Pub intenpestive,virus
Dernière réponse : dans Sécurité
Bonjours:
Un ami est infecter il a des pub intenpestive,le pc est lent etc...
Voici son rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:40:46, on 25/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trust\DS-3100A Wireless Optical Deskset\Mouse\mouse32a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\tdfotagt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Phone\Skype.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Quantin\Bureau\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Heck sign dash cash] C:\Documents and Settings\All Users\Application Data\ErrorSkipHeckSign\Media grid.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\DS-3100A Wireless Optical Deskset\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Window Creative] C:\DOCUME~1\Quantin\APPLIC~1\COALGR~1\firstgrimlive.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: WiFi Station.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra 'Tools' menuitem: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://big68470.spaces.live.com//PhotoUpload/MsnPUpld.c...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D380B64-90EB-473E-9E64-76E94F5CC3A5}: NameServer = 213.216.172.62,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{68394A03-7B36-419E-B545-4C14AD64590B}: NameServer = 213.36.80.1,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{D44DF079-0D21-4D52-98B9-398961898F5E}: NameServer = 213.36.80.1,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D380B64-90EB-473E-9E64-76E94F5CC3A5}: NameServer = 213.216.172.62,212.216.172.62
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 11804 bytes
Un ami est infecter il a des pub intenpestive,le pc est lent etc...
Voici son rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15:40:46, on 25/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trust\DS-3100A Wireless Optical Deskset\Mouse\mouse32a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\tdfotagt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wscntfy.exe
C:\program files\valve\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Skype\Phone\Skype.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Quantin\Bureau\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Heck sign dash cash] C:\Documents and Settings\All Users\Application Data\ErrorSkipHeckSign\Media grid.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\DS-3100A Wireless Optical Deskset\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Window Creative] C:\DOCUME~1\Quantin\APPLIC~1\COALGR~1\firstgrimlive.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: WiFi Station.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra 'Tools' menuitem: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://big68470.spaces.live.com//PhotoUpload/MsnPUpld.c...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D380B64-90EB-473E-9E64-76E94F5CC3A5}: NameServer = 213.216.172.62,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{68394A03-7B36-419E-B545-4C14AD64590B}: NameServer = 213.36.80.1,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{D44DF079-0D21-4D52-98B9-398961898F5E}: NameServer = 213.36.80.1,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D380B64-90EB-473E-9E64-76E94F5CC3A5}: NameServer = 213.216.172.62,212.216.172.62
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 11804 bytes
Autres pages sur : pub intenpestive virus
Lassé par la pub ? Créez un compte
Bonjour,
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Redémarre en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé à la racine de ton dique dur (C:) et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis.
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
Double clique sur SDFix.exe et choisis Install pour l'extraire sur le Bureau.
Redémarre en mode sans échec
SDFix: Version 1.88
Run by Quantin on 25/06/2007 at 17:54
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Quantin\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\DOCUME~1\Quantin\LOCALS~1\Temp\GLFD.tmp.dll - Deleted
C:\DOCUME~1\Quantin\LOCALS~1\Temp\injs.a9.exe.conf - Deleted
C:\DOCUME~1\Quantin\LOCALS~1\Temp\injs.aa.exe.conf - Deleted
C:\WINDOWS\system\smss.exe - Deleted
C:\WINDOWS\system32\plugin1.dat - Deleted
C:\WINDOWS\system32\SysPr.prx - Deleted
Removing Temp Files...
ADS Check:
Checking C:\WINDOWS
C:\WINDOWS
No streams found.
Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.
Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*
isabled:Windows© NetMeeting©""C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled
artage de l'application RTC""C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"="C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe:*:Enabled:CrazyTalk"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\81exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\81exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\85exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\85exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\7exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\7exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\61exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\61exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\65exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\65exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\15exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\15exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\67exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\67exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\86exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\86exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\1exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\1exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\46exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\46exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\33exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\33exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\79exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\79exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\35exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\35exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\20exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\20exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\74exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\74exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\3exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\3exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\95exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\95exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\16exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\16exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\78exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\78exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\55exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\55exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\66exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\66exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\30exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\30exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\24exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\24exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\76exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\76exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\19exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\19exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\87exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\87exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\94exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\94exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\13exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\13exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\63exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\63exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\0exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\0exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\18exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\18exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\53exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\53exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\57exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\57exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\11exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\11exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\72exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\72exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\25exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\25exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\40exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\40exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\14exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\14exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\39exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\39exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\34exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\34exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\5exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\5exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\17exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\17exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\52exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\52exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\41exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\41exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\54exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\54exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\77exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\77exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\75exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\75exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\51exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\51exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\6exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\6exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\62exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\62exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\96exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\96exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\37exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\37exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\91exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\91exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\32exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\32exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\21exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\21exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\92exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\92exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\26exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\26exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\69exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\69exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\73exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\73exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\56exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\56exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\36exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\36exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\64exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\64exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\10exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\10exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\50exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\50exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\70exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\70exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\83exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\83exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\58exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\58exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\9exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\9exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\43exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\43exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\45exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\45exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\71exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\71exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\2exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\2exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\8exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\8exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\44exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\44exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\98exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\98exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\97exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\97exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\4exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\4exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\29exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\29exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\31exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\31exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\49exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\49exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\22exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\22exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\99exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\99exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\82exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\82exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\38exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\38exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\68exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\68exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\42exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\42exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\y2s\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\y2s\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\y2s\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\y2s\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\93exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\93exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\80exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\80exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\12exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\12exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\y2s\\deathmatch classic\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\y2s\\deathmatch classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\y2s\\ricochet\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\y2s\\ricochet\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\27exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\27exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\magnumstyle\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\magnumstyle\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\magnumstyle\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\magnumstyle\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\Quantin\Bureau\SDFix\backups\backups.zip
Listing Files with Hidden Attributes:
C:\Documents and Settings\All Users\Documents\Mes vid‚os\Rihanna - Music Of The Sun (2005) - Reggae [www.torrentazos.com]\AlbumArtSmall.jpg
C:\Documents and Settings\All Users\Documents\Mes vid‚os\Rihanna - Music Of The Sun (2005) - Reggae [www.torrentazos.com]\AlbumArt_{1EDCFEF0-4E7C-40B6-A8B6-F8C808B2BF13}_Large.jpg
C:\Documents and Settings\All Users\Documents\Mes vid‚os\Rihanna - Music Of The Sun (2005) - Reggae [www.torrentazos.com]\AlbumArt_{1EDCFEF0-4E7C-40B6-A8B6-F8C808B2BF13}_Small.jpg
C:\Documents and Settings\All Users\Documents\Mes vid‚os\Rihanna - Music Of The Sun (2005) - Reggae [www.torrentazos.com]\desktop.ini
C:\Documents and Settings\All Users\Documents\Mes vid‚os\Rihanna - Music Of The Sun (2005) - Reggae [www.torrentazos.com]\Folder.jpg
C:\Documents and Settings\All Users\Documents\Mes vid‚os\Rihanna - Music Of The Sun (2005) - Reggae [www.torrentazos.com]\Thumbs.db
C:\Documents and Settings\Quantin\SendTo\WLM - big68@msn.com\Desktop.ini
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
Listing User Accounts:
Administrateur ASPNET HelpAssistant
Invit‚ Quantin SUPPORT_388945a0
La commande s'est termin‚e correctement.
Finished
SDFix: Version 1.88
Run by Quantin on 25/06/2007 at 17:54
Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\Quantin\Bureau\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\DOCUME~1\Quantin\LOCALS~1\Temp\GLFD.tmp.dll - Deleted
C:\DOCUME~1\Quantin\LOCALS~1\Temp\injs.a9.exe.conf - Deleted
C:\DOCUME~1\Quantin\LOCALS~1\Temp\injs.aa.exe.conf - Deleted
C:\WINDOWS\system\smss.exe - Deleted
C:\WINDOWS\system32\plugin1.dat - Deleted
C:\WINDOWS\system32\SysPr.prx - Deleted
Removing Temp Files...
ADS Check:
Checking C:\WINDOWS
C:\WINDOWS
No streams found.
Checking C:\WINDOWS\system32
C:\WINDOWS\system32
No streams found.
Checking C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.
Checking C:\WINDOWS\system32\ntoskrnl.exe
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0-frFR-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*
isabled:Windows© NetMeeting©""C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled
artage de l'application RTC""C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe"="C:\\Program Files\\Reallusion\\CrazyTalk for Skype\\CT4Skype.exe:*:Enabled:CrazyTalk"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"="C:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe:*:Enabled:TmNationsESWC"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\81exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\81exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\85exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\85exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\7exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\7exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\61exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\61exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\65exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\65exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\15exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\15exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\67exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\67exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\86exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\86exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\1exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\1exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\46exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\46exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\33exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\33exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\79exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\79exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\35exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\35exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\20exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\20exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\74exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\74exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\3exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\3exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\95exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\95exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\16exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\16exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\78exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\78exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\55exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\55exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\66exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\66exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\30exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\30exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\24exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\24exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\76exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\76exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\19exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\19exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\87exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\87exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\94exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\94exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\13exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\13exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\63exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\63exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\0exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\0exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\18exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\18exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\53exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\53exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\57exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\57exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\11exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\11exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\72exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\72exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\25exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\25exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\40exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\40exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\14exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\14exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\39exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\39exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\34exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\34exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\5exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\5exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\17exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\17exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\52exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\52exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\41exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\41exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\54exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\54exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\77exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\77exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\75exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\75exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\51exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\51exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\6exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\6exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\62exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\62exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\96exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\96exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\37exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\37exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\91exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\91exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\32exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\32exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\21exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\21exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\92exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\92exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\26exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\26exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\69exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\69exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\73exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\73exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\56exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\56exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\36exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\36exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\64exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\64exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\10exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\10exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\50exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\50exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\70exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\70exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\83exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\83exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\58exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\58exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\9exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\9exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\43exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\43exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\45exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\45exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\71exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\71exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\2exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\2exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\8exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\8exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\44exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\44exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\98exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\98exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\97exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\97exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\4exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\4exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\29exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\29exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\31exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\31exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\49exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\49exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\22exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\22exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\99exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\99exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\82exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\82exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\38exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\38exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\68exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\68exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\42exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\42exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\y2s\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\y2s\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\y2s\\condition zero\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\y2s\\condition zero\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\93exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\93exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\80exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\80exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\12exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\12exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\y2s\\deathmatch classic\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\y2s\\deathmatch classic\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\y2s\\ricochet\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\y2s\\ricochet\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\27exinjs.a9.exe"="C:\\DOCUME~1\\Quantin\\LOCALS~1\\Temp\\27exinjs.a9.exe:*:Enabled:Microsoft Update"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\magnumstyle\\half-life 2 deathmatch\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\magnumstyle\\half-life 2 deathmatch\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\magnumstyle\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\magnumstyle\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\Quantin\Bureau\SDFix\backups\backups.zip
Listing Files with Hidden Attributes:
C:\Documents and Settings\All Users\Documents\Mes vid‚os\Rihanna - Music Of The Sun (2005) - Reggae [www.torrentazos.com]\AlbumArtSmall.jpg
C:\Documents and Settings\All Users\Documents\Mes vid‚os\Rihanna - Music Of The Sun (2005) - Reggae [www.torrentazos.com]\AlbumArt_{1EDCFEF0-4E7C-40B6-A8B6-F8C808B2BF13}_Large.jpg
C:\Documents and Settings\All Users\Documents\Mes vid‚os\Rihanna - Music Of The Sun (2005) - Reggae [www.torrentazos.com]\AlbumArt_{1EDCFEF0-4E7C-40B6-A8B6-F8C808B2BF13}_Small.jpg
C:\Documents and Settings\All Users\Documents\Mes vid‚os\Rihanna - Music Of The Sun (2005) - Reggae [www.torrentazos.com]\desktop.ini
C:\Documents and Settings\All Users\Documents\Mes vid‚os\Rihanna - Music Of The Sun (2005) - Reggae [www.torrentazos.com]\Folder.jpg
C:\Documents and Settings\All Users\Documents\Mes vid‚os\Rihanna - Music Of The Sun (2005) - Reggae [www.torrentazos.com]\Thumbs.db
C:\Documents and Settings\Quantin\SendTo\WLM - big68@msn.com\Desktop.ini
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
Listing User Accounts:
Administrateur ASPNET HelpAssistant
Invit‚ Quantin SUPPORT_388945a0
La commande s'est termin‚e correctement.
Finished
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 18:18:04, on 25/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trust\DS-3100A Wireless Optical Deskset\Mouse\mouse32a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\tdfotagt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Quantin\Bureau\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Heck sign dash cash] C:\Documents and Settings\All Users\Application Data\ErrorSkipHeckSign\Media grid.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\DS-3100A Wireless Optical Deskset\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Window Creative] C:\DOCUME~1\Quantin\APPLIC~1\COALGR~1\firstgrimlive.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: WiFi Station.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra 'Tools' menuitem: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://big68470.spaces.live.com//PhotoUpload/MsnPUpld.c...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D380B64-90EB-473E-9E64-76E94F5CC3A5}: NameServer = 213.216.172.62,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{68394A03-7B36-419E-B545-4C14AD64590B}: NameServer = 213.36.80.1,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{D44DF079-0D21-4D52-98B9-398961898F5E}: NameServer = 213.36.80.1,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D380B64-90EB-473E-9E64-76E94F5CC3A5}: NameServer = 213.216.172.62,212.216.172.62
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 11470 bytes
Scan saved at 18:18:04, on 25/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Trust\DS-3100A Wireless Optical Deskset\Mouse\mouse32a.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
C:\windows\system32\tdfotagt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Hercules\WiFi Station\WifiStation.exe
C:\Program Files\Antipub\antipub.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Quantin\Bureau\HiJackThis_v2.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Heck sign dash cash] C:\Documents and Settings\All Users\Application Data\ErrorSkipHeckSign\Media grid.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Trust\DS-3100A Wireless Optical Deskset\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Window Creative] C:\DOCUME~1\Quantin\APPLIC~1\COALGR~1\firstgrimlive.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: WiFi Station.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra 'Tools' menuitem: Stop Pub - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\JCA2000\StopPub\StopPub.exe
O9 - Extra button: Internet Radio by Endicosoft.com - {1F958B09-3312-7f0e-9723-4C1324C57B20} - C:\Program Files\Internet Radio\Radio.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986....
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab312...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://big68470.spaces.live.com//PhotoUpload/MsnPUpld.c...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.ca...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Ap...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D380B64-90EB-473E-9E64-76E94F5CC3A5}: NameServer = 213.216.172.62,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{68394A03-7B36-419E-B545-4C14AD64590B}: NameServer = 213.36.80.1,212.216.172.62
O17 - HKLM\System\CCS\Services\Tcpip\..\{D44DF079-0D21-4D52-98B9-398961898F5E}: NameServer = 213.36.80.1,212.216.172.62
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D380B64-90EB-473E-9E64-76E94F5CC3A5}: NameServer = 213.216.172.62,212.216.172.62
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
--
End of file - 11470 bytes
Re,
Télécharge LopResearch.zip
Dézippe-le sur ton Bureau uniquement.
Ouvre le dossier LopResearch puis double-clique sur le Scan.bat.
Un rapport sera généré, poste son contenu ici.
Télécharge LopResearch.zip
Dézippe-le sur ton Bureau uniquement.
Ouvre le dossier LopResearch puis double-clique sur le Scan.bat.
Un rapport sera généré, poste son contenu ici.
Rapport fait à 18:28:07,15 le 25/06/2007
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\Documents and Settings\All Users\Application Data
25/05/2007 18:13 <REP> Spybot - Search & Destroy
17/05/2007 22:55 1755 QTSBandwidthCache
15/05/2007 18:20 <REP> Microsoft Games
05/05/2007 22:18 <REP> McAfee
05/05/2007 22:18 <REP> SiteAdvisor
11/03/2007 02:43 <REP> TEMP
10/01/2007 23:00 <REP> Skype
09/01/2007 23:27 <REP> Messenger Plus!
31/12/2006 19:59 <REP> Google
26/12/2006 22:26 <REP> ErrorSkipHeckSign
23/12/2006 13:52 <REP> Windows Genuine Advantage
23/12/2006 04:20 <REP> .
23/12/2006 04:20 <REP> ..
30/06/2006 04:06 <REP> Microsoft
30/06/2006 04:06 <REP> CyberLink
30/06/2006 04:06 <REP> Apple Computer
30/06/2006 04:06 <REP> Adobe
26/10/2005 05:40 62 desktop.ini
2 fichier(s) 1817 octets
16 R‚p(s) 99553431552 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\Documents and Settings\Default User\Application Data
23/12/2006 04:20 <REP> ..
23/12/2006 04:20 <REP> .
22/12/2006 19:30 <REP> Adobe
22/12/2006 19:30 <REP> Apple Computer
22/12/2006 19:30 <REP> CyberLink
22/12/2006 19:30 <REP> SampleView
30/06/2006 04:06 <REP> Microsoft
30/06/2006 04:06 <REP> Identities
26/10/2005 05:40 62 desktop.ini
1 fichier(s) 62 octets
8 R‚p(s) 99553431552 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\Documents and Settings\Quantin\Application Data
19/05/2007 16:01 <REP> Atari
15/05/2007 17:44 <REP> Microsoft Games
05/05/2007 22:18 <REP> SiteAdvisor
04/05/2007 23:08 <REP> Talkback
06/04/2007 14:52 <REP> Mozilla
06/04/2007 14:45 <REP> SecondLife
20/03/2007 22:32 <REP> Screenshot Sender
06/02/2007 20:59 <REP> OpenOffice.org2
06/02/2007 14:17 <REP> ATI
31/01/2007 01:07 <REP> Help
30/01/2007 23:36 2171 QuickZip45.ini
28/01/2007 15:08 <REP> Reallusion
27/01/2007 23:47 <REP> MessengerSkinner
23/01/2007 22:18 24 fc_location.txt
21/01/2007 21:18 <REP> MSNInstaller
10/01/2007 23:00 <REP> Skype
05/01/2007 22:44 <REP> teamspeak2
31/12/2006 19:58 <REP> Sun
31/12/2006 19:57 <REP> Google
26/12/2006 22:26 <REP> Coalgreatsave
23/12/2006 23:05 <REP> BitTorrent
23/12/2006 16:24 <REP> Macromedia
23/12/2006 11:07 <REP> InstallShield
22/12/2006 19:36 <REP> AdobeUM
22/12/2006 19:32 62 desktop.ini
22/12/2006 19:32 <REP> Adobe
22/12/2006 19:32 <REP> Apple Computer
22/12/2006 19:32 <REP> CyberLink
22/12/2006 19:32 <REP> Identities
22/12/2006 19:32 <REP> Microsoft
22/12/2006 19:32 <REP> SampleView
22/12/2006 19:32 <REP> ..
22/12/2006 19:32 <REP> .
3 fichier(s) 2257 octets
30 R‚p(s) 99553431552 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\Documents and Settings\system
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\WINDOWS\Tasks
27/03/2007 23:51 284 AppleSoftwareUpdate.job
26/02/2007 20:03 272 A90FDD5391845603.job
30/06/2006 04:05 <REP> ..
30/06/2006 04:05 <REP> .
26/10/2005 10:52 6 SA.DAT
26/10/2005 05:33 65 desktop.ini
4 fichier(s) 627 octets
2 R‚p(s) 99ÿ553ÿ427ÿ456 octets libres
******************************************
Listing des dossiers dans C:\Program Files
3DO
Adobe
Adverts
Alwil Software
Antipub
Apple Software Update
Atari
ATI Technologies
AV Vcs 5.5 DIAMOND
Browster
Coalgreatsave
ComPlus Applications
CONEXANT
CyberLink
DaftTV
Diablo II
directx
Fichiers communs
Google
Hercules
Internet Explorer
Internet Radio
InternetGameBox
iPod
iTunes
Java
JCA2000
Lavalys
Messenger
Messenger Plus! Live
MessengerSkinner
microsoft frontpage
Microsoft Games
Movie Maker
Mozilla Firefox
MSN
MSN Gaming Zone
MSN Messenger
NetMeeting
Online Services
OpenOffice.org 2.1
otron.net
Outlook Express
QuickTime
Realtek AC97
Services en ligne
SiteAdvisor
Skype
Spybot - Search & Destroy
Teamspeak2_RC2
TrackMania Nations ESWC
Trust
Valve
VIA
VirtualDJ
Warcraft III
Windows Media Connect 2
Windows Media Player
Windows NT
WinRAR
World of Warcraft
WowCartographe
xerox
******************************************
Recherche des dossiers/fichiers LOP
C:\Program Files\Adverts Présent !
C:\WINDOWS\tasks\A90FDD5391845603.job Présent !
******************************************
Recherche d'infections connues
C:\WINDOWS\System32\Nvs2.inf Egdaccess possible !
******************************************
Vérification du fichier HOSTS
Fichier Hosts : Propre
*************** Fin du Rapport - Version 0.9 ****************
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\Documents and Settings\All Users\Application Data
25/05/2007 18:13 <REP> Spybot - Search & Destroy
17/05/2007 22:55 1755 QTSBandwidthCache
15/05/2007 18:20 <REP> Microsoft Games
05/05/2007 22:18 <REP> McAfee
05/05/2007 22:18 <REP> SiteAdvisor
11/03/2007 02:43 <REP> TEMP
10/01/2007 23:00 <REP> Skype
09/01/2007 23:27 <REP> Messenger Plus!
31/12/2006 19:59 <REP> Google
26/12/2006 22:26 <REP> ErrorSkipHeckSign
23/12/2006 13:52 <REP> Windows Genuine Advantage
23/12/2006 04:20 <REP> .
23/12/2006 04:20 <REP> ..
30/06/2006 04:06 <REP> Microsoft
30/06/2006 04:06 <REP> CyberLink
30/06/2006 04:06 <REP> Apple Computer
30/06/2006 04:06 <REP> Adobe
26/10/2005 05:40 62 desktop.ini
2 fichier(s) 1817 octets
16 R‚p(s) 99553431552 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\Documents and Settings\Default User\Application Data
23/12/2006 04:20 <REP> ..
23/12/2006 04:20 <REP> .
22/12/2006 19:30 <REP> Adobe
22/12/2006 19:30 <REP> Apple Computer
22/12/2006 19:30 <REP> CyberLink
22/12/2006 19:30 <REP> SampleView
30/06/2006 04:06 <REP> Microsoft
30/06/2006 04:06 <REP> Identities
26/10/2005 05:40 62 desktop.ini
1 fichier(s) 62 octets
8 R‚p(s) 99553431552 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\Documents and Settings\Quantin\Application Data
19/05/2007 16:01 <REP> Atari
15/05/2007 17:44 <REP> Microsoft Games
05/05/2007 22:18 <REP> SiteAdvisor
04/05/2007 23:08 <REP> Talkback
06/04/2007 14:52 <REP> Mozilla
06/04/2007 14:45 <REP> SecondLife
20/03/2007 22:32 <REP> Screenshot Sender
06/02/2007 20:59 <REP> OpenOffice.org2
06/02/2007 14:17 <REP> ATI
31/01/2007 01:07 <REP> Help
30/01/2007 23:36 2171 QuickZip45.ini
28/01/2007 15:08 <REP> Reallusion
27/01/2007 23:47 <REP> MessengerSkinner
23/01/2007 22:18 24 fc_location.txt
21/01/2007 21:18 <REP> MSNInstaller
10/01/2007 23:00 <REP> Skype
05/01/2007 22:44 <REP> teamspeak2
31/12/2006 19:58 <REP> Sun
31/12/2006 19:57 <REP> Google
26/12/2006 22:26 <REP> Coalgreatsave
23/12/2006 23:05 <REP> BitTorrent
23/12/2006 16:24 <REP> Macromedia
23/12/2006 11:07 <REP> InstallShield
22/12/2006 19:36 <REP> AdobeUM
22/12/2006 19:32 62 desktop.ini
22/12/2006 19:32 <REP> Adobe
22/12/2006 19:32 <REP> Apple Computer
22/12/2006 19:32 <REP> CyberLink
22/12/2006 19:32 <REP> Identities
22/12/2006 19:32 <REP> Microsoft
22/12/2006 19:32 <REP> SampleView
22/12/2006 19:32 <REP> ..
22/12/2006 19:32 <REP> .
3 fichier(s) 2257 octets
30 R‚p(s) 99553431552 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\Documents and Settings\system
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\WINDOWS\Tasks
27/03/2007 23:51 284 AppleSoftwareUpdate.job
26/02/2007 20:03 272 A90FDD5391845603.job
30/06/2006 04:05 <REP> ..
30/06/2006 04:05 <REP> .
26/10/2005 10:52 6 SA.DAT
26/10/2005 05:33 65 desktop.ini
4 fichier(s) 627 octets
2 R‚p(s) 99ÿ553ÿ427ÿ456 octets libres
******************************************
Listing des dossiers dans C:\Program Files
3DO
Adobe
Adverts
Alwil Software
Antipub
Apple Software Update
Atari
ATI Technologies
AV Vcs 5.5 DIAMOND
Browster
Coalgreatsave
ComPlus Applications
CONEXANT
CyberLink
DaftTV
Diablo II
directx
Fichiers communs
Hercules
Internet Explorer
Internet Radio
InternetGameBox
iPod
iTunes
Java
JCA2000
Lavalys
Messenger
Messenger Plus! Live
MessengerSkinner
microsoft frontpage
Microsoft Games
Movie Maker
Mozilla Firefox
MSN
MSN Gaming Zone
MSN Messenger
NetMeeting
Online Services
OpenOffice.org 2.1
otron.net
Outlook Express
QuickTime
Realtek AC97
Services en ligne
SiteAdvisor
Skype
Spybot - Search & Destroy
Teamspeak2_RC2
TrackMania Nations ESWC
Trust
Valve
VIA
VirtualDJ
Warcraft III
Windows Media Connect 2
Windows Media Player
Windows NT
WinRAR
World of Warcraft
WowCartographe
xerox
******************************************
Recherche des dossiers/fichiers LOP
C:\Program Files\Adverts Présent !
C:\WINDOWS\tasks\A90FDD5391845603.job Présent !
******************************************
Recherche d'infections connues
C:\WINDOWS\System32\Nvs2.inf Egdaccess possible !
******************************************
Vérification du fichier HOSTS
Fichier Hosts : Propre
*************** Fin du Rapport - Version 0.9 ****************
Re,
Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)
Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :
-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse
NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)
Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :
-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse
NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
Rapport fait à 18:28:07,15 le 25/06/2007
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\Documents and Settings\All Users\Application Data
25/05/2007 18:13 <REP> Spybot - Search & Destroy
17/05/2007 22:55 1755 QTSBandwidthCache
15/05/2007 18:20 <REP> Microsoft Games
05/05/2007 22:18 <REP> McAfee
05/05/2007 22:18 <REP> SiteAdvisor
11/03/2007 02:43 <REP> TEMP
10/01/2007 23:00 <REP> Skype
09/01/2007 23:27 <REP> Messenger Plus!
31/12/2006 19:59 <REP> Google
26/12/2006 22:26 <REP> ErrorSkipHeckSign
23/12/2006 13:52 <REP> Windows Genuine Advantage
23/12/2006 04:20 <REP> .
23/12/2006 04:20 <REP> ..
30/06/2006 04:06 <REP> Microsoft
30/06/2006 04:06 <REP> CyberLink
30/06/2006 04:06 <REP> Apple Computer
30/06/2006 04:06 <REP> Adobe
26/10/2005 05:40 62 desktop.ini
2 fichier(s) 1817 octets
16 R‚p(s) 99553431552 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\Documents and Settings\Default User\Application Data
23/12/2006 04:20 <REP> ..
23/12/2006 04:20 <REP> .
22/12/2006 19:30 <REP> Adobe
22/12/2006 19:30 <REP> Apple Computer
22/12/2006 19:30 <REP> CyberLink
22/12/2006 19:30 <REP> SampleView
30/06/2006 04:06 <REP> Microsoft
30/06/2006 04:06 <REP> Identities
26/10/2005 05:40 62 desktop.ini
1 fichier(s) 62 octets
8 R‚p(s) 99553431552 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\Documents and Settings\Quantin\Application Data
19/05/2007 16:01 <REP> Atari
15/05/2007 17:44 <REP> Microsoft Games
05/05/2007 22:18 <REP> SiteAdvisor
04/05/2007 23:08 <REP> Talkback
06/04/2007 14:52 <REP> Mozilla
06/04/2007 14:45 <REP> SecondLife
20/03/2007 22:32 <REP> Screenshot Sender
06/02/2007 20:59 <REP> OpenOffice.org2
06/02/2007 14:17 <REP> ATI
31/01/2007 01:07 <REP> Help
30/01/2007 23:36 2171 QuickZip45.ini
28/01/2007 15:08 <REP> Reallusion
27/01/2007 23:47 <REP> MessengerSkinner
23/01/2007 22:18 24 fc_location.txt
21/01/2007 21:18 <REP> MSNInstaller
10/01/2007 23:00 <REP> Skype
05/01/2007 22:44 <REP> teamspeak2
31/12/2006 19:58 <REP> Sun
31/12/2006 19:57 <REP> Google
26/12/2006 22:26 <REP> Coalgreatsave
23/12/2006 23:05 <REP> BitTorrent
23/12/2006 16:24 <REP> Macromedia
23/12/2006 11:07 <REP> InstallShield
22/12/2006 19:36 <REP> AdobeUM
22/12/2006 19:32 62 desktop.ini
22/12/2006 19:32 <REP> Adobe
22/12/2006 19:32 <REP> Apple Computer
22/12/2006 19:32 <REP> CyberLink
22/12/2006 19:32 <REP> Identities
22/12/2006 19:32 <REP> Microsoft
22/12/2006 19:32 <REP> SampleView
22/12/2006 19:32 <REP> ..
22/12/2006 19:32 <REP> .
3 fichier(s) 2257 octets
30 R‚p(s) 99553431552 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\Documents and Settings\system
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\WINDOWS\Tasks
27/03/2007 23:51 284 AppleSoftwareUpdate.job
26/02/2007 20:03 272 A90FDD5391845603.job
30/06/2006 04:05 <REP> ..
30/06/2006 04:05 <REP> .
26/10/2005 10:52 6 SA.DAT
26/10/2005 05:33 65 desktop.ini
4 fichier(s) 627 octets
2 R‚p(s) 99ÿ553ÿ427ÿ456 octets libres
******************************************
Listing des dossiers dans C:\Program Files
3DO
Adobe
Adverts
Alwil Software
Antipub
Apple Software Update
Atari
ATI Technologies
AV Vcs 5.5 DIAMOND
Browster
Coalgreatsave
ComPlus Applications
CONEXANT
CyberLink
DaftTV
Diablo II
directx
Fichiers communs
Google
Hercules
Internet Explorer
Internet Radio
InternetGameBox
iPod
iTunes
Java
JCA2000
Lavalys
Messenger
Messenger Plus! Live
MessengerSkinner
microsoft frontpage
Microsoft Games
Movie Maker
Mozilla Firefox
MSN
MSN Gaming Zone
MSN Messenger
NetMeeting
Online Services
OpenOffice.org 2.1
otron.net
Outlook Express
QuickTime
Realtek AC97
Services en ligne
SiteAdvisor
Skype
Spybot - Search & Destroy
Teamspeak2_RC2
TrackMania Nations ESWC
Trust
Valve
VIA
VirtualDJ
Warcraft III
Windows Media Connect 2
Windows Media Player
Windows NT
WinRAR
World of Warcraft
WowCartographe
xerox
******************************************
Recherche des dossiers/fichiers LOP
C:\Program Files\Adverts Présent !
C:\WINDOWS\tasks\A90FDD5391845603.job Présent !
******************************************
Recherche d'infections connues
C:\WINDOWS\System32\Nvs2.inf Egdaccess possible !
******************************************
Vérification du fichier HOSTS
Fichier Hosts : Propre
*************** Fin du Rapport - Version 0.9 ****************
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\Documents and Settings\All Users\Application Data
25/05/2007 18:13 <REP> Spybot - Search & Destroy
17/05/2007 22:55 1755 QTSBandwidthCache
15/05/2007 18:20 <REP> Microsoft Games
05/05/2007 22:18 <REP> McAfee
05/05/2007 22:18 <REP> SiteAdvisor
11/03/2007 02:43 <REP> TEMP
10/01/2007 23:00 <REP> Skype
09/01/2007 23:27 <REP> Messenger Plus!
31/12/2006 19:59 <REP> Google
26/12/2006 22:26 <REP> ErrorSkipHeckSign
23/12/2006 13:52 <REP> Windows Genuine Advantage
23/12/2006 04:20 <REP> .
23/12/2006 04:20 <REP> ..
30/06/2006 04:06 <REP> Microsoft
30/06/2006 04:06 <REP> CyberLink
30/06/2006 04:06 <REP> Apple Computer
30/06/2006 04:06 <REP> Adobe
26/10/2005 05:40 62 desktop.ini
2 fichier(s) 1817 octets
16 R‚p(s) 99553431552 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\Documents and Settings\Default User\Application Data
23/12/2006 04:20 <REP> ..
23/12/2006 04:20 <REP> .
22/12/2006 19:30 <REP> Adobe
22/12/2006 19:30 <REP> Apple Computer
22/12/2006 19:30 <REP> CyberLink
22/12/2006 19:30 <REP> SampleView
30/06/2006 04:06 <REP> Microsoft
30/06/2006 04:06 <REP> Identities
26/10/2005 05:40 62 desktop.ini
1 fichier(s) 62 octets
8 R‚p(s) 99553431552 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\Documents and Settings\Quantin\Application Data
19/05/2007 16:01 <REP> Atari
15/05/2007 17:44 <REP> Microsoft Games
05/05/2007 22:18 <REP> SiteAdvisor
04/05/2007 23:08 <REP> Talkback
06/04/2007 14:52 <REP> Mozilla
06/04/2007 14:45 <REP> SecondLife
20/03/2007 22:32 <REP> Screenshot Sender
06/02/2007 20:59 <REP> OpenOffice.org2
06/02/2007 14:17 <REP> ATI
31/01/2007 01:07 <REP> Help
30/01/2007 23:36 2171 QuickZip45.ini
28/01/2007 15:08 <REP> Reallusion
27/01/2007 23:47 <REP> MessengerSkinner
23/01/2007 22:18 24 fc_location.txt
21/01/2007 21:18 <REP> MSNInstaller
10/01/2007 23:00 <REP> Skype
05/01/2007 22:44 <REP> teamspeak2
31/12/2006 19:58 <REP> Sun
31/12/2006 19:57 <REP> Google
26/12/2006 22:26 <REP> Coalgreatsave
23/12/2006 23:05 <REP> BitTorrent
23/12/2006 16:24 <REP> Macromedia
23/12/2006 11:07 <REP> InstallShield
22/12/2006 19:36 <REP> AdobeUM
22/12/2006 19:32 62 desktop.ini
22/12/2006 19:32 <REP> Adobe
22/12/2006 19:32 <REP> Apple Computer
22/12/2006 19:32 <REP> CyberLink
22/12/2006 19:32 <REP> Identities
22/12/2006 19:32 <REP> Microsoft
22/12/2006 19:32 <REP> SampleView
22/12/2006 19:32 <REP> ..
22/12/2006 19:32 <REP> .
3 fichier(s) 2257 octets
30 R‚p(s) 99553431552 octets libres
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\Documents and Settings\system
******************************************
Recherche des taches planifiées dans C:\WINDOWS\tasks
Le volume dans le lecteur C n'a pas de nom.
Le num‚ro de s‚rie du volume est 7C78-46A5
R‚pertoire de C:\WINDOWS\Tasks
27/03/2007 23:51 284 AppleSoftwareUpdate.job
26/02/2007 20:03 272 A90FDD5391845603.job
30/06/2006 04:05 <REP> ..
30/06/2006 04:05 <REP> .
26/10/2005 10:52 6 SA.DAT
26/10/2005 05:33 65 desktop.ini
4 fichier(s) 627 octets
2 R‚p(s) 99ÿ553ÿ427ÿ456 octets libres
******************************************
Listing des dossiers dans C:\Program Files
3DO
Adobe
Adverts
Alwil Software
Antipub
Apple Software Update
Atari
ATI Technologies
AV Vcs 5.5 DIAMOND
Browster
Coalgreatsave
ComPlus Applications
CONEXANT
CyberLink
DaftTV
Diablo II
directx
Fichiers communs
Hercules
Internet Explorer
Internet Radio
InternetGameBox
iPod
iTunes
Java
JCA2000
Lavalys
Messenger
Messenger Plus! Live
MessengerSkinner
microsoft frontpage
Microsoft Games
Movie Maker
Mozilla Firefox
MSN
MSN Gaming Zone
MSN Messenger
NetMeeting
Online Services
OpenOffice.org 2.1
otron.net
Outlook Express
QuickTime
Realtek AC97
Services en ligne
SiteAdvisor
Skype
Spybot - Search & Destroy
Teamspeak2_RC2
TrackMania Nations ESWC
Trust
Valve
VIA
VirtualDJ
Warcraft III
Windows Media Connect 2
Windows Media Player
Windows NT
WinRAR
World of Warcraft
WowCartographe
xerox
******************************************
Recherche des dossiers/fichiers LOP
C:\Program Files\Adverts Présent !
C:\WINDOWS\tasks\A90FDD5391845603.job Présent !
******************************************
Recherche d'infections connues
C:\WINDOWS\System32\Nvs2.inf Egdaccess possible !
******************************************
Vérification du fichier HOSTS
Fichier Hosts : Propre
*************** Fin du Rapport - Version 0.9 ****************
Tu as du mal comprendre ?!
Fais ce qu'il y a sur ce lien :
http://www.infos-du-net.com/forum/269351-11-intenpestiv...
Fais ce qu'il y a sur ce lien :
http://www.infos-du-net.com/forum/269351-11-intenpestiv...
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:27:12, on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\momo\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?0b23295e3ca04d43b2c4210580043c9e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?0b23295e3ca04d43b2c4210580043c9e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
--
End of file - 8548 bytes
Scan saved at 12:27:12, on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\momo\Bureau\HiJackThis_v2.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {3BB63FD4-3C00-44D7-94A9-5DE211900DEF} - (no file)
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?0b23295e3ca04d43b2c4210580043c9e
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?0b23295e3ca04d43b2c4210580043c9e
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr/
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
--
End of file - 8548 bytes
Lassé par la pub ? Créez un compte
- Contenus similaires :
