    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
    http://www.dslreports.com/faq/10451
    When Should I Format, How Should I Reinstall
    http://www.dslreports.com/faq/10063

    If you want me to proceed past this point, do this:

    Download Trend Micro Hijack This™
    http://download.bleepingcomputer.com...HJTInstall.exe
    Doubleclick the HJTInstall.exe to start it.
    By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.
    HijackThis will open after install. Press the Scan button below.
    This will start the scan and open a log.
    Copy and paste the contents of the log in your next reply.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  3. #3
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,485

    Default

    Moved back to malware removal.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  4. #4
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,252

    Default

    I apologize for the confusion, it may have been best if you had waited until you could respond to directions before posting. Please review the instructions in my post #2 on
    2008-02-22, 17:37, if you wish to continue once you have done that, post the HJT log as described in those instructions.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  5. #5
    Junior Member
    Join Date
    Feb 2008
    Location
    Paris
    Posts
    9

    Default Here is the HijackThis log asked.

    Here is the HijackThis log.

    I hope you can help me to destroy the viruses...

    I am not an expert and I do not know what to do...

    Thanks.
    Best regards.
    Yann


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:59:13, on 29/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\EzButton\EzButton.EXE
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\System32\ZoomingHook.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\winnetwork.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Le Petit Robert\prhyper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\DOCUME~1\Yann\LOCALS~1\Temp\56.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\minitel\Watch.exe
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Windows Network Services] winnetwork.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Petit Robert\prhyper.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.27\ilikesidebar.exe /checkforupdate
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: cmdrun - C:\WINDOWS\system\cmdrun.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Yann/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

    --
    End of file - 17979 bytes

  6. #6
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,252

    Default

    Thanks for returning your HJT log, let's do this first:

    1) C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\ <<< delete the contents of the NAV quarantine folder
    http://service1.symantec.com/SUPPORT...00041213443506

    2) We need first to disable TeaTimer that it doesn't interfere with fixes. You can re-enable it when you're clean again:
    * Run Spybot-S&D in Advanced Mode.
    * If it is not already set to do this Go to the Mode menu select "Advanced Mode"
    * On the left hand side, Click on Tools
    * Then click on the Resident Icon in the List
    * Uncheck "Resident TeaTimer" and OK any prompts.
    * Restart your computer.
    (leave TT disabled until we finish)


    3) Download Malwarebytes' Anti-Malware to your desktop.
    http://www.besttechie.net/tools/mbam-setup.exe

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform FULL SCAN, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

    Post the log from Malwarebytes' Anti-Malware and a new HJT log.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  7. #7
    Junior Member
    Join Date
    Feb 2008
    Location
    Paris
    Posts
    9

    Default Here are the two new logs.

    Hello,

    Here are the two new logs.

    The Malwarebytes :

    Malwarebytes' Anti-Malware 1.05
    Version de la base de données: 432

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 92931
    Temps écoulé: 46 minute(s), 30 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)


    The HijackThis log :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:20:17, on 01/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
    C:\Program Files\ltmoh\Ltmoh.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\EzButton\EzButton.EXE
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\WINDOWS\System32\ZoomingHook.exe
    C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
    C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\system32\winnetwork.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Le Petit Robert\prhyper.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\DOCUME~1\Yann\LOCALS~1\Temp\76.exe
    C:\WINDOWS\system32\RAMASST.exe
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
    O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
    O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [EzButton] C:\Program Files\EzButton\EzButton.EXE
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [ZoomingHook] c:\WINDOWS\System32\ZoomingHook.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\minitel\Watch.exe
    O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [Windows Network Services] winnetwork.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [NvGraphicsInterface] C:\DOCUME~1\Yann\LOCALS~1\Temp\76.exe
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Petit Robert\prhyper.exe
    O4 - HKCU\..\Run: [iLike] C:\Program Files\iLike\1.1.27\ilikesidebar.exe /checkforupdate
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
    O8 - Extra context menu item: Chercher avec Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...scbase8460.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {BE833F39-1E0C-468C-BA70-25AAEE55775E} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: cmdrun - C:\WINDOWS\system\cmdrun.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Yann/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

    --
    End of file - 17972 bytes

    Hope they will help you even if the Malwarebytes log seems to say that there is nothing...

    Thank yhou.

    Best regards,
    Yann

  8. #8
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,252

    Default

    Thanks for returning your information, follow the directions carefully.

    You will probably need to show all files and folder for this:
    http://www.xtra.co.nz/help/0,,4155-1916458,00.html

    C:\WINDOWS\system\cmdrun.dll <<< use one or more of these free online scans to find out what this is, post the results.
    http://virusscan.jotti.org/
    http://www.kaspersky.com/scanforvirus
    http://www.virustotal.com/


    Thanks to andymanchesta and anyone else who helped with the fix.

    Download SDFix and save it to your Desktop
    http://downloads.andymanchesta.com/R...ools/SDFix.exe

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    Restart your computer
    After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    Instead of Windows loading as normal, the Advanced Options Menu should appear;
    Select the first option, to run Windows in Safe Mode, then press Enter.
    Choose your usual account.
    Open the extracted SDFix folder and double click RunThis.bat to start the script.
    Type Y to begin the cleanup process.
    It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    Press any Key and it will restart the PC.
    When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    Finally post the contents of the Report.txt back on the forum with a new HijackThis log

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006

  9. #9
    Junior Member
    Join Date
    Feb 2008
    Location
    Paris
    Posts
    9

    Default Here are all the logs (first part).

    Hello,

    I have just done all you said.



    1/ The Kapersky result :

    If you would like to scan your entire computer for viruses, please use our free virus scan.


    You're clean!
    Kaspersky Anti-Virus has not detected any viruses at this time in the file you submitted.

    However, only a fully-functional antivirus solution with regularly updated virus definitions can ensure comprehensive protection against malware. If you do not have an antivirus solution installed, you may wish to consider purchasing one today.

    Download a trial version of Kaspersky Anti-Virus
    Purchase Kaspersky Anti-Virus in our E-Store
    Purchase Kaspersky Anti-Virus from a certified partner

    Scanned file: cmdrun.dll



    Statistics:
    Known viruses: 591014 Updated: 29-02-2008
    File size (Kb): 22 Virus bodies: 0
    Files: 1 Warnings: 0
    Archives: 0 Suspicious: 0



    2/ The Virustotal result :

    Fichier cmdrun.dll reçu le 2008.03.01 03:03:01 (CET)
    Situation actuelle: en cours de chargement ... mis en file d'attente en attente en cours d'analyse terminé NON TROUVE ARRETE


    Résultat: 0/32 (0%)
    en train de charger les informations du serveur...
    Votre fichier est dans la file d'attente, en position: 5.
    L'heure estimée de démarrage est entre 52 et 75 secondes.
    Ne fermez pas la fenêtre avant la fin de l'analyse.
    L'analyseur qui traitait votre fichier est actuellement stoppé, nous allons attendre quelques secondes pour tenter de récupérer vos résultats.
    Si vous attendez depuis plus de cinq minutes, vous devez renvoyer votre fichier.
    Votre fichier est, en ce moment, en cours d'analyse par VirusTotal,
    les résultats seront affichés au fur et à mesure de leur génération.
    Formaté Impression des résultats
    Votre fichier a expiré ou n'existe pas.
    Le service est en ce moment, stoppé, votre fichier attend d'être analysé (position : ) depuis une durée indéfinie.

    Vous pouvez attendre une réponse du Web (re-chargement automatique) ou taper votre e-mail dans le formulaire ci-dessous et cliquer "Demande" pour que le système vous envoie une notification quand l'analyse sera terminée.
    Email:


    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.2.29.1 2008.02.29 -
    AntiVir 7.6.0.73 2008.02.29 -
    Authentium 4.93.8 2008.03.01 -
    Avast 4.7.1098.0 2008.03.01 -
    AVG 7.5.0.516 2008.02.29 -
    BitDefender 7.2 2008.03.01 -
    CAT-QuickHeal 9.50 2008.02.29 -
    ClamAV 0.92.1 2008.03.01 -
    DrWeb 4.44.0.09170 2008.02.29 -
    eSafe 7.0.15.0 2008.02.28 -
    eTrust-Vet 31.3.5574 2008.02.29 -
    Ewido 4.0 2008.02.29 -
    FileAdvisor 1 2008.03.01 -
    Fortinet 3.14.0.0 2008.02.29 -
    F-Prot 4.4.2.54 2008.02.29 -
    F-Secure 6.70.13260.0 2008.02.29 -
    Ikarus T3.1.1.20 2008.03.01 -
    Kaspersky 7.0.0.125 2008.03.01 -
    McAfee 5242 2008.02.29 -
    Microsoft 1.3301 2008.03.01 -
    NOD32v2 2912 2008.02.29 -
    Norman 5.80.02 2008.02.29 -
    Panda 9.0.0.4 2008.02.29 -
    Prevx1 V2 2008.03.01 -
    Rising 20.33.42.00 2008.02.29 -
    Sophos 4.27.0 2008.03.01 -
    Sunbelt 3.0.906.0 2008.02.28 -
    Symantec 10 2008.03.01 -
    TheHacker 6.2.9.229 2008.02.25 -
    VBA32 3.12.6.2 2008.02.27 -
    VirusBuster 4.3.26:9 2008.02.29 -
    Webwasher-Gateway 6.6.2 2008.02.29 -
    Information additionnelle
    File size: 22213 bytes
    MD5: c2d832299475baff56527fd16dc8d69c
    SHA1: d26d9a24625e4559538a9a92a60171d9c762d475
    PEiD: -

    End of part 1.

  10. #10
    Junior Member
    Join Date
    Feb 2008
    Location
    Paris
    Posts
    9

    Default Here are all the logs (second part).

    3/ The SDFix report :


    SDFix: Version 1.149

    Run by Administrateur on 01/03/2008 at 04:17

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\WINDOWS\System32\winnetwork.exe - Deleted





    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-01 04:24:16
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\11 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 304 Leptis Magna -la Basilique Severan (colonnes)- 10.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\11 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 304 Leptis Magna -la Basilique Severan (colonnes)- 10.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 11 Gênes Paquebot Le sésame A la fois la clé, la carte de paiement et la carte d'identification.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 11 Gênes Paquebot Le sésame A la fois la clé, la carte de paiement et la carte d'identification.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 416 Paestum Oranger à l'entrée du site archéologique de Paestum.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 416 Paestum Oranger à l'entrée du site archéologique de Paestum.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 449 Salerne Sortie du port Moteurs à plein régime.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 449 Salerne Sortie du port Moteurs à plein régime.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 454 Paquebot Les conférences scientifiques de Sky and telescope 6.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 454 Paquebot Les conférences scientifiques de Sky and telescope 6.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 420 Paestum L'ekklesiasterion grec Le siège de la démocratie.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 420 Paestum L'ekklesiasterion grec Le siège de la démocratie.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 421 Paestum Les temples de Neptune-Apollon et d'Hera 1.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 421 Paestum Les temples de Neptune-Apollon et d'Hera 1.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 422 Paestum Les temples de Neptune-Apollon et d'Hera 2.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 422 Paestum Les temples de Neptune-Apollon et d'Hera 2.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 435 Paestum Le musée archéologique Statuette de femme 1.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 435 Paestum Le musée archéologique Statuette de femme 1.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 436 Paestum Le musée archéologique Statuette de femme 2.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 436 Paestum Le musée archéologique Statuette de femme 2.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 437 Paestum Le musée archéologique Statuette de femme Détail 3.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 437 Paestum Le musée archéologique Statuette de femme Détail 3.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 438 Paestum Le musée archéologique Statuette de femme 4.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 438 Paestum Le musée archéologique Statuette de femme 4.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 439 Paestum Le musée archéologique Statuettes de femmes 5.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 439 Paestum Le musée archéologique Statuettes de femmes 5.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 440 Paestum Le musée archéologique Statuette de femme 6.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 440 Paestum Le musée archéologique Statuette de femme 6.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 441 Paestum Le musée archéologique Statuette de femme 7.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\13 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 441 Paestum Le musée archéologique Statuette de femme 7.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\6 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 168 Cours de cuisine Farfalle maître d'hôtel par le mâitre d'hôtel du paquebot 2.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\6 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 168 Cours de cuisine Farfalle maître d'hôtel par le mâitre d'hôtel du paquebot 2.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\6 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 169 Cours de cuisine Farfalle maître d'hôtel par le mâitre d'hôtel du paquebot -aide- 3.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\6 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 169 Cours de cuisine Farfalle maître d'hôtel par le mâitre d'hôtel du paquebot -aide- 3.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\6 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 173 Cours de cuisine Farfalle maître d'hôtel par le mâitre d'hôtel du paquebot -le résultat- 7.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\6 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 173 Cours de cuisine Farfalle maître d'hôtel par le mâitre d'hôtel du paquebot -le résultat- 7.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\7 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 198 Rues d'Alexandrie (pollution, traffic et embouteillages) 8.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\7 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 198 Rues d'Alexandrie (pollution, traffic et embouteillages) 8.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\7 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 200 Rues d'Alexandrie (pollution, traffic et embouteillages) -attente des transports en commun- 10.JPG:SummaryInformation 304 bytes hidden from API
    C:\Documents and Settings\Yann\Mes documents\Mes images\20060322 Méditerrannée Croisière éclipse 22 mars au 03 avril 2006\Aide à la réalisation\7 20060322 au 20060403 Croisière éclipse en Méditerrannée\2006 200 Rues d'Alexandrie (pollution, traffic et embouteillages) -attente des transports en commun- 10.JPG:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} 0 bytes hidden from API

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 54

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •